Ability to use more than one client certificate for 2-way SSL Communication in CA Auth Minder and CA Risk Minder

Idea created by Venkata Sagar Tummala Employee on Aug 24, 2014
    Not planned
    • Joseph_Lutz
    • jose.santana
    • Venkata Sagar Tummala




    CA Auth Minder and CA Risk Minder has ability to configure 1-way SSL and 2-way SSL between different components like Administration console, Java SDKs and Transaction Web Services. We will use the ROOT certificate for 1-way SSL between different components.


    In case of 2-way SSL we will upload the trusted root certificate where Java SDKs are deployed. Then we use that Trusted Certificate Authority to configure 2-way SSL for connectivity. This works fine as expected if we have only one server where Java SDKs are deployed.


    If we have deployed Java SDKs in more than one place, we don't have any option to use multiple certificates for multiple Java SDKs. Meaning we have to use same client certificate for all Java SDKs. If any of the application using Java SDKs compromised, then we need to create a new client certificate and distribute it to all other application using Java SDKs. So, this will create the problem for all other application using Java SDKs. We are typically not using the concept of 2-way SSL. It will same like we create the ROOT certificate and the client certificate.


    Example: We will install AFM application in multiple servers in customer environments. If we upload the certificate from one server, then AFM in second server will not work. So. we have to ask customer to install the same certificate in all the application servers. In case of customer using some other application and using our Java SDKs to perform any operation, we have ask customer to install the certificate from our first AFM server in their application server.


    In case the issue mentioned above is not clear please let me know.



    Sagar Tummala.