Client Certificate
Secure Sockets Layer (SSL) is a means of securing communications over a network so that only the sender and receiver have access to the sensitive data.
In a one-way SSL connection, an anonymous client authenticates the credentials of a server in preparation for setting up a secure transaction. In most cases, the server knows nothing about the client's identity because verification of its credentials is not required. When desired, the client can be authenticated using basic authentication by providing a username and password. This type of authentication typifies connections where a browser establishes a connection to a server to perform a secure transaction, for example, viewing a savings account, or buying items with a credit card. The client must authenticate the server's credentials before initiating the transaction, but it is not necessary for the server to authenticate and keep a record of every possible client (browser). This type of connection is typically one where a partner application or resource needs to verify the authenticity of the server without itself needing to be authenticated.
Two-way SSL authentication refers to two parties authenticating each other by verifying the provided digital certificate so that both parties are assured of the others' identity. It refers to a client (web browser or client application) authenticating itself to a server and the server authenticating itself to the client by verifying the public key certificate or digital certificate issued by the Certificate Authorities (CAs).
Integration Cloud supports two-way SSL for inbound connections. The request for an SSL connection originates from a client. During the SSL handshake process, the entity acting as the SSL server responds to the request for a connection by presenting its SSL credentials (an X.509 certificate) to the requesting client. If those credentials are authenticated by the client, either:
An SSL connection is established and information can be exchanged between the client and server.
- or -
The next phase of the authentication process occurs, and the server requests the SSL credentials of the client. If the server verifies those credentials, that is, the client's
identity, an SSL connection is established and information exchange takes place.
Note: When a client or partner application submits a request to Integration Cloud using HTTPS on port 8443, and a two-way SSL connection is established, the client acts as the SSL client and Integration Cloud acts as the SSL server.
The following table provides a high-level roadmap for configuring SSL.
Task | Activities | Notes |
Create keys and certificates | Generate a public key/private key pair. Generate a certificate signing request (CSR) and send it to the certificate authority (CA) for signing. Receive validated certificate from the CA. | Two-way SSL connection requires a valid client certificate. |
Upload client certificate or generate a certificate | Upload the CA signed client certificate for the user in the Client Certificate page or generate a private key and a new Integration Cloud signed client certificate. | Required for two-way SSL connections. |
Connect to Integration Cloud using the client certificate. | Configure the REST client with the private key and certificate. Optionally you can also pass the basic authentication credentials. | Integration Cloud support two-way SSL on port 8443. |
Users who have the
User Management permission under
Settings > Access Profiles > Administrative Permissions > User and Ownership Controls can generate or edit any client certificate. Users who have the
Manage Personal Setup permission under
Settings > Access Profiles > Administrative Permissions > User and Ownership Controls can generate or edit the user's own certificate.
See
Adding Client Certificates for information on how to add client certificates.
Related Topics