Enabling Two-way SSL Authentication in RMS

In two-way SSL authentication, the SSL client application, which in this case is a web browser, verifies the identity of the SSL server application (RMS), and then the SSL server application verifies the identity of the SSL-client application.

Procedure

  1. Follow the steps mentioned in the Enabling One-way SSL Authentication in RMS to enable the SSL server verification, but do not restart RMS server yet.
  2. In Studio Explorer, double-click BRMS > WebStudio > Core > Transports > WS_TR_Secure_WebstudioHTTPConnection.sharedhttp to open it in the resource editor.
  3. In the resource editor, click Configure SSL.
    The SSL Configuration for HTTPS Connections window is displayed.
  4. In the SSL Configuration for HTTPS Connections window, select the Requires Client Authentication checkbox and click OK.
  5. In the BusinessEvents Studio, regenerate the BRMS project EAR file (RMS.ear) and save it at BE_HOME/rms/project/. See TIBCO BusinessEvents Developer's Guide for more details.
  6. Restart the RMS server.
  7. Open your web browser and import the WSClientStore.p12 certificate file in the web browser from the location BE_HOME/rms/config/security/. Refer to your web browser’s help on how to import certificate in it.

Result

To verify, type the URL https://localhost/WebStudio/in the same web browser and press Enter. No port is required as default SSL port is used. The web browser displays a confirmation window to select your SSL client certificate and send it to the SSL server. After that the web browser notifies you about the untrusted certificate from the SSL server.