Configuring Two-Way SSL

Configuring Two-Way SSL

By default, WebLogic Server is configured to use one-way SSL (the server passes its identity to the client). 

For a more secure SSL connection, use two-way SSL. In a two-way SSL connection, the client verifies the identity and trust of the server and then passes its identity to the server. The server then validates the identity and trust of the client before completing the SSL connection. The server determines whether or not two-way SSL is used.

Before configuring two-way SSL, ensure the Trust key store for the server includes the certificate for the trusted certificate authority that signed the certificate for the client.

To enable two-way SSL:

First Configure one-way SSL then follow the below steps for two-way SSL

• Expand the Servers node.
• Select the name of the server for which you want to configure two-way SSL (for example, exampleserver).
• Select the Configuration-->Keystores and SSL tab.
• Click the Show link under Advanced Options.
• Go to the Server attributes section of the window.
• Set the Two Way Client Cert Behavior attribute. 
• The following options are available:
• Client Certs Not Requested—The default (meaning one-way SSL).
• Client Certs Requested But Not Enforced—Requires a client to present a certificate. If a certificate is not presented, the SSL connection continues.
• Client Certs Requested And Enforced—Requires a client to present a certificate. If a certificate is not presented or if the certificate is not trusted, the SSL connection is terminated.
• Click Apply.

Reboot WebLogic Server.