Thursday, November 12, 2015

Two-way SSL in OSB

Steps to Configure Two-way SSL in OSB
    a. Root certificate (.cert file ) and Client certificate (.pfx file) given by Server ( External to OSB)
    b. Import Root certificate (.cert) to Trust Keystore
    c. Configure Trust Keystore on OSB Managed Servers
    d. Import Client Certificate into Client Keystore
    e. Create new PKI Credential Mapping Provider by navigating below location
           Home >Summary of Security Realms >myrealm >Providers -> New
    d. Provide Client keystore details in PKI Provider
    e. Restart Managed and Admin Servers

Steps in OSB Proxy and Business Service
    a. Enable Client Authentication on Business Service    
    b. Create ServiceKeyProvider (.skp file) in Jdeveloper or Eclipse
    c. In Proxy service -> Security Configuration map newly created SKP
    d. Deploy code in OSB Servers

Expected errors
   1. CredentialNotFoundException
            It means missing SKP file on Proxy and Business service
   2. General SSLEngine error
           It means client certificate is not valid, re import valid certificate into Client Keystore
   3. Socket unavailable exception
            Remove Muxer class from Home->OSB Server-> Tuning -> Muxer class
         
 

No comments:

Post a Comment