Notifications

174 views

Steps to set up Mutual Authentication: Keys


 

1. Generate a Private key pair at customer side:

keytool -genkey -alias ServiceNow_alias -keyalg RSA -validity 365 -keystore myKeystore.keystore -storepass pass123 -keypass pass123
 
2. Extract the Public certificate yourPublicCert.cer from above customer's keystore:
keytool -export -alias ServiceNow_alias -keystore myKeystore.keystore -storepass pass123 -file yourPublicCert.cer
 
3. Convert yourPublicCert.cer to yourPublicCert.pem:
openssl x509 -inform der -in yourPublicCert.cer -out yourPublicCert.pem
 
 
Supply above extracted Public Certificate yourPublicCert.pem to 3rd Party so that they can add it to their Trust Store. 
 
Now, Prepare customer's Keystore for Mutual Authentication:
 
 
4. Convert 3rd Party's Public Certificate 3rdPublicCert.pem to 3rdPublicCert.cer:
openssl x509 -outform der -in 3rdPublicCert.pem  -out 3rdPublicCert.cer
 
5. Import 3rd Party's Public Certificate 3rdPublicCert.pem into above created Customer's Private key pair Keystore:
keytool -import -alias Puppet -keystore myKeystore.keystore -file 3rdPublicCert.cer
 
 
This keystore is now ready to be used for Mutual Authentication.
Advise the customer to get their keystore certified by a CA otherwise it remains self-signed which is not recommended.
 
Helpful KB for debugging Mutual Authentication: KB0696599
Mutual Authentication Overview: KB0691876

Article Information

Last Updated:2018-09-12 15:34:38
Published:2018-09-12