Simplest method to Implement 2 Way Authentication using SSL – Example With Source Code Available

Every web application needs to be protected. There could be different solutions to choose from depending upon your requirement and feasibility. Some may choose basic form-based authentication or some may go all the way to Oauth2. In this article, we will see how we can implement 2 Way Authentication using SSL.

In 2 Way Authentication or mutual authentication, the Server and Client does a digital handshake, where the Server needs to present a certificate to authenticate itself to the Client and vice-versa. Once this handshake is successful then only further communication is allowed.

We will see step by step how to generate a self-signed certificate and configure that to our application and tomcat server. The image will give you brief idea on what I meant by above.2 way authentication
Software used in this sample

  • Java 1.8
  • Spring Boot 1.5.2.RELEASE
  • Tomcat 8.5

We will use Java Key Store utility to generate and store our self signed certificates.

Create Self Signed Certificate for Server and Client

As we are using Keytool,  please check in your environment this command or utility is available.

Create a JKS file for Server with below command on your shell or command prompt. Please make sure to change the information like company, location, etc as per your need

Now we need a certificate file that can be distributed as a public certificate to clients. Run below command to extract that certificate. It will ask for the password which you have supplied above while creating JKS

Similar steps need to be followed for Client JKS file and Client Public Certificate

For Client Certificate

Now we have all the keystores and public certificates. In order for 2 Way Authentication to work, we need to make sure that the Server recognizes the client’s public certificate and the Client is aware of the Server certificate.

At this point we have all our JKS and Certificates ready. We will configure these to our Tomcat 8.5

Configure Tomcat for SSL

As we need mutual authenticate we need to configure tomcat to request for a certificate from all the clients who want to communicate. This can be done by adding or updating the existing connector in tomcats server.xml. Please make sure you keep a backup of existing settings and files.

Copy the MyServer.jks to appropriate directory and configure the connector as below

Restart Tomcat so the above changes will come into effect.

Configure Server and Client App for 2 Way Authentication

Server App

For Server application, we will have only a simple Rest Controller, that will be available at /hello resource.

The Server App will be hosted on the tomcat which we configure in above.

Client App

The client app is also a Simple Spring Boot Application, which does a rest call to server resource as hosted above.

Apart from this we need to specify the client JKS as system properties. That can be done as below

You can see that I have specified all debugging for SSL. So you will see how the server and client do a digital handshake.  To load the server resource I have added a simple Spring Boot command line runner as.

Results

Regarding the results, if you try and load the URL in browser it will fail.

On the other hand, If I run the client where I am passing certificate details, I get the correct response.

You can see that I am getting the correct response. The response is sent only after the digital handshake is successful. The server and client exchange information that will be visible on the console.

Conclusion

You have successfully implemented the 2 Way Authentication using SSL certificates. Please feel free to get back to me if you have any questions. You can download the code from our repository mentioned below.

Download From Git
42 Comments
  1. imran
    August 6, 2021 | Reply
  2. Steve
    October 19, 2020 | Reply
  3. Mahesh
    October 2, 2020 | Reply
  4. John Smith
    September 14, 2020 | Reply
  5. John Smith
    September 14, 2020 | Reply
  6. Divya Suman
    May 22, 2020 | Reply
  7. December 3, 2019 | Reply
  8. Srilatha mothipati
    October 24, 2019 | Reply
  9. Pavan
    October 3, 2019 | Reply
    • Pavan
      November 15, 2019 | Reply
  10. shuja
    September 11, 2019 | Reply
  11. Sivakumar Ganti
    June 4, 2019 | Reply
  12. Prashant
    May 2, 2019 | Reply
    • Pavan
      May 4, 2019 | Reply
    • April 10, 2020 | Reply
      • April 10, 2020 | Reply
  13. Akanksha
    December 15, 2018 | Reply
    • Pavan
      December 19, 2018 | Reply
  14. Ankit Jain
    December 10, 2018 | Reply
    • Pavan
      December 12, 2018 | Reply
  15. Jafar
    November 13, 2018 | Reply
  16. Lams
    October 26, 2018 | Reply
  17. Subhani Shaik
    October 1, 2018 | Reply
    • Pavan
      October 4, 2018 | Reply
  18. Wan
    September 10, 2018 | Reply
    • Shilpa
      September 11, 2018 | Reply
  19. Binh
    July 16, 2018 | Reply
  20. Sambit
    May 5, 2018 | Reply
    • Pavan
      May 6, 2018 | Reply
    • Sambit
      May 6, 2018 | Reply
      • Sambit
        May 6, 2018 | Reply
  21. April 13, 2018 | Reply
    • Pavan
      April 13, 2018 | Reply
  22. Reddy
    April 11, 2018 | Reply
  23. March 27, 2018 | Reply
  24. Raguram
    March 13, 2018 | Reply
  25. Raguram
    March 13, 2018 | Reply
    • Pavan
      March 13, 2018 | Reply
  26. Hrishi
    February 27, 2018 | Reply
    • Pavan
      February 28, 2018 | Reply
  27. January 25, 2018 | Reply
    • Pavan
      January 25, 2018 | Reply

Add a Comment

Your email address will not be published. Required fields are marked *