Example embodiments provide for authenticating a device to multiple servers without using delegation or having to have a password stored on the device. Multiple certificates that are typically non-delegable are used to authenticate the device to each server. One certificate is used to authenticate the client with the front-end server and a second certificate is used to authenticate the client against a back-end server. Rather than having both certificates reside with the device, however, the second certificate is originally stored by the client in the back-end. It is then retrieved "on-the-fly" by the front-end upon authentication of the client and used to authenticate itself as the client in order to act on behalf of the client when retrieving data from the back-end server.