Configuring Mutual Authentication
You can configure mutual authentication between an HTTP Client resource and an HTTP server.
Procedure
- Create a trust store keystore following the instructions in Creating a Trust Store Keystore with the public root certificate of the HTTP server. You do not need the private key of the HTTP server.
-
Create a trust store Keystore Provider resource template.
- Click the Browse button, select the keystore you created in Step 1, and click Open.
- In the Type drop-down list, select JKS.
- In the Password field, type the keystore password.
- Save the Keystore Provider resource template.
- Create a keystore file that has the certificate containing the private key for the client. You can use the keytool utility to create such a keystore and import the client-side certificate. You can combine the two keystores if you choose to maintain a single keystore file that stores the client identity certificate as well as trusted certificates.
-
Create an identity Keystore Provider resource template.
- Click the Browse button, select the keystore you created in Step 3, and click Open.
- In the Type drop-down list, select JKS.
- In the Password field, type the keystore password.
- Save the Keystore Provider resource template.
-
Create an SSL Client Provider resource template.
- Configure the Keystore Provider as Trust Store field with the trust store Keystore Provider resource template you created.
- Check the Enable Mutual Authentication checkbox.
- Configure the Keystore Provider Having Identity field with a Keystore Provider resource template that you created.
- Save the SSL Client Provider resource template.
- Configure the HTTP Client resource template to reference the SSL Client Provider resource template.
-
Install the HTTP Client resource on a node.
The HTTP Client, SSL Client Provider, and Keystore Provider resource instances referenced by the HTTP Client resource instance are installed on the node.
Copyright © 2022. Cloud Software Group, Inc. All Rights Reserved.