Facing challenges with Mutual(Two-way) authentication between servers RRS feed

  • Question

  •  We are developing a web API service(Server A) which will request customer information from a bank API server(Server B). We want a 2-way SSL authentication to be implemented between the servers . We've tried to find information about how to configure this exactly, but it's hard to find comprehensive documentation about that.

    I've set the SSL Settings of the bank site to 'Require SSL' and 'Require client certificates'. With the Configuration Editor (system.webServer/security/authentication/iisClientCertificateMappingAuthentication) I've set enabled to true, oneToOneCertificateMappingsEnabled to true and added a mapping to our client certificate under oneToOneMappings. We need information whether we can provide client certificate with the request being made from Server A to Server B. This could be implemented programmatically where we add client certificate to the request handler. Is there a way to make some configuration in IIS and avoid doing it programmatically?

    Simple request scenario is visualized below for clear understanding.

    Generic use case: Bank API on Server B is requested to return a response through browser. Browser selects valid client certificate from certificate store and request is made. Mutual authentication is successful.

    Business specific use case: Server A request Bank API on Server B to return a response. Client certificate is not attached automatically. Mutual authentication fails. Any provisions to use client certificate in IIS with the request?

    Tuesday, April 24, 2018 1:46 PM


  • cse.Sandeep --

    You have erroneously posted your Windows Server question in a public user forum dedicated to questions about Microsoft Project Server, an enterprise project management application.  I would recommend you repost your question in a user forum dedicated to Windows Server questions.  Hope this helps.

    Dale A. Howard [MVP]

    Tuesday, April 24, 2018 7:09 PM