Web Services Security

I love to shareShare on FacebookShare on LinkedInShare on Google+Tweet about this on TwitterEmail this to someonePrint this page

SSL authentication and Mutual SSL authentication are widely used authentication mechanism for web services security.

SSL authentication and Mutual SSL authentication are also known as 1-way SSL authentication and 2-way SSL authentication as in SSL authentication only server verifies client’s certificate but in Mutual SSL authentication both client and server verify each others certificates.

Following steps explain how one can configure both types of authentication mechanism:

Steps to configure SSL (Web Services Security) authentication

One Way

  1. Server asks client to generate CSR.
  2. Client generates CSR and gives to Server.
  3. Server generates a certificate and gives to Client. This certificate can be a self-signed certificate or a certificate taken from a valid authority like Verisign.
  4. Server also stores this certificate and it’s CA certificate in his trusted store.
  5. Client generates private key on this certificate. As the CSR was generated from client’s machine, only client can generate a private key on this certificate.
  6. Client passes this certificate for all the API calls to server.
  7. Server receives client request with certificate attached.
  8. Server matches attached certificate with their trusted store and authorize the call.

Another Way

  1. Client issues his certificate with CA certificate to server.
  2. Client has the same certificate with them with private key.
    Note: client should never share his certificate with private key.
  3. Server stores certificate and CA certificate in his trusted store.
  4. Client passes his certificate with Private key for all the API calls to server.
  5. Server receives client request with certificate attached.
  6. Server matches attached certificate with their trusted store and authorize the call.

Steps to configure SSL Mutual authentication

  1. Client gives his certificate and CA certificate to server.
  2. Server stores client’s Certificate and CA Certificate in his trusted store.
  3. Server gives his certificate and CA certificate to client.
  4. Client stores Server’s Certificate and CA Certificate in his trusted store. Both client and server exchange each others certificates.
  5. While making an object of the call, client receives server’s certificate.
  6. Client matches this certificate with the certificate server gave them and if this is matched, client makes the call.
  7. While making the call client passes the Certificate with private key. Note: client should never share his certificate with private key.
  8. Server receives this certificate and matches with his trusted store.
  9. If certificate is matched, server authorizes the call.
WebX Design Studio
Follow me

WebX Design Studio

Creative Designer at WebX Design Studio
I am a freelance creative designer. I have 8+ years of experience in Logo Design, Web Design and Development...
WebX Design Studio
Follow me

Latest posts by WebX Design Studio (see all)

I love to shareShare on FacebookShare on LinkedInShare on Google+Tweet about this on TwitterEmail this to someonePrint this page
1 Likes
1079 Views

You may also like

Leave A Comment

Please enter your name. Please enter an valid email address. Please enter message.