Topic
4 replies Latest Post - ‏2012-09-04T15:16:08Z by F1B3_Hemanth_Kota
F1B3_Hemanth_Kota
F1B3_Hemanth_Kota
3 Posts
ACCEPTED ANSWER

Pinned topic Client Cert Authentication

‏2012-09-04T12:13:53Z |
Hi,

Following is my infrastructure on which I need to build the Client Certificate authentication.

User (Linux Machine) ---> IBM Http Server ---> IBM WESB Server ---> Database

Could someone please let me know between which two system I need to exchange the certificates.

Like,
User (Linux Machine) & IBM Http Server
<or>
User (Linux Machine) & IBM WESB Server

Any help would be highly appreciated.

Thanks & Regards,
Hemanth
Updated on 2012-09-04T15:16:08Z at 2012-09-04T15:16:08Z by F1B3_Hemanth_Kota
  • SystemAdmin
    SystemAdmin
    3908 Posts
    ACCEPTED ANSWER

    Re: Client Cert Authentication

    ‏2012-09-04T12:23:54Z  in response to F1B3_Hemanth_Kota
    > F1B3_Hemanth_Kota wrote:
    > Hi,
    >
    > Following is my infrastructure on which I need to build the Client Certificate authentication.
    >
    > User (Linux Machine) ---> IBM Http Server ---> IBM WESB Server ---> Database
    >
    > Could someone please let me know between which two system I need to exchange the certificates.
    >
    > Like,
    > User (Linux Machine) & IBM Http Server
    > <or>
    > User (Linux Machine) & IBM WESB Server

    User and IHS have to trust eachothers certificate chain.

    If the WESB server wanted to access the client cert and do some further validation of it, it would also have to trust the issuer of the client certificate.
    • F1B3_Hemanth_Kota
      F1B3_Hemanth_Kota
      3 Posts
      ACCEPTED ANSWER

      Re: Client Cert Authentication

      ‏2012-09-04T12:34:26Z  in response to SystemAdmin
      Hi Eric,

      Thank you very much for your quick reply.

      I am having (have generated)the self-signed client certificate. Kindly let me know how can I trust the client certificate at IBM Http Server.
      Many Thanks ,
      Hemanth
      • SystemAdmin
        SystemAdmin
        3908 Posts
        ACCEPTED ANSWER

        Re: Client Cert Authentication

        ‏2012-09-04T13:32:45Z  in response to F1B3_Hemanth_Kota
        > F1B3_Hemanth_Kota wrote:
        > Hi Eric,
        >
        > Thank you very much for your quick reply.
        >
        > I am having (have generated)the self-signed client certificate. Kindly let me know how can I trust the client certificate at IBM Http Server.

        You'll need the client certificate (without the key, just the certificate). You can then "add" it to the *.kdb being used by IHS -- that marks it as trusted. You can either use bin/ikeyman or the commnad line tools (name depends on release bin/gsk7capicmd or bin/gskcapicmd) to do the "add".