Two-way SSL Connection

1.6.3 Two-way SSL Connection

This topic describes about the two-way SSL connection.

A two-way SSL is used when the server needs to authenticate the client. In a two-way SSL connection, the client verifies the identity of the server and then passes its identity certificate to the server. The server then validates the identity certificate of the client before completing the SSL handshake.

To establish a Two-way SSL connection, user must have two certificates as follows:

Server
Client

Below configuration has to be ensured in weblogic.xml within the deployed application ear.

Cookies are set with Http only as true
Cookie secure flag set to true
Cookie path to refer to deployed application

<wls:session-descriptor>  
           <wls: cookie-http-only>true</wls: cookie-http-only> 
         </wls: session-descriptor>

<wls: session-descriptor> 
           <wls: cookie-secure>true</wls: cookie-secure>         
           <wls: url-rewriting-enabled>false</wls: url-rewriting-enabled>
         </wls: session-descriptor>

Always make sure Cookies are set with always Auth Flag enabled by default for WebLogic server.

Parent topic: Securing the Oracle Banking Liquidity Management Application