Mutual Authentication with Weblogic Server

Mutual authentication is a process in which the Server sends its certificate to the client ( thin client / fat client) and the client validates the certificates, then the server requests for a certificate from the client and validates it.

In this example we have created a .pfx certificate which contains the public and the private keys. We installed the pfx certificate in the browser.




Then we exported the public key and imported it into the trust store of Weblogic Server.

C:bea103wlserver_10.3serverlib>keytool -v -import -keystore DemoTrust.jks -f
ile Fabrizio.cer -alias fabrizio -storepass DemoTrustKeyStorePassPhrase
Owner: CN=Fabrizio
Issuer: CN=Fabrizio
Serial number: 0
Valid from: Fri May 15 20:02:49 IST 2009 until: Mon May 13 20:02:49 IST 2019
Certificate fingerprints:
MD5: 6B:45:89:C2:F0:4A:35:EB:8C:54:06:9F:5C:F1:D4:DB
SHA1: CE:2F:81:25:73:E0:52:77:C2:48:0E:70:FC:52:AE:3E:66:C6:33:9B
Signature algorithm name: MD5withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
[Storing DemoTrust.jks]

Created a user Fabrizio in the Default Authenticator


Configured the DefaultIdentityAsserter to process X509 Tokens

Home >Summary of Security Realms >myrealm >Providers >DefaultIdentityAsserter

Active Types: X.509


Provider Specific
Trusted Client Principals: Fabrizio
Default User Name Mapper Attribute Type: CN
Use Default User Name Mapper : Checked


Enabled SSL Port


Configured the Server to request for Client Certificates.

AdminServer > SSL > Advanced

Hostname Verification: None
Two Way Client Cert Behavior: Client Certs Requested and Enforced


Deployed an application that uses CLIENT-CERT authentication and accessed it. Will cover the details of such an application in another post.

access the protected application

Once we select the appropriate certificate we were able to access the application.

Please let us know if you have any queries related to the configuration or require additional details.

Wonders Team


  1. It seems interesting your post.
    A query?
    What types of certificates to the browser I can import only. Pfx??
    With a webservice would be? Could you post some examples?

  2. Excellent tutorial!
    Could you explain how to generate the certificate to import stage in the browser.
    When do I configure the browser WLS and returns me “internal error ssl” I can not autenticarme will be bad my certificates? please help

    1. Hi Manfredo, you can use openssl to create certificates in .pfx format which u can import in your browser.. check the SSL presentation on the beginners corner..

Comments are closed.