Monday, May 30, 2011

App. Server: Two Way SSL Java EE Servers

Introduction:
This blog describes the main concept of the mutual SSL or two ways SSL between two different java EE servers. Also describes how to implements SSL connection between weblogic  11g (client) and websphere 6.1 (server).

Overview:

The following diagram (fig: 1-1) illustrates the process of mutual SSL between client and server.



Main Thought:

EE servers are responsible to establish the SSL connection based on a configuration in the server to secure a resource or to retrieve a secured resource.

For Example if an application deployed on EE server (A) want to access secure resource (e.g webservice) from another server(B ) the SSL connection will be responsibility of server A and server B to implement two ways SSL as shown in figure 1-1 without changing any of the code of applications deployed in A or B.

Default implementation:

Every java EE server contains two important key stores one for identity and the second for trust.
  1. Identity key store responsible to identify the server by sending its own certificate, its store the private  and the public key (certificate) of the server.
  2. Trust key store responsible for storing the trusted certificates.