We are implementing SSL configuration on Integration server.As part of this implementation,we have followed the below steps:
1)Generated self-sign certs (Private key+ public certificate in p12 for keystore,public key in jks for truststore)
2)Configured the keystore and truststore generated from the 1st step on the Integration server
3)Configured the port settings with the client authentication mechanism as a “require client cert” and enablenabled the port with allow by default.Attached port settings.
4)Before we go on a actual implementation,we wanted to test keeping browser(I.E) as a client.So we imported the public key in browser.
5)Now after all the above configuration we are trying hit the Integration server URL using the browser but we are unable to access the Integration server GUI.We are seeing the error in the screen shot as attached.
Could you please help us to resolve this issue?I can share you the steps we generated self-sign if required.
Here my Browser is acting as a client so in this case which certificates u want me to configure under security in the Integration server.I have imported the Integration server public certificate in the browser for accessing IS port.So do you want me to configure the same public certificate for IS under Security → Certificates as SSL certificates.(which is nothing but adding the public certificate of the Integration server itself).Please confirm this approach.
And also our requirement is to implement authentication mechanism as “Require client certificate” and not username/password.
I am going to implement the above said approach and get back to you.Thanks a lot for your support.
After doing the below configuration, i am able to access the IS GUI having port configured with “required client cert”
1)Imported the key pair in the browser
2)Configured the certificates under security as suggested by Holder (Imported the leaf certificate of the above key pair with Administrator user assigned)
But i have not generated the key pair separately for my browser configuration,instead i used the key pair(p12 cert) generated for IS.
After the above configuration,I am able to access the IS GUI.Thanks guys for your inputs.
I am end up with one more query after the above setup.
Scenario: Let say,i have 2 IS (IS1 as a client,IS2 as a server).Both IS1 and IS2 are configured with the separate keystore and truststore configrations.So now,IS1 is doing webservice call to IS2 (port is SSL configured).In this case just configuring the IS1 leaf certificate at IS2 is fair enough to have this communication?In addition to this, do i need to import the the IS2 leaf certificate in the truststore of IS1?