Enable Client Auth (2 Way SSL) From CA Access Gateway to backend server
Article ID: 75632
CA Single Sign On Secure Proxy Server (SiteMinder)AXIOMATICS POLICY SERVERCA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
Most of the SSL Configuration from CA Access Gateway to a backend server are usually One way SSL which means that Client (CA Access Gateway) Request for SSL Communication from the backend server, Backend server passes back its Server certificate where the Access Gateway validates that it is Trusted and SSL is established.
In Some Cases, Backend servers can request a 2 way SSL where CA Access Gateway must also present its certificate to the backend server for the backend server to validate it and make sure it is trusted before SSL communication can be established.
Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus Component:
**** Step 1 --> Navigate to the following location "installation_path/SSL/bin" and use openssl to Generate a Private Key
**** Step 6 --> Go to "installation_path/proxy-engine/conf" and Edit the server.conf to have your Key name and the Encryption password as follows
ClientKeyFile="client2-privateKey-DER.key" --> The path "installation_path/SSL/clientcert/Keys" is hardcoded, you do not need to include the path in the ClientKeyFile. ClientPassPhrase= --> Follow these steps to generate the Encrypted value for the key Encyption passphrase from Step 5:
a) Open the command prompt. b) Navigate to the following location "installation_path/SSL/bin" location Execute the following command:
Windows EncryptUtil.bat <SPSCertificatePrivateKey_Password>