sk1922
asked on
Need help w/ Web Services and SSL/TLS
Hello Experts!
I am working with vendor who offers SOAP based web services that I'm trying to use for my company. The web services app/client that I'm builiding will reside on an IIS box, on our company network. The web services require a cert for mutual SSL and another for TLS. The vendor is requesting that I purchase the two certs for this and send the certs to them for installation. I not familiar with how this all works and would like to better understand before I continue down the path of obtaining certs, configuring, etc.
Specifically, I'd like to know if someone can assist in answering the following for me:
1) Are these special certs that I need to purchase?
2) What does the vendor do with the provided certs and what information should I expect to receive from them to ensure a secure handshake?
3) Is the "mutual cert" something that I need to configure (e.g., install on the web server, convert to a file, etc.)
I want to make sure I'm heading down the right path by understand all that needs to happen to form a secure connection with the vendor and what is being requested by them.
Any insight you can offer up would be greatly appreciated!
Thanks,
SK
I am working with vendor who offers SOAP based web services that I'm trying to use for my company. The web services app/client that I'm builiding will reside on an IIS box, on our company network. The web services require a cert for mutual SSL and another for TLS. The vendor is requesting that I purchase the two certs for this and send the certs to them for installation. I not familiar with how this all works and would like to better understand before I continue down the path of obtaining certs, configuring, etc.
Specifically, I'd like to know if someone can assist in answering the following for me:
1) Are these special certs that I need to purchase?
2) What does the vendor do with the provided certs and what information should I expect to receive from them to ensure a secure handshake?
3) Is the "mutual cert" something that I need to configure (e.g., install on the web server, convert to a file, etc.)
I want to make sure I'm heading down the right path by understand all that needs to happen to form a secure connection with the vendor and what is being requested by them.
Any insight you can offer up would be greatly appreciated!
Thanks,
SK
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
helpful and guided me in the appropriate direction. I had to open additional questions specific to each scenario.
ASKER
So for TLS, I would actually generate the CSR on my end and supply the public certificate the vendor, correct?
>>>A certificate for mutual authentication which will be used for client side to trust you application....
Do you mean the client side of the vendor's system?
Also, can you explain this further??
>>>>For the mutual auth certificate you need to make sure that you have already some kind of accepted client identifier like CN name.