SSL(Secure Socket Layer) is used for security over a network. This post explores the implementation of SSL in Datapower along with some basic concepts.
SSL Concept:
Key Pair Generation:
Implementing SSL in Datapower
When Datapower Acts as a Client:
- Upload the certificate shared by the server in cert/pubcert directory of Datapower File Management.
- Create an SSL proxy profile as shown below. This can be either referred to in the proxy settings or set dynamically using the routing-ssl-profile variable
- The server to which Datapower acts as a client will share its certificate to Datapower(Client).
- Using a shared certificate, a crypto certificate object is created.
- Crypto Validation credentials are created using a crypto certificate object and will be included in the crypto profile.
- The crypto profile created will be used in Datapower as an SSL proxy profile.
When DataPower Acts as Server
Create the SSL proxy profile by following the steps shown below, it can be referred in any Front side handler that supports SSL (Example HTTPS)
- Just like Crypto Validation credentials are created when datapower acts as client, Crypto identification credentials are created with the combination of the crypto key object and crypto certificate object.
Note: A TWO-WAY-SSL-Proxy-Profile contains two crypto profiles. One refers the crypto validation credentials evaluated in the response (Datapower as client to Backend) and the other one refers to the crypto Identification credentials used in the request flow (When Datapower acts as SSL server to front end systems).
