Software AG Products 10.7 | Integrating On-Premises and Cloud Applications | Integration Cloud | Settings | Client Certificate | Executing Integrations using Two-way SSL
 
Executing Integrations using Two-way SSL
Summary
Two-way SSL authentication, also referred to as client or mutual authentication or certificate-based authentication, refers to two parties authenticating each other by verifying the provided digital certificate, so that both the parties are assured of the other's Identity.
Two-way SSL authentication involves the following steps:
1. Client (Postman, SoapUI) requests access to protected resources of server (webMethods Integration Cloud).
2. Server presents its certificate to the client.
3. Client validates the server's certificate.
4. Client sends its certificate to the server.
5. Server verifies the client’s certificate.
6. If successful, the server grants access to the protected resources requested by the client.
In this tutorial, we will create an integration in webMethods Integration Cloud, expose the integration over HTTP (exposing the integration over HTTP allows the integration to be executed from an outside environment), and then execute the integration using two-way SSL authentication by using a REST Client (Postman). You can also use the same technique for SOAP APIs, REST APIs, or any other exposed APIs.
Actors
*Integration developers who develop and expose the integrations over HTTPS in Integration Cloud.
*Integration executors who runs integrations.
Before you begin
*You must have the permissions to create and execute integrations in Integration Cloud under Settings > Access Profiles > Administrative Permissions > Functional Controls > Integrations.
Basic Flow
1. Log in to Integration Cloud.
2. Create an Integration (testApp) in Integration Cloud.
3. On the Integrations page, click the integration link, and on the integration Overview page, select the Enable Integration to be invoked over HTTP option.
4. Click Settings > Client Certificate.
5. Select the User. You can either upload a certificate to the user if there are any available CA-signed certificates, or you can generate and assign a certificate to the user. Click Browse to upload a certificate if you want to use the user's own certificate or click Generate to generate and download the private and public key for the user.
After downloading the file, copy the private key to a file and name it as {privateKeyFileName}.key and the public key to a file and name it as {publicKeyFileName}.crt.
6. Open the Postman REST client and click Settings > Certificates. Then click Add Certificate.
7. The Add Certificate page appears. Now configure the certificate and private key in Postman.
8. As shown in the above figure, specify the Host name and the port number as 8443. Specify the location of the key files, that is, the CRT file (certificate) and the KEY file (private key). Click Add to save the two-way SSL configuration.
9. Open a new tab in Postman and add the request details you have obtained from Integration Cloud. The request details are available after you select the Enable Integration to be invoked over HTTP option.
10. To execute the Integration, configure a POST request in Postman as shown below and click Send. Change the port to 8443 of your service. URL is https://mydomain.webmethodscloud.com:8443/<Your service URL>.
Exceptions
The following errors may occur in the REST Client when there is a certificate mismatch between what is specified in Integration Cloud with what is sent from the REST Client.
*The server could not send a response.
*Self-signed SSL certificates are blocked.
Visual Model