Is the target endpoint requesting client authentication - mutual authentication?

Document ID : KB000095470
Last Modified Date : 17/10/2018
Show Technical Document Details
Question:
Is the server configured for 2-way SSL?
Does the target system request a client authentication - mutual authentication?
Environment:
All Supported DevTest Releases.
Answer:
SSL handshake debugging information will be necessary to help to verify if the server side requests client authentication.
Please, take a look at the document below to check how you can collect SSL debugging information with DevTest:
https://comm.support.ca.com/kb/how-to-collect-ssl-debugging-information-with-devtest/kb000117725#/

With the SSL handshake information, we need to verify if the server side requests client authentication.
For more information regarding the SSL handshake, please take a look at the document available in the link below:
Of SSL, SNI, Java and DevTest - The Handshake - https://communities.ca.com/docs/DOC-231172116-of-ssl-java-and-devtest

When the server responds the Client Hello with the Server Hello, one of the items we will see under the Server Hello, if it requires mutual authentication, is the client certificate request.
Below is an example:
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=Application Cert Authority, OU=Cert Authority, O=ABC, L=ABCD, ST=AB, C=CD>
*** ServerHelloDone

Under Cert Authorities the server provides a list of Cert Authorities it trusts.
The client side needs to provide a certificate issued by one of the Cert Authorities listed above.
In the example above, the client certificate issuer needs to be Application Cert Authority.