One-way SSL authentication. A client with truststore but without keystore. If you configure the client for one-way SSL authentication, you establish a much higher level of security than with a non-SSL connection. In one-way authentication, the identity of the Broker Server is authenticated by the client, and must be guaranteed through the Broker Server’s SSL certificate before a connection is made.

Two-way SSL authentication. A client with both keystore and truststore. If you configure the client for two-way SSL authentication so that both the Broker Server and the client connecting to the Broker Server must be SSL authenticated, you can fully implement the Broker security model. You will be able to configure ACLs to protect data and access to Broker administrative functions. With two-way authentication, each client must be associated with a signed digital certificate in order to establish an SSL connection.