Sunday, February 9, 2014

Mutual SSL with WSO2 Enterprise Service Bus

Lets try to simply understand what is this Mutual SSL

I hope the following diagram will draw a good image in your brain to understand this

-------------------------------------------------------------------------------------------------------


Okay, lets see what happens in each step of the SSL handshake :-

(1) Client says hello and request for the Server certificate
(2) Server says hello with the certificate

That is the first handshake that happens , but when you enable mutual SSL there is a another handshake happens.

(3) Server says hello with requesting for the client certificate
(4) Client says hello back with the certificate

ONCE BOTH THE PARTIES TRUST EACH OTHER THEY ESTABLISH THE CONNECTION FOR FURTHER ACTIONS BETWEEN CLIENT AND THE SERVER.

Now lets look at what requirements should be completed into order for this to happen :)


(1) Client trust store should have the CA certificate / server certificate - signed by CA of the server - 

FOR THE CLIENT TO TRUST THE SERVER

(2) Server trust store should contain the CA certificate / client certificate - signed by CA of the client - 

FOR SERVER TO TRUST THE CLIENT

(3) The Certificate Authority who have signed the certificate should be trusted by both the parties


Now that you have an understanding of what is mutual SSL and what are the requirements needed, please have a look at the following important blog post by Asela in order to how to check the mutual SSL capability of the WSO2 ESB with an example java client :-

Enable Mutual SSL for Proxy services in WSO2ESB - I

Mutual SSL also called as two way SSL :)

THANKS !

No comments:

Post a Comment