Configuring SSL: Two-Way Authentication
Two-way SSL authentication requires you to configure both server-side authentication and client-side authentication.
To set up this two-way authentication, you need to perform the following steps. You can perform these steps in one of the two ways - either using the keytool (to be run from your
<JAVA_HOME>/bin directory) or by running the commands specified on the OpenSSL documentation website,
http://wiki.openssl.org/index.php/Command_Line_Utilities.
Procedure
- Follow the steps outlined in Configuring SSL: One-Way Authentication.
- Generate the key store and private key for the HttpServer on the TIBCO Enterprise Administrator server and the HttpServer on the Agent.
- Generate a self-signed certificate or obtain a CA-signed certificate for the HttpServer on the TIBCO Enterprise Administrator server and the HttpServer on the Agent.
- Generate the key store and private key for the HttpClient on the TIBCO Enterprise Administrator server and the HttpClient on the Agent.
- Generate a self-signed certificate or obtain a CA-signed certificate for the HttpClient on the TIBCO Enterprise Administrator server and the HttpClient on the Agent.
- Import the Agent HttpServer’s certificate into the trust store used by TIBCO Enterprise Administrator server’s HttpClient.
- Import the TIBCO Enterprise Administrator server’s HttpServer’s certificate into the Agent’s HttpClients’ trust store.
- For the web browser (from where you will be accessing the TIBCO Enterprise Administrator UI): Generate a PKCS #12 format certificate which will include a private key for the browser and a public key and the browser’s certificate.
- Import the certificate from the above step into the web browser's trust store. Refer to the browser's documentation for details on importing the certificate into the browser.
Copyright © Cloud Software Group, Inc. All Rights Reserved.