This article is for webMethods Developer Portal 10.11 and 10.15 version. Please skip this article, if you are using Developer portal above 10.15.
Objective
To configure two way TLS with Developer Portal.
By enabling two way TLS, whenever a client ( browser / external server like API Gateway) raises a request to developer portal, the client certificate would be requested by developer portal during the handshake. If the client cerificate validation is not successful, the communication would be blocked for further processing.
Pre-requisite
- Client Certificate: To configure in the trustore of developer portal
Steps to follow
1. Configure client certificate in the Developer Portal trustore
- Stop the server
- The trustore file is located at <Instal_Dir>\jvm\jvm\lib\security\cacerts. Import the certificate to this trustore.
2. Enable two way TLS
To enable two way TLS, please follow the below mentioned steps
- Open the file - <Install_Dir>\profiles\CTP\configuration\com.softwareag.platform.config.propsloader\com.softwareag.catalina.connector.https.pid-dpo.properties
- Set the value for
clientAuth
totrue
- Start the server
Validating two way TLS communication
Without client certificate configured to trustore
When the client certificate is not configured to trustore and clientAuth is set to true and trying to access the application in the browser, we will get the below page.
With client certificate configured in trustore and in the browser
When the client certificate is configured in the trustore and in the browser, the browswer prompts to choose the cerificate for identification to the server,
On choosing the required certificate for identification, the application will get loaded in the configured browser,