--- title: Certificate Mapper description: This is an abstract object type that cannot be instantiated. component: pingds version: 8.1 page_id: pingds:configref:objects-certificate-mapper canonical_url: https://docs.pingidentity.com/pingds/8.1/configref/objects-certificate-mapper.html section_ids: certificate_mappers: Certificate Mappers dependencies: Dependencies certificate_mapper_properties: Certificate Mapper properties basic_properties: Basic properties enabled: enabled issuer-attribute: issuer-attribute java-class: java-class --- # Certificate Mapper *This is an abstract object type that cannot be instantiated.* Certificate Mappers are responsible for establishing a mapping between a client certificate and the entry for the user that corresponds to that certificate. ## Certificate Mappers The following Certificate Mappers are available: * [Fingerprint Certificate Mapper](objects-fingerprint-certificate-mapper.html) * [Subject Attribute To User Attribute Certificate Mapper](objects-subject-attribute-to-user-attribute-certificate-mapper.html) * [Subject DN To User Attribute Certificate Mapper](objects-subject-dn-to-user-attribute-certificate-mapper.html) * [Subject Equals DN Certificate Mapper](objects-subject-equals-dn-certificate-mapper.html) These Certificate Mappers inherit the properties described below. ## Dependencies The following objects depend on Certificate Mappers: * [External SASL Mechanism Handler](objects-external-sasl-mechanism-handler.html) ## Certificate Mapper properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | | ----------------------------------------------------------------------------------- | | [enabled](#enabled) [issuer-attribute](#issuer-attribute) [java-class](#java-class) | ### Basic properties Use the `--advanced` option to access advanced properties. ### enabled | | | | ----------------------- | ---------------------------------------------------- | | *Synopsis* | Indicates whether the Certificate Mapper is enabled. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### issuer-attribute | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | *Synopsis* | Specifies the name or OID of the attribute whose value should exactly match the certificate issuer DN. | | *Description* | Certificate issuer verification should be enabled whenever multiple CAs are trusted in order to prevent impersonation. In particular, it is possible for different CAs to issue certificates having the same subject DN. | | *Default value* | The certificate issuer DN will not be verified. | | *Allowed values* | The name of an attribute type defined in the LDAP schema. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### java-class | | | | ----------------------- | --------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the fully-qualified name of the Java class that provides the Certificate Mapper implementation. | | *Default value* | None | | *Allowed values* | A Java class that extends or implements:- org.opends.server.api.CertificateMapper | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | The object must be disabled and re-enabled for changes to take effect. | | *Advanced* | No | | *Read-only* | No |