2-way SSL authentication is a certificate-based mutual authentication protocol that refers to two parties authenticating each other by verifying the provided digital certificate so that both parties are assured of the others’ identity. It refers to a client (web browser or client application) authenticating themselves to a server (website or server application) and the server also authenticating itself to the client through verifying the public key certificate/digital certificate issued by the trusted Certificate Authorities (CAs).
To establish a Two-Way SSL (Mutual Authentication) connection, you must have the following:
- private key,
- client certificate,
- certificate authority root certificate, and
- certificate authority intermediate certificates.
The client can acquire a certificate from any of the trusted Certificate Authority (CA).
Kore.ai Bots Platform offers this support only for on-premise users. At the time of Bots platform installation, configure the SSL certificate following the instructions given in the Installation Guide.
Whenever the Bots platform makes a call to backend services for API invocation (from Service node) that requires mutual authentication (or two way SSL), the Bots platform presents the configured certificate to the API endpoint for SSL handshake. If the certificate is not valid or not trusted by the API service, Bot will not be able to make that call.
The authentication message exchange during SSL handshake between Bots platform and API server includes the following steps:
- The Bots platform makes a request to a configured API endpoint.
- The API server presents its certificate to the Bots platform.
- The Bots platform verifies the server’s certificate.
- If successful, the Bots platform sends its configured 2-way SSL certificate to the API server.
- The API server verifies the presented certificate credentials.
If successful, the server grants API access to the Bots platform
This process is applicable for service nodes (know more about service node) in a Bot.