Description
Steps to set up Mutual Authentication: Keys
1. Generate a Private key pair at customer side:
keytool -genkey -alias ServiceNow_alias -keyalg RSA -validity 365 -keystore myKeystore.keystore -storepass pass123 -keypass pass123
2. Extract the Public certificate yourPublicCert.cer from above customer's keystore:
keytool -export -alias ServiceNow_alias -keystore myKeystore.keystore -storepass pass123 -file yourPublicCert.cer
3. Convert yourPublicCert.cer to yourPublicCert.pem:
openssl x509 -inform der -in yourPublicCert.cer -out yourPublicCert.pem
Supply above extracted Public Certificate yourPublicCert.pem to 3rd Party so that they can add it to their Trust Store.
Now, Prepare customer's Keystore for Mutual Authentication:
4. Convert 3rd Party's Public Certificate 3rdPublicCert.pem to 3rdPublicCert.cer:
openssl x509 -outform der -in 3rdPublicCert.pem -out 3rdPublicCert.cer
5. Import 3rd Party's Public Certificate 3rdPublicCert.pem into above created Customer's Private key pair Keystore:
keytool -import -alias Puppet -keystore myKeystore.keystore -file 3rdPublicCert.cer
This keystore is now ready to be used for Mutual Authentication.
Advise the customer to get their keystore certified by a CA otherwise it remains self-signed which is not recommended.
Helpful KB for debugging Mutual Authentication: KB0696599
Mutual Authentication Overview: KB0691876