Reputation: 319
Can we use third party certificates with WSO2 IS for mutual SSL?
When self-signed certificates are used, X509 certificate-based device authentication is working properly in WSO2 IS, but our requirement is to use certificates provided by third-party/in-house certificate authority for this. Is this possible with WSO2 IS?
Upvotes: 0
Views: 286
Answers (1)
Reputation: 142
I think you are referring to Mutual TLS OAuth client authentication.
Right now WSO2 IS, supports client authentication against the registered client certificate in service provider. And, WSO2 Identity Server do validate the certificate chain as well. And it's not just limited to self signed certificates. But, it's required that the client certificate present at the token request to be the certificate registered for that respective service provider configured.
So, you can use still use third party/in house certificates. For that you will have to have the certificate or the root certificate added to the trust store of WSO2 IS (<PRODUCT_HOME>/repository/resources/security/client-truststore.jks) and for the clients that you have registered as service providers, you have to configure the exact client certificate that is to be used by the client, as the certificate of the service provider when configuring.
Upvotes: 2
Related Questions
- SSL Certificate configuration for WSO2 API 3.2
- How to configure a self signed certificate in wso2 Identity server which iOS application can accept
- Mutual SSL in WSO2 API Manager 3.0.0
- Wso2 - Change Resident Identity Provider to use different certificate other than wso2carbon
- WSO2 IS: How to add SSL Certificate
- How to specify SSL certificate for WSO2 Identity Server in Docker?
- COMODO SSL Configuration for WSO2 API and IS Domains
- WSO2 certificate setup for service provider
- WSO2 Identity Server supports service provider initiated SSO in SAML?
- can wso2 identification provide authorization service for third party application