Simplest method to Implement 2 Way Authentication using SSL

Every web application needs to be protected. There could be different solutions to choose from depending up on your requirement and feasibility. Some may choose basic form based authentication or some may go all the way to Oauth2. In this article we will see how we can implement 2 Way Authentication using SSL.

In 2 Way Authentication or mutual authentication, the Server and Client does a digital handshake, where Server needs to present a certificate to authenticate itself to the Client and vice-versa. Once this handshake is successful then only further communication is allowed.

We will see step by step how to generate self signed certificate and configure that to our application and tomcat server. The image will give you brief idea on what I meant by above.
Software used in this sample

  • Java 1.8
  • Spring Boot 1.5.2.RELEASE
  • Tomcat 8.5

We will use Java Key Store utility to generate and store our self signed certificates.

Create Self Signed Certificate for Server and Client

As we are using Keytool,  please check in your environment this command or utility is available.

Create a JKS file for Server with below command on your shell or command prompt. Please make sure to change the information like company, location etc as per your need

Now we need  a certificate file that can be distributed as public certificate to clients. Run below command to extract that certificate. It will ask for the password which you have supplied above while creating JKS

Similar steps needs to be followed for Client JKS file and Client Public Certificate

For Client Certificate

Now we have all the keystores and public certificates. In order for 2 Way Authentication to work we need to make sure that Server recognizes clients public certificate and Client is aware of Servers certificate.

At this point we have all our JKS and Certificates ready. We will configure these to our Tomcat 8.5

Configure Tomcat for SSL

As we need mutual authenticate we need to configure tomcat to request for certificate from all the clients who wants to communicate. This can be done by adding or updating existing connector in tomcats server.xml. Please make sure you keep a backup of existing settings and file.

Copy the MyServer.jks to appropriate directory and configure the connector as below

Restart Tomcat so above changes will come in to effect.

Configure Server and Client App for 2 Way Authentication

Server App

For Server application we will have only a simple Rest Controller, that will be available at /hello resource.

The Server App will be hosted on the tomcat which we configure in above.

Client App

The client app is also Simple Spring Boot Application, which does a rest call to server resource as hosted above.

Apart from this we need to specify the client JKS as system properties. That can be done as below

You can see that I have specified all debugging for SSL. So you will see how server and client do a digital handshake.  To load the server resource I have added simple Spring Boot command line runner as.


Regarding the results, if you try and load the url in browser it will fail.

On the other hand, If I run the client where I am passing certificate details, I get correct response.

You can see that I am getting correct response. The response is sent only after digital handshake is successful. The server and client exchange information that will be visible on console.


You have successfully implemented the 2 Way Authentication using SSL certificates. Please feel free to get back to me if you have any questions. You can download the code from our repository mentioned below.

Download From Git
  1. December 3, 2019 | Reply
  2. Srilatha mothipati
    October 24, 2019 | Reply
  3. Pavan
    October 3, 2019 | Reply
    • Pavan
      November 15, 2019 | Reply
  4. shuja
    September 11, 2019 | Reply
  5. Sivakumar Ganti
    June 4, 2019 | Reply
  6. Prashant
    May 2, 2019 | Reply
    • Pavan
      May 4, 2019 | Reply
  7. Akanksha
    December 15, 2018 | Reply
    • Pavan
      December 19, 2018 | Reply
  8. Ankit Jain
    December 10, 2018 | Reply
    • Pavan
      December 12, 2018 | Reply
  9. Jafar
    November 13, 2018 | Reply
  10. Lams
    October 26, 2018 | Reply
  11. Subhani Shaik
    October 1, 2018 | Reply
    • Pavan
      October 4, 2018 | Reply
  12. Wan
    September 10, 2018 | Reply
    • Shilpa
      September 11, 2018 | Reply
  13. Binh
    July 16, 2018 | Reply
  14. Sambit
    May 5, 2018 | Reply
    • Pavan
      May 6, 2018 | Reply
    • Sambit
      May 6, 2018 | Reply
      • Sambit
        May 6, 2018 | Reply
  15. April 13, 2018 | Reply
    • Pavan
      April 13, 2018 | Reply
  16. Reddy
    April 11, 2018 | Reply
  17. March 27, 2018 | Reply
  18. Raguram
    March 13, 2018 | Reply
  19. Raguram
    March 13, 2018 | Reply
    • Pavan
      March 13, 2018 | Reply
  20. Hrishi
    February 27, 2018 | Reply
    • Pavan
      February 28, 2018 | Reply
  21. January 25, 2018 | Reply
    • Pavan
      January 25, 2018 | Reply

Leave a Reply to Srilatha mothipati Cancel reply

Your email address will not be published. Required fields are marked *