Two-way TLS Authentication

[eraytufan]

Hi all,

There are two systems communicating with each other using TLS two-way authentication and one of them is Wincc OA. Wincc OA should act both as client and server. I have two questions:

1. I'm going to create a http server in WIncc OA. However, how can I authenticate the client certificate when the client sends a request to Wincc OA http server?

2. The same way, I have to send data in Wincc OA using ctl language (e.g. netPost() function). Is there a way that I can send Wincc OA certificate so that Server can authenticate Wincc OA?

Thank you in advance.

[kilianvp]

If I understand you correctly, you want to do Certificate Authentication.
All net (e.g. netPost()) functions do not have the possibility to do Certificate Authentication.

But there is the possibility to use server side authentication (SSA). Do you mean that?

[eraytufan]

I actually want to do both ways. In TLS, there is a two-way authentication that both server and client side authenticate each other with sending their certificates. Therefore, in my Wincc OA Http server, I want to authenticate client side's certificate instead of using login authentication.



I drew the basic architecture. In both parts of communication I want to use two-way authentication so that Wincc OA can send its certificate when it works as a client, and authenticate 3rd party certificate when 3rd party server communicates with the Wincc OA HTTP server.

How can I do this in general? Does Wincc OA support it?

[eraytufan]

I found out that sslConfig solves my problem for net(e.g. netpost) functions.

However, I couldn't find any information regarding how can I authenticate client certificate from Wincc OA http server. I haven't seen a sslConfig options for httpServer() and is there a way that I can authenticate client certificate or check client certificate's Certificate Authority (CA)?