Hi, I am a bit newbie to this domain of client certificate-based authentication. We have two applications … A(server) and B(client). Web application A runs on Apache Tomcat 9.0.52. (it’s a REST API based application). Application B invokes the rest api of application A.
Now we want to introduce client certificate-based authentication between A and B. So far based on information I have gathered from the internet all I have got is different pieces, but I am not able to connect the dots how to setup or configure tomcat (where A is hosted) to achieve this requirement. I have been provided certificate by application B that is going to access our application A. But what are realms, how to map them with the certificate provided to us and configure that realm in tomcat, where to store the certificate provided by client, how to enforce webapp on system A to go for client certificate authentication etc…these dots I am not able to connect. It would be great and appreciated, if someone can guide me the correct sequence and steps I should follow ? … basically, help me to connect the dots. 😊 Thanks and Regards Omkar Patkar
