Yep, I’m looking for trust between my webserver and Appserver w/o client authentication. I’m not worried about trust between my web browser and webserver as I’m not looking for that now.
Warm Regards, Naveen Kumar Reddy N IBM Middleware WAS-MQ Tower Lead ( WalMart ) Toll Free Number - 866-912-0282(B),855-755-9356(H) Mail: [email protected]<mailto:[email protected]> SLACK Channel:: middleware_l2 [cid:[email protected]] Middleware ServiceNow Service Catalog Task Policy:: https://collaboration.wal-mart.com/display/IPSMW/Service+Now+Service+Task+Catalog+Policy Middleware ServiceNow Change Control Policy :: https://collaboration.wal-mart.com/display/IPSMW/Change+Control+Policy Middleware Customer Page:: https://teams.wal-mart.com/sites/Middleware/Customers/Pages/default.aspx From: Eric Covener [mailto:[email protected]] Sent: Sunday, February 11, 2018 12:39 PM To: [email protected] Subject: EXT: Re: [users@httpd] Mutual authentication between Apache HTTP server and an application server. On Sun, Feb 11, 2018 at 1:33 PM, Naveen Nandyala - Vendor <[email protected]<mailto:[email protected]>> wrote: On Apache I’m using 3rd party signed certificate. And I’ve added Apache root certificate to WAS truststore to trust my Apache. Similar way I want to add my WAS certificate to Apache to trust my Application server. On WAS end I’m having a self-signed certificate. Below two parameters determine my Apache server certificate this contains certificate of my virtual which end user access. SSLCertificateFile /u/applic/tc/HTTP/config/ssl/virtual.pem SSLCertificateKeyFile /u/applic/tc/HTTP/config/ssl/virtual.key I’m struckup on how can I add my websphere certificate on to Apache truststore. Earlier I was using IBM HTTP server and Plugin instead of Apache where I’ve kdb file where I used to add Websphere server personal certificate to signer certificates of HIS in kdb file. But in Apache as I use pem and key files unable to find exactly where I can add websphere certificate for mutual authentication. From Apache documentation I see it doesn’t support encrypted private keys. You seem to be jumping back and forth between distinctly different problems. I suggest tackling one problem at a time, e.g. getting the trust right w/o client authentication.
