Mutual SSL Authentication

When the client sends a request using HTTPs transport, TIBCO API Exchange Gateway supports the authentication of the client based on the digital certificates. This is known as two-way (mutual) SSL authentication.

Mutual SSL authentication is also referred as client authentication, as with client authentication the client presents its certificate to the server after the server authenticates itself to the client.

TIBCO API Exchange Gateway uses X.509 digital certificates for mutual SSL authentication and to authorize client requests. In this case, authorization of the request is based on the trusted identity in the gateway processing pipeline. The trusted identity is represented by the digital certificate's X.509 subject distinguished name or the certificate's serial number.

TIBCO API Exchange Gateway uses the Apache HTTP server to terminate the incoming HTTP and transports. The actual mutual SSL authentication is handled in the Apache module of the TIBCO API Exchange Gateway. The Apache module authenticates each client request and extracts credentials from the X.509 certificate. The facade layer of the gateway uses those credentials to authorize the request before forwarding it to the Core Engine.

Perform the following high-level steps for mutual SSL authentication.

Copyright © Cloud Software Group, Inc. All rights reserved.