Reputation: 2102
Mutual Auth in Jboss vs WebSphere
I'm working on Jboss 5 and WAS 7. I was able to run my application via Mutual Authentication on Jboss following this doc, https://community.jboss.org/wiki/SSLSetup/
Following the above doc I created server.keystore and server.truststore files that I injected into the Jboss server and everything works fine.
Now, I want to run the same application via Mutual Auth on WAS. On WAS, the trust store and keystore are specified by navigating to
Security > SSL certificate and key management > SSL configurations > New > Key stores and certificates
But there I don't see any type related to .keystore and .truststore.(snap below)
My question - what is the equivalent of .keystore and .truststore that can be used in WAS OR what's the way to set up a Browser based Mutual Authentication on a WAS server. I'm using WAS 7.0.0.21.
Upvotes: 1
Views: 979
Answers (2)
Reputation: 2102
The link helped me setup SSL on WAS. I just had to add a couple of steps to enable it for Browser based Mutual Authentication.
Since, I had to do a POC hence I'm using Self Signed Certificates.
In a ideal scenario Certificates will be signed by a Certificate Authority and the Certificate of Certificate Authority will be imported to the Trust Store of a WAS Server.
Here are the steps,
- Change the password for Default KeyStore and Default TrustStore in WAS
- Create a Client Certificate in WAS
- Create a Server Certificate in WAS
- Export the Client Certificate in PKCS format, e.g. client.p12
- Export the Server Certificate in PKCS format, e.g. server.p12
- Import the Client Certificate to Default TrustStore
- Import the Server Certificate to Default TrustStore
Enable SSL on WAS.
i. Make sure the to select server certificate for both Default server certificate alias and the Default client certificate alias.
ii. In the Quality of protection (QoP) settings, choose Client Authentication as Required.
- Create a Web Container Transport Chain with a new SSL port, e.g. 9444.
- Add the newly created SSL port to the virtual Host.
- Restart the Server.
- Import the Client Certificate created in Step 4 client.p12 to the Browser.
Upvotes: 1
Reputation: 5115
Keystores and truststores are the same format in WebSphere. You choose the file format, but any of those formats can be used for either store.
You then point a configuration at specific files.
Security > SSL certificate and key management > Manage endpoint security configurations
Alternatively, what has been simpler for us is to use the existing default stores WebSphere already has and add our certificates to those.
Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore
Or CellDefaultTrustStore or NodeDefaultKeyStore, etc.
Upvotes: 1
Related Questions
- SSL on JBOSS AS 7
- JBOSS 7 with two contexts. One with SSL Mutual Auth and the other just SSL
- Websphere App Server mutual SSL - obtain CN from client certificate authentication
- jboss ssl certificate
- Websphere Application Login
- Configure SSL between Websphere App Server and Websphere MQ
- Java EE Certificate-Based Mutual Authentication
- JBoss - configuring server.xml Connector
- Secure Login with JSP and Websphere
- j2ee client-auth support in websphere application server 6.1