Enabling 2-way SSL for Service nodes¶
Two-way SSL authentication is a certificate-based mutual authentication protocol that refers to two parties authenticating each other by verifying the provided digital certificate so that both parties are assured of the others’ identity.
It refers to a client (web browser or client application) authenticating themselves to a server (website or server application) and the server also authenticating itself to the client through verifying the public key certificate/digital certificate issued by the trusted Certificate Authorities (CAs).
Kore.ai Implementation¶
XO Platform offers this support by default in their cloud offering. In case, the services you use need a two-way SSL, the platform provides the certificate.
For On-premises Users¶
During the bots platform installation, configure the SSL certificate following the instructions given in the Installation Guide.
Prerequisites¶
To establish a Two-Way SSL (Mutual Authentication) connection, you must have the following:
- Private Key
- Client Certificate
- Certificate Authority Root Certificate
- Certificate Authority Intermediate Certificates.
The client can acquire a certificate from any of the trusted Certificate Authority (CA).
Working¶
Whenever the bots platform makes a call to backend services for API invocation (from Service node) that requires mutual authentication (or two way SSL), the bots platform presents the configured certificate to the API endpoint for SSL handshake. If the certificate is not valid or not trusted by the API service, the bot cannot make that call.
The authentication message exchange during SSL handshake between bots platform and API server includes the following steps:
- The bots platform makes a request to a configured API endpoint.
- The API server presents its certificate to the bots platform.
- The bots platform verifies the server’s certificate.
- If successful, the bots platform sends its configured two-way SSL certificate to the API server.
- The API server verifies the presented certificate credentials.
If successful, the server grants API access to the bots platform.
This process is applicable for service nodes (know more about service node) in a bot.