Configuring Two-Way SSL Authentication

The two-way SSL authentication configuration is only used when the plug-in authenticates the connected Microsoft Dynamics CRM server and the connected Microsoft Dynamics CRM server also authenticates the plug-in.

Procedure
1. On the Microsoft Dynamics CRM on-premise server, generate a keystore file in the PKCS #12 format that contains a valid certification for the client.
   For example,

   Keytool -genkey -v -alias clientkey -keyalg RSA -storetype PKCS12 -keystore file_fullpath

2. Configure SSL information in the Microsoft Dynamics CRM server:
   1. Change the extension of the keystore file from .p12 to .xml, and then upload it to the Web Resources page.
      You can find the Web Resources page by clicking SETTINGS > Customizations > Customize the system > Components.
   2. Specify the certification name and password on the Configuration page of the Dynamics CRM solution.
      See Configurations for Dynamics CRM Solution for more information.
3. Configure the SSL server authentication for the SSL Server Configuration shared resource in TIBCO Business Studio:
   1. Export the client certification, created in step 1, and save it in the .cer format, and then import the .cer file to the Trust Store located in the TIBCO_HOME/tibcojre64/1.8.0/lib/security/cacerts directory.
   2. Select the Enable Mutual Authentication check box in the created SSL Server Configuration shared resource, as described in Configuring One-Way SSL Authentication.
   3. In the Keystore Provider as Trust Store field, click to select a Keystore Provider resource.
      The selected Keystore Provider resource provides access to a trust store. The plug-in accesses the keystore to verify the identity of the connected Microsoft Dynamics CRM server.

      If no Keystore Provider resource is available, click Create Shared Resource to create one. See Creating a Keystore Provider Resource for more details.