2 way SSL implementation

Yes. This one self-signed certificate would need to be installed on the client, in the client SSL certificate and key, and Trusted Certificate Authorities section.

So it will look like this one?

So it will look like this one?

That looks about right, but two questions:

1. Why Frequency of always?

    

2. Do you need pass phrase?

    

1. client wants to have authentication set to always
2. nope.can i remove the pass phrase?

Hi Kevin,

not yet, Im currently doing a workplan for our client. I need to simulate this further in the lab. I'll let you know the result once implemented by our client.

Thanks! Ferdz

Hi Kevin,

The testing was successsful in lab using only ip address(https://10.10.10.10) but unsuccessful in production because the VIP in production is redirecting i.e. https://10.10.10.10 to https://10.10.10.10/ordering?WDSL this is the behavior of their application(ESB). it says "the connection is interrupted". Are we missing something on the config?

If you're redirecting to a different URI on the same host, the problem is most likely NOT SSL - if for no other reason than you are actually seeing the layer 7 (HTTP) payload to do the redirect (which wouldn't be possible if SSL was failing). Do you actually see an HTTP redirect at the client? Can you get a more detailed capture and share that?

Sorry for the confusion kevin,actually they are accessing the application using the url https://10.10.10.10/ordering?WDSL.it is working with http but when we use ssl and the config you had suggested,it say "connection interrupted"

Sorry for the confusion kevin,actually they are accessing the application using the url https://10.10.10.10/ordering?WDSL.it is working with http but when we use ssl and the config you had suggested,it say "connection interrupted"