You must obtain certificates of your partner applications or resources regardless of whether Integration Server functions as an SSL server or an SSL client.

If your Integration Server will run services that request an SSL protected resources on the Internet, the Integration Server will be acting as an SSL client and will receive certificates from these resources. In order for these transactions to work, your Integration Server must have copies of their public keys and signing CA certificates.

When Integration Server is the SSL server, for one-way and two-way authentication, Integration Server needs the CA certificate that signed the SSL key of the resource or partner acting as the SSL client. This is necessary for the trust verification that occurs during the SSL handshake process. Similarly, Integration Server sends it certificates and the client uses it to perform it's trust validation. For two-way authentication, Integration Server also needs the public key certificate of the client and the certificate must be mapped to a user account on Integration Server.

Refer to Authenticating Clients for information on importing client certificates to Integration Server and setting up client authentication. Note that mapping certificates to users is only necessary when Integration Server is acting as an SSL server and two-way authentication is in enabled.