In short below is the difference:
One Way SSL - Only the client authenticates the server
- This means that the public cert of the server needs to configured in the trust store of the client for this to happen.
Two Way SSL - The client authenticates the server & the server also authenticates the client.
- This means that the public cert of the server needs to configured in the trust store of the client for this to happen.
- Also the public cert of the client needs to be configured on the server's trust store
Two-way SSL authentication
In two-way SSL authentication, the SSL client application verifies the identity of the SSL server application, and then the SSL server application verifies the identity of the SSL-client application.
Two-way SSL authentication is also referred to as client authentication because the application acting as an SSL client presents its certificate to the SSL server after the SSL server authenticates itself to the SSL client.
Figure 1 illustrates the certificate configuration for two-way SSL authentication between two applications in the Tivoli Identity Manager Express environment:
For example, if the Tivoli Identity Manager Express Server initiates a connection to a Tivoli Identity Manager adapter and the adapter is set to use two-way SSL client authentication, the adapter presents its certificate to the Tivoli Identity Manager Express Server for verification, and then requests that the Tivoli Identity Manager Express Server send its certificate to the adapter for verification. In this case, you must install the Tivoli Identity Manager Express Server certificate and private key in its keystore, and you must install the corresponding CA certificate in the keystore of the Tivoli Identity Manager adapter. On theTivoli Identity Manager adapter, you must install the adapter certificate and private key in its keystore, and you must install the corresponding CA certificate in the keystore of the Tivoli Identity Manager Express Server. If the same certificate authority issues both signed certificates, you can install the same CA certificate in the keystores of both applications. Two-way SSL authentication with signed certificates that are issued by one or more certificate authorities ensure maximum security of sensitive data.
If you are using self-signed certificates, you must create and install the self-signed certificate and private key on the SSL-client and SSL-server applications, then extract the certificate from the keystore of each application and add it to the keystore of the other application. Figure 2 illustrates the certificate configuration for two-way SSL authentication using self-signed certificates.
Two-way SSL authentication is also referred to as client authentication because the application acting as an SSL client presents its certificate to the SSL server after the SSL server authenticates itself to the SSL client.
Figure 1 illustrates the certificate configuration for two-way SSL authentication between two applications in the Tivoli Identity Manager Express environment:
For example, if the Tivoli Identity Manager Express Server initiates a connection to a Tivoli Identity Manager adapter and the adapter is set to use two-way SSL client authentication, the adapter presents its certificate to the Tivoli Identity Manager Express Server for verification, and then requests that the Tivoli Identity Manager Express Server send its certificate to the adapter for verification. In this case, you must install the Tivoli Identity Manager Express Server certificate and private key in its keystore, and you must install the corresponding CA certificate in the keystore of the Tivoli Identity Manager adapter. On theTivoli Identity Manager adapter, you must install the adapter certificate and private key in its keystore, and you must install the corresponding CA certificate in the keystore of the Tivoli Identity Manager Express Server. If the same certificate authority issues both signed certificates, you can install the same CA certificate in the keystores of both applications. Two-way SSL authentication with signed certificates that are issued by one or more certificate authorities ensure maximum security of sensitive data.
If you are using self-signed certificates, you must create and install the self-signed certificate and private key on the SSL-client and SSL-server applications, then extract the certificate from the keystore of each application and add it to the keystore of the other application. Figure 2 illustrates the certificate configuration for two-way SSL authentication using self-signed certificates.
tempat nyari SSL murah ya di IDwebhost.com Cuman disini kamu bisa menemukan paket terbaik untuk hosting webkamu.
ReplyDelete