One-way and two-way SSL authentication

Configuring communication between an SSL server and client can use one-way or two-way SSL authentication. For example, the SSL client is the computer on which the IBM® Security Identity Manager Server is installed, and the SSL server is the IBM Security Directory Server.

One-way authentication creates a truststore on the client and a keystore on the server. In this example, CA certificate "A" exists in the truststore on the SSL client and also in the keystore on the SSL server.

Figure 1. One-way SSL communication
One-way SSL communication

Two-way authentication creates a truststore and a keystore on both the client and the server. In this example, there is a CA certificate "A" in the truststore and a CA certificate "B" in the keystore on both client and server.

Figure 2. Two-way SSL communication
Two-way SSL communication

For more information about configuring SSL communication between the IBM Security Identity Manager Server and an IBM Security Identity Manager adapter, see the installation and configuration guide for the adapter.