Configure two way TLS communication with Developer Portal

This article is for webMethods Developer Portal 10.11 and 10.15 version. Please skip this article, if you are using Developer portal above 10.15.

Objective

To configure two way TLS with Developer Portal.

By enabling two way TLS, whenever a client ( browser / external server like API Gateway) raises a request to developer portal, the client certificate would be requested by developer portal during the handshake. If the client cerificate validation is not successful, the communication would be blocked for further processing.

Pre-requisite

  • Client Certificate: To configure in the trustore of developer portal

Steps to follow

1. Configure client certificate in the Developer Portal trustore

  1. Stop the server
  2. The trustore file is located at <Instal_Dir>\jvm\jvm\lib\security\cacerts. Import the certificate to this trustore.

2. Enable two way TLS

To enable two way TLS, please follow the below mentioned steps

  1. Open the file - <Install_Dir>\profiles\CTP\configuration\com.softwareag.platform.config.propsloader\com.softwareag.catalina.connector.https.pid-dpo.properties
  2. Set the value for clientAuth to true
  3. Start the server

Validating two way TLS communication

Without client certificate configured to trustore

When the client certificate is not configured to trustore and clientAuth is set to true and trying to access the application in the browser, we will get the below page.

With client certificate configured in trustore and in the browser

When the client certificate is configured in the trustore and in the browser, the browswer prompts to choose the cerificate for identification to the server,

On choosing the required certificate for identification, the application will get loaded in the configured browser,

1 Like