Two Way SSL- Client verifies server certificate and server verifies client certificates.
client needs to authenticate to server resources by providing its certificate, it depends on how strong the server requirement is to verify the clients certificate, Here Client verifies server certificate and server verifies client certificates.
Example : WebServer Connecting to WebLogic Server and exchanging certificates for their communication to establish.
Enter keystore password:
Re-enter new password:
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is correct?
Enter key password for <server_cert>
(RETURN if same as keystore password):
Re-enter new password:
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>
Generate Certificate Signing Request
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -certreq -v -alias server_cert -file csr_for_mysite.csr -keystore server_identity.jks
Enter keystore password:
Enter key password for <server_cert>
Certification request stored in file <csr_for_mysite.pem>
Example : WebServer Connecting to WebLogic Server and exchanging certificates for their communication to establish.
How the client and server go through the initial communication when they are setup in 2 Way SSL ?
As above picture is self explanatory, I do not see space to explain the whole process, we will proceed to the practicals directly.
Create the Identity and Trust Key Store for the WebLogic Server.
Identity Key Store is required to define identity of the WebLogic Server, so that clients can use to Trust the server
And Trust Keystore is required to store the Root Certificates of the clients so that it can trust or Identity the incoming requests from the clients.
Create A Server Identity Keystore with your Public Key and Private Key
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -keystore server_identity.jks
As above picture is self explanatory, I do not see space to explain the whole process, we will proceed to the practicals directly.
Create the Identity and Trust Key Store for the WebLogic Server.
Identity Key Store is required to define identity of the WebLogic Server, so that clients can use to Trust the server
And Trust Keystore is required to store the Root Certificates of the clients so that it can trust or Identity the incoming requests from the clients.
Create A Server Identity Keystore with your Public Key and Private Key
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -keystore server_identity.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is correct?
Enter key password for <server_cert>
(RETURN if same as keystore password):
Re-enter new password:
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>
Generate Certificate Signing Request
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -certreq -v -alias server_cert -file csr_for_mysite.csr -keystore server_identity.jks
Enter keystore password:
Enter key password for <server_cert>
Certification request stored in file <csr_for_mysite.pem>
Submit this to your CA
Comments
Post a Comment