Based on what criteria IS authenticates the SSL server?

Hi All,

When IS is going to invoke some other server’s service using HTTPS/FTPS, then certificate of the CA that certified the SSL server’s digital certificate should be present in our IS.

I understand that during SSL transaction, SSL server will send its digital certificate (public key), The client uses this certificate to authenticate the server.

The above two pints are mentioned in the IS admin pdf.

HOW client authenticates?

I understand that we have SSL server’s corresponding CA certificate in our IS.

I guess some information from the digital certificate is compared with its CA certificate that exist in our IS.

Please clarify based on what criteria IS authenticates the SSL server?

Thanks
Devi

It authenticates Based on the root/CA chain (public/private key) from the trusted store during the SSL hand shake:

Are you trying to understand the information behind the scenes? Are you seeing any errors in your SSL certs setup?

HTH,
RMG

Hi RMG,

Yes, I try to know little deeper. I am not getting any error.

If IS is a SSL client, then in IS we should have CA certificate of SSL server.

During the SSL handshake SSL server will send its Digital certificate, that will have the public key, not only public, it is used to have many more information like hostname and etc…

In IS we have its CA certificate, but I dont think that CA cetificate will have SSL servers private key.but parent of the SSL server digital certificate is CA certificate, that we have in our IS, So I am interested to know the exact mechanism of validation.I read few articles about SSL, this kind of SSL server authentication happens only in webMethods(when it is client).

Lets say X and Y going to have HTTPS communication, X is client, Y is server,X initiates the SSL transaction. Y will send the Digital certificate that will have public key. Based on this public key, X encrypt the data & send Y, then Y will decrypt it using the private key. but X will not authenticate Y, it may be but I haven’t read so far.

In IS Admin mannual, it is clearly mentioned that client will authenticate the server then only transaction begins. (ofcourse server can request client certificate for client validation)

Thanks
Devi

You know all the info above and you assumptions are correct for SSL handl shaking and client request certificates to the server for initiating authentication.

What is the error?

HTH

No I am not getting any error

Thanks

What is the issue now?..and your other post related to private key also replied…please check it.

Hi RMG,Today I just opened the IS digital certificate /and CA certificate, and I opened the Details tab, it has so many fields and value.Anyone or some of the fields will be verified during the SSL handshake.Just I would like to know this in detail(which field is exactly compared b/w digital certificate and CA cetr), thats why I started this thread.I am not facing any issue, just I am interested to know.BrDevi

YES algorithms and Thumbprint and serial number and validity plays the key role along with the public/private key validation during the hand shaking process.

HTH
RMG

Hi RMG,

while importing a client certificate, there is drop down for Usage, it has four values, they are SSL Authentication,Verify,encrypt,Verify and encrypt and message authentication. The purpose of these four are not mentioned in the IS Admin pdf.

The client is going to invoke one flow service with XML document in my server.

I have created one HTTPS port and the client authentication as Request.

Now I have to import the client certificate, I would like to know, what usage type I should select.

Thanks
Devi

SSL Authentication you can select.

Also make sure you have the Trusted Certificates from CA authority like (Verisign or Thawte etc…)

Just like the SSL Certificate is used to verify the identity of the server to the client. You can select the right authentication and also the right trusted CA’s like verisign, Comodo etc.

YES try the above options and test it: