webMethods.io B2B authenticating inbound transaction using 2-way SSL

Introduction

This article explains how the inbound transaction can be authenticated using 2 way SSL mechanism.

Audience

It is assumed that readers of this article know how to setup B2B enterprise profile and partner on webMethods.io B2B platform.

Prerequisites

  • Set up B2B enterprise profile, partner profile, Business Document
  • Working inbound transaction in B2B platform.

Topics Covered

  • What is 2-way SSL?
  • Generating certificates for 2-way SSL
  • Configure the certificates at partner profile
  • Invoking the transaction using postman client

Use Case:

  • We will implement the 2-way SSL authentication mechanism for inbound transaction.
  • When the request is submitted by client along with certificates, request will get authenticated with public certificate available on partner profile.
  • Post authentication request can be seen on monitor tab.

image

What is 2 way SSL authentication?

  • In two-way SSL authentication, the client application verifies the identity of the server application, and then the server application verifies the identity of the client application. Both parties share their public certificates, and then validation is performed. Two-way SSL authentication works with a mutual handshake by exchanging the certificates.

image

Generate the 2-way SSL certificates

  • Navigate to the partner profile for which you want to implement the inbound transaction.
  • In our case it will be Reliance partner
  • Navigate to the certificate tab
  • Click on Add partner certificate → 2 way SSL/TLS

image

  • We can either generate the certificate or upload the certificate.

image

Configure the certificates at partner profile

Case1: Upload the certificate

  • In case of upload, provide the certificate in .der.cer format
  • Provide the common name for the certificate and then click on save

image

Case2 : Generate the certificate

  • Select the generate option
  • You will notice the mandatory field like common name is auto populated.
  • Click on save
  • Once you click on save the pfx file get downloaded which contains the public key and private key.
  • Please note once the file is downloaded, certificate private key won’t be available on the portal.
  • You can download the public key as many as times as you want but Incase if the private key is misplaced, we need to again generate the certificates.

image

image

Endpoints for 2-way SSL

  • In B2B to have connectivity using 2 way SSL request needs to be hit on specific port.
  • B2B product exposes the 8443 port and this port is responsible for handling all the 2-way SSL request
    For example

Inbound URL :
https://tenanatName.int-aws-us.webmethods.io/b2b/routes/channel/

Inbound URL for 2 way SSL:

https://tenanatName.int-aws-us.webmethods.io:8443/b2b/routes/channel/

Invoking the transaction using postman client

  • Navigate to the postman client

  • Click on settings–> Certificates

  • Provide the hostname: .int-aws-us.webMethods.io

  • Port: 8443

  • Either provide the certificate and key or provide the pfx file

  • Provide the password, in our case by default certificate generated from B2B have password “changeit

  • In our case we will provide the .pfx file which we generated from B2B portal

  • Click Add
    image

  • Provide the username and password under the basic authentication.

  • Trigger the request.

Note: Even though we are using 2 way ssl certificate for authentication but we still need to pass the credentials for authentication to happen at channel level.

image

image