Mutual authentication is a process in which the Server sends its certificate to the client ( thin client / fat client) and the client validates the certificates, then the server requests for a certificate from the client and validates it.
In this example we have created a .pfx certificate which contains the public and the private keys. We installed the pfx certificate in the browser.
Then we exported the public key and imported it into the trust store of Weblogic Server.
C:\bea103\wlserver_10.3\server\lib>keytool -v -import -keystore DemoTrust.jks -f
ile Fabrizio.cer -alias fabrizio -storepass DemoTrustKeyStorePassPhrase
Serial number: 0
Valid from: Fri May 15 20:02:49 IST 2009 until: Mon May 13 20:02:49 IST 2019
Signature algorithm name: MD5withRSA
Trust this certificate? [no]: yes
Certificate was added to keystore
Created a user Fabrizio in the Default Authenticator
Configured the DefaultIdentityAsserter to process X509 Tokens
Home >Summary of Security Realms >myrealm >Providers >DefaultIdentityAsserter
Active Types: X.509
Trusted Client Principals: Fabrizio
Default User Name Mapper Attribute Type: CN
Use Default User Name Mapper : Checked
Enabled SSL Port
Configured the Server to request for Client Certificates.
AdminServer > SSL > Advanced
Hostname Verification: None
Two Way Client Cert Behavior: Client Certs Requested and Enforced
Deployed an application that uses CLIENT-CERT authentication and accessed it. Will cover the details of such an application in another post.
Once we select the appropriate certificate we were able to access the application.
Please let us know if you have any queries related to the configuration or require additional details.