Forum Discussion
Nimbostratus2 Way SSL implementation
EmployeeTwo-way, or "mutually authenticated" SSL generally means using server AND client certificates. Your client SSL profile has two sections:
-
For regular server SSL, you apply an server certificate and private key at top of the configuration. This is the certificate that the server sends to the client during the SSL handshake.
-
For client certificate authentication, there's a section near the bottom called "Client Authentication". There are at two settings that are important here:
- Client Certificate: set this to request or require
- Trusted Certificate Authorities: this is a single CA certificate or bundle (text) file of all of the CA certificates that may be needed to validate a complete trust path with the client's certificate. In v10 I think this option is near the top of the page, but it should actually be in the Client Authentication section.
With these 4 things applied (server cert, server key, client certificate set to request/require, and a trusted certificate authority certificate/bundle), you should be able to perform two-way SSL. The client initiates the SSL handshake, the server sends its certificate for the client to validate, the server requests the client's certificate, and the client passes its cert to the server for it to validate. What you do with the client cert after that is perhaps a different topic.
