Verifying mutual SSL authentication.
Article ID: KB0085200
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
To verify server authentication, set the following in routes.conf or the client application.
1). Enable ssl_verify_host.
2). Set an incorrect trusted certificate.
If the SSL connection fails, it indicates that there is server authentication.
To verify server authentication, set the following in routes.conf or the client application.
1). Enable ssl_verify_host.
2). Set an incorrect trusted certificate.
If the SSL connection fails, it indicates that there is server authentication.
To verify client authentication:
1). Enable SSL_DEBUG in log_trace in tibemsd.conf .
2). If EMS prints "Peer certificate" in the serve log, i.e:
===
2014-07-11 14:07:07.873 Peer certificate:
2014-07-11 14:07:07.873 Certificate=[/C=US/ST=California/L=us-english/O=Test Company/OU=client Unit/CN=client/emailAddress=client@testcompany.com]
Issuer=[/C=US/ST=California/L=us-english/O=Test Company/OU=client_root Unit/CN=client_root/emailAddress=client_root@testcompany.com]
2014-07-11 14:07:07.874 Peer certificate chain:
2014-07-11 14:07:07.874 Certificate=[/C=US/ST=California/L=us-english/O=Test Company/OU=client_root Unit/CN=client_root/emailAddress=client_root@testcompany.com]
====
The above indicates that client authentication is successful. For more information regarding client authentication, refer to KB 40916.
1). Enable SSL_DEBUG in log_trace in tibemsd.conf .
2). If EMS prints "Peer certificate" in the serve log, i.e:
===
2014-07-11 14:07:07.873 Peer certificate:
2014-07-11 14:07:07.873 Certificate=[/C=US/ST=California/L=us-english/O=Test Company/OU=client Unit/CN=client/emailAddress=client@testcompany.com]
Issuer=[/C=US/ST=California/L=us-english/O=Test Company/OU=client_root Unit/CN=client_root/emailAddress=client_root@testcompany.com]
2014-07-11 14:07:07.874 Peer certificate chain:
2014-07-11 14:07:07.874 Certificate=[/C=US/ST=California/L=us-english/O=Test Company/OU=client_root Unit/CN=client_root/emailAddress=client_root@testcompany.com]
====
The above indicates that client authentication is successful. For more information regarding client authentication, refer to KB 40916.
Issue/Introduction
Verifying mutual SSL authentication.
Feedback
Yes
No
Powered by
