Topic
  • 3 replies
  • Latest Post - ‏2016-05-09T06:28:15Z by VanOppensTom
Jaango
Jaango
267 Posts

Pinned topic mutual authentication

‏2013-05-16T14:04:02Z |

I have to do mutual ssl shake, with another provider using datapower


1)Which ssl proxy should be created(will it be forward,reverse or two-way). Why I am asking because all the three have identification and validation credentials, which can be configured

3) How do i tell the proxy profile, always it should be two way authentication happen, no handshake should be optional.


This ssl handshake should be done both to the client and provider(for datapower)

 

  • kenhygh
    kenhygh
    2017 Posts

    Re: mutual authentication

    ‏2013-05-16T14:29:44Z  

    OK, so here's the deal with SSL Proxy Profiles

    Forward: DataPower will be acting as a client to a backend provider. When configured with an IDCred, DataPower will send the configured cert as its credentials, in addition to doing the handshake using the configured private key. When configured with a ValCred, DataPower will match the backend-supplied certificate against the cert configured.

    Reverse: DataPower acts as the server for clients to connect to. When configured with an IDCred, DataPower will use the configured cert and private key for the SSL handshake. When configured with a ValCred, DataPower will compare the configured cert against the cert provided by the client.

    Both: DataPower will act as *both* client and server to the configured endpoints/callers. This is very very rare.

    If you configure both an IDCred and a ValCred on a proxy profile, two-way authentication will always happen. Any mismatch will throw an error.

    HTH

  • padolevaibhav
    padolevaibhav
    3 Posts

    Re: mutual authentication

    ‏2016-05-09T06:18:58Z  

    Hi Jaango,

    SSL configurations in datapower are bit tricky and confusing , specially the case of mutual authentication. What kenhygh has mention is correct.

     

    See the below link to understand more about mutual authentication. This is quite good stuff.

    http://integrationyay.blogspot.in/2014/04/datapower-how-to-configure-ssl-mutual.html

  • VanOppensTom
    VanOppensTom
    57 Posts

    Re: mutual authentication

    ‏2016-05-09T06:28:15Z  

    Hi Jaango,

    SSL configurations in datapower are bit tricky and confusing , specially the case of mutual authentication. What kenhygh has mention is correct.

     

    See the below link to understand more about mutual authentication. This is quite good stuff.

    http://integrationyay.blogspot.in/2014/04/datapower-how-to-configure-ssl-mutual.html

    Why would revive this old post.