Properties For Mutual SSL Authentication (isAnonymous = false)

Mutual (two way) SSL authentication properties for a target operation.

Subject Identity Provider (SIP) properties are used if the Is Anonymous flag is set to false for any service. API Exchange Gateway supports the mutual SSL authentication to access the service.

Note: These properties can be found in the SslMutual.properties file of the ASG_CONFIG_HOME\default\security\resource directory.

Use Case

Using service when client authentication (mutual SSL authentication) required.

Example Properties

See the following properties:

#FOR TARGET SERVICE's PUBLIC CERT(s)
com.tibco.trinity.runtime.core.provider.identity.trust.enableTrustStoreAccess=true
com.tibco.trinity.runtime.core.provider.identity.trust.trustStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
#-----------------
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreLocation=security/keystore/default_truststore.jks
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStorePassword=password
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreType=JKS
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreRefreshInterval=60000


#FOR ASG's PRIVATE KEY & CERT(s)
com.tibco.trinity.runtime.core.provider.identity.subject.identityStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.subject.trustStoreServiceProvider=class:com.tibco.trinity.runtime.core.provider.credential.keystore
com.tibco.trinity.runtime.core.provider.identity.subject.enableCredentialStoreAccess=true
com.tibco.trinity.runtime.core.provider.identity.subject.enableTrustStoreAccess=true
#-------------------------
com.tibco.trinity.runtime.core.provider.credential.keystore.credentialstore.keyStoreLocation=security/keystore/meraasg.p12
com.tibco.trinity.runtime.core.provider.credential.keystore.credentialstore.keyStorePassword=password
com.tibco.trinity.runtime.core.provider.credential.keystore.credentialstore.keyStoreType=PKCS12
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreRefreshInterval=60000

com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias=meraasg
com.tibco.trinity.runtime.core.provider.identity.subject.keyPassword=password

#WRONG-IDENTITY-but Valid File and Alias
com.tibco.trinity.runtime.core.provider.credential.keystore.credentialstore.keyStoreLocation=C:/VVK/certs/user3.p12
com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias=1user

Properties

This table explains the properties for mutual SSL authentication (client authentication) for a service.

Mutual Authentication SSL Properties for service
Property	Description
com.tibco.trinity.runtime.core.provider.identity.subject.identityStoreServiceProvider
	Specifies that subject service provider uses keystores for credentials. By default, this is configured to use internal implementation and should not be changed. It is configured as follows: `class:com.tibco.trinity.runtime.core.provider.credential.keystore`
com.tibco.trinity.runtime.core.provider.identity.subject.trustStoreServiceProvider
	Specifies that identity store service provider uses keystores for credentials. By default, this is configured to use internal implementation and should not be changed. It is configured as follows: `class:com.tibco.trinity.runtime.core.provider.credential.keystore`
com.tibco.trinity.runtime.core.provider.identity.subject.keyAlias
	Specifies an alias name for the key corresponding to the private credentials in the credential store for establishing the subject's identity.
com.tibco.trinity.runtime.core.provider.identity.subject.keyPassword
	Specifies the protection parameter of the private credentials in the credential store for establishing the subject's identity.
com.tibco.trinity.runtime.core.provider.identity.subject.enableCredentialStoreAccess
	By default, this is configured to use internal implementation and should not be changed.
com.tibco.trinity.runtime.core.provider.identity.subject.enableTrustStoreAccess
	By default, this is configured to use internal implementation and should not be changed.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreLocation
	Specifies the location of the keystore of the private credentials.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStorePassword
	Specifies the password to unlock the keystore.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreType
	Specifies the keystore type of the private credentials.
com.tibco.trinity.runtime.core.provider.credential.keystore.keyStoreRefreshInterval
	Specifies the refresh interval in milliseconds.
com.tibco.trinity.runtime.core.provider.identity.trust.trustStoreServiceProvider
	By default, this is configured to use internal implementation and should not be changed.
com.tibco.trinity.runtime.core.provider.identity.trust.enableTrustStoreAccess
	By default, this is configured to use internal implementation and should not be changed.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreType
	Specifies the keystore type. Supported formats are JKS,PKCS12.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreRefreshInterval
	Specifies the refresh interval (milliseconds).
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreLocation
	Specifies the location of the keystore.
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStorePassword
	Specifies the password to unlock the keystore.

Did you find this helpful?

Yes No