test

N1 Service Provisioning System 4.1 Installation Guide

Authentication Key Stores

The N1 Service Provisioning System 4.1 supports self-signed certificates. Two types of key stores exist:

When enabling SSL for client-server authentication, each enabled application needs to be configured with two key stores that SSL will use to authenticate itself to other applications and to authenticate other applications.

When enabling SSL for server-only authentication, the application acting as the SSL server requires a private key store and the application acting as the SSL client requires a public, or trusted, key store. The public key stores are in the proprietary JKS format provided by the Java Secure Sockets Extension (JSSE) v1.0.3.

You must specify a password for both of the key stores. The password for both of the key stores must be the same.

For example, application A, an SSL client, and application B, an SSL server, want to connect with each other using SSL. Both are configured to use a cipher suite that requires server authentication. Application B must have a public-private key pair in its private key store, and application A must have application B's public key in its trust key store. When application A attempts to connect to application B, application B sends its public key down to application A. Application A is able to verify the public key by finding it in its trust key store.

If application B is configured to require client authentication, application A must have a public-private key pair in its private key store, and application B must have application A's public key in its trust key store. After application A has authenticated application B, application B is able to verify application A's public key, as it finds the public key in its trust key store.