Mutual authentication is a process in which the Server sends its certificate to the client ( thin client / fat client) and the client validates the certificates, then the server requests for a certificate from the client and validates it.
In this example we have created a .pfx certificate which contains the public and the private keys. We installed the pfx certificate in the browser.
Then we exported the public key and imported it into the trust store of Weblogic Server.
C:bea103wlserver_10.3serverlib>keytool -v -import -keystore DemoTrust.jks -f
ile Fabrizio.cer -alias fabrizio -storepass DemoTrustKeyStorePassPhrase
Owner: CN=Fabrizio
Issuer: CN=Fabrizio
Serial number: 0
Valid from: Fri May 15 20:02:49 IST 2009 until: Mon May 13 20:02:49 IST 2019
Certificate fingerprints:
MD5: 6B:45:89:C2:F0:4A:35:EB:8C:54:06:9F:5C:F1:D4:DB
SHA1: CE:2F:81:25:73:E0:52:77:C2:48:0E:70:FC:52:AE:3E:66:C6:33:9B
Signature algorithm name: MD5withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
[Storing DemoTrust.jks]
Created a user Fabrizio in the Default Authenticator
Configured the DefaultIdentityAsserter to process X509 Tokens
Home >Summary of Security Realms >myrealm >Providers >DefaultIdentityAsserter
Common
Active Types: X.509
Provider Specific
Trusted Client Principals: Fabrizio
Default User Name Mapper Attribute Type: CN
Use Default User Name Mapper : Checked
Enabled SSL Port
Configured the Server to request for Client Certificates.
AdminServer > SSL > Advanced
Hostname Verification: None
Two Way Client Cert Behavior: Client Certs Requested and Enforced
Deployed an application that uses CLIENT-CERT authentication and accessed it. Will cover the details of such an application in another post.
Once we select the appropriate certificate we were able to access the application.
Please let us know if you have any queries related to the configuration or require additional details.
Cheers!
Wonders Team
It seems interesting your post.
A query?
What types of certificates to the browser I can import only. Pfx??
With a webservice would be? Could you post some examples?
sure, will try to post 2 way ssl for a webservice.
.pfx has public and private key.. other formats have only public key.. for mutual auth with browser u need public and private..
you can read more abt X509 certs here
http://en.wikipedia.org/wiki/X.509
Excellent tutorial!
Could you explain how to generate the certificate to import stage in the browser.
When do I configure the browser WLS and returns me “internal error ssl” I can not autenticarme will be bad my certificates? please help
Hi Manfredo, you can use openssl to create certificates in .pfx format which u can import in your browser.. check the SSL presentation on the beginners corner..
Thanks,
Faisal