For additional security some web services required Client Certificate Authentication.
You will need the following files:
1) A Public / Private key pair to be used for the authentication. We support the PEM key format. If you are working with DER keys there are number of tools to convert them to PEM. The client needs to create this pair, and your Web Service provider will be able to provide instructions on how to create the Key pair you will need.
2) A certificate file that includes the user public key. This process is usually managed by the service provider.
The private key and certificate need to be separate files. If you have a combined certificate and key file you will need to separate them out.
To establish a connection using Client Certificate Authentication.
To make connections to a Web Service that requires Client Certificate Authentication you will need to set the following preferences. For details on these functions see the chapter on Setting Preferences.
{wsdl/domain:}client_certificate=certificate path
{wsdl/domain:}client_key=key file path
{wsdl/domain:}client_key_password=key file password
Depending on how you created your Key you may not need a password.
Behind the scenes, the Web Service Plugin handle the following for you when making a request:
- The client sends the user certificate (which includes the user's public key) to the server.
- The server uses the CA certificate to check that the user's certificate is valid.
- The server uses the user certificate to check from its mapping file(s) whether login is allowed or not.
- Finally, if connection is allowed, the server makes sure that the user has a valid private key by using a challenge.
Web Services
Comments