Setting Two-Way SSL Communication
Integration Server supports two-way SSL communication between the on-premise Integration Server and webMethods Cloud. Integration Server, by default, supports one-way SSL communication in which the on-premise Integration Server acts as a client and validates the certificate issued by webMethods Cloud that acts as a server.
In two-way SSL communication, both the on-premise Integration Server and webMethods Cloud validate each other’s certificate using private keys. If you want more secure communication between two business applications, you can set up two-way SSL communication.
Before you set up a two-way SSL communication, you need to download the webMethods Cloud signed certificate and generate a keystore file. Then, use the keystore file to generate a keystore alias on the on-premise Integration Server. When you set up a connection to webMethods Cloud, you need to use these keystore details so that webMethods Cloud can validate the identity of Integration Server.
Here are the high-level steps to set up two-way SSL communication:
Generating a keystore alias using the
webMethods Cloud certificate
1. Go to the webMethods Cloud Certificates page and download the webMethods signed certificate file in JKS or p12 format, which contains the private key and the certificate. You can also upload your own CA signed certificate. Integration Server does not support self signed certificates.
Note:
You can either directly generate the JKS file or use JKS tools or utilities to generate the JKS file.
2. Add the JKS file in the Security > Keystore page in Integration Server Administrator and specify the keystore properties in the Security > Keystore > Create Keystore Alias page.
For detailed information on how two-way SSL communication works, see the documentation of the respective webMethods Cloud products.