• 1 reply
  • Latest Post - ‏2013-05-16T14:29:44Z by kenhygh
267 Posts

Pinned topic mutual authentication

‏2013-05-16T14:04:02Z |

I have to do mutual ssl shake, with another provider using datapower

1)Which ssl proxy should be created(will it be forward,reverse or two-way). Why I am asking because all the three have identification and validation credentials, which can be configured

3) How do i tell the proxy profile, always it should be two way authentication happen, no handshake should be optional.

This ssl handshake should be done both to the client and provider(for datapower)


  • kenhygh
    1523 Posts

    Re: mutual authentication


    OK, so here's the deal with SSL Proxy Profiles

    Forward: DataPower will be acting as a client to a backend provider. When configured with an IDCred, DataPower will send the configured cert as its credentials, in addition to doing the handshake using the configured private key. When configured with a ValCred, DataPower will match the backend-supplied certificate against the cert configured.

    Reverse: DataPower acts as the server for clients to connect to. When configured with an IDCred, DataPower will use the configured cert and private key for the SSL handshake. When configured with a ValCred, DataPower will compare the configured cert against the cert provided by the client.

    Both: DataPower will act as *both* client and server to the configured endpoints/callers. This is very very rare.

    If you configure both an IDCred and a ValCred on a proxy profile, two-way authentication will always happen. Any mismatch will throw an error.