Blog Post

This blog will cover how we can implement Two-way SSL in Boomi.

What is SSL?

SSL stands for Secure Sockets Layer. It’s a protocol designed to provide secure communication over a computer network, typically the Internet. SSL ensures that the data exchanged between a web server and a client (such as a web browser) remains encrypted and thus protected from eavesdropping, tampering, and forgery.

Here’s how SSL works:

• Handshake: The SSL handshake is the initial step in establishing a secure connection. During this process, the client and the server agree on encryption methods and exchange cryptographic keys.
• Encryption: Once the handshake is complete, SSL encrypts all data transferred between the client and the server using symmetric encryption. This means that even if intercepted, the data is indecipherable without the appropriate decryption key.
• Data Integrity: SSL also ensures data integrity, meaning the data cannot be altered or tampered with during transmission. It achieves this through the use of cryptographic hashes and message authentication codes (MACs) that detect any unauthorized changes to the data.

Authentication: SSL can also provide authentication, allowing the client to verify the server’s identity (and optionally vice versa). This helps prevent man-in-the-middle attacks where a malicious third party impersonates the server to intercept or alter the communication.

SSL has evolved, and its successor, Transport Layer Security (TLS), is now more commonly used. However, the term “SSL” is often used colloquially to refer to SSL and TLS protocols.

SSL/TLS is widely used to secure various types of online communication, including web browsing, email, instant messaging, and file transfers. Websites that use SSL/TLS have URLs starting with “https://” instead of “http://”, indicating a secure connection.

• One-way SSL (Secure Sockets Layer) and Two-way SSL (also known as mutual SSL) are configurations of SSL/TLS that differ in the way authentication is performed between the client and the server.

Two-way SSL:

Two-way SSL (Secure Sockets Layer), also known as mutual SSL authentication, is a process in which both the client and the server authenticate each other’s identities using digital certificates. This ensures a higher level of security for the communication channel. Here’s a brief overview of how it works and its benefits.

How Two-way SSL Works

1. Client Request: The client initiates a connection to the server.
2. Server Certificate: The server responds by sending its digital certificate to the client. This certificate is issued by a trusted Certificate Authority (CA) and contains the server’s public key.
3. Server Authentication: The client verifies the server’s certificate against a list of trusted CAs. If the certificate is valid, the client continues the process.
4. Client Certificate: The server then requests the client’s digital certificate for mutual authentication.
5. Client Certificate Verification: The client sends its digital certificate to the server. The server verifies the client’s certificate against its list of trusted CAs.
6. Establishing Encrypted Connection: Upon successful verification, both parties use each other’s public keys to establish an encrypted communication channel. This ensures that data transmitted between the client and server is secure.

Now, let’s see the following steps to implement Two-way SSL in Boomi.

Step 1: First, log on to the Boomi platform (https://platform.boomi.com/) with a username and password.

Step 2: Once, you have logged into the Boomi platform, you can view the Home page.

Step 3: Now, click on Services followed by Integration. You will see the Build page.

Step 4: Now click on Create new.

Step 5: Choose the Component type as X.509 certificate, then click on Create.

Step 6: Give a name for the certificate and click on Generate.

Step 7: Fill in all the details related to the certificate. Click on OK.

Step 8: Now the certificate will be generated. Click on Save and then Export Public Cert and Export Private Key.

Step 9: Now create two certificates. (Follow Steps 4-5) One for the Public key and another for the Private key. Then on one certificate Click on import and choose the public key (from your device where you have downloaded the certificates in step 8) to generate the public certificate and on another certificate Click on import and choose the private key (from your device where you have downloaded the certificates in step 8) to generate the private certificate.

• Please select a file containing a private key (.pfx, .p12) or public cert (.cer, .der).

• In the case of importing private certificates, we have to provide the password. (same password set at step 7)

Step 10: We have to create another certificate for the Client. We will follow Step 4 -Step 9 to create a Certificate and its Public key, and Private Key for the Client and will create certificates in Boomi for Client’s Public key, and Private Key.

Step 11: Now we have exposed one API from Boomi Atomsphere. For that create a new process. Choose Start shape with Web Services Server. Set Action as Listen. Create One Operation.

Step 11: Configure the Operation. Set the Operation type, give the Object name on Object, select the request and response type and click on ‘Save & Close’.

Step 12: Take a message shape and setthetext ‘Hi, Shamik Roy Chaudhury’.

Step 13: Now place a Return Document shape. Then click on Create Packaged Component.

Step 14: Click on Add details.

Step 15: Click on the Create Packaged Component.

Step 16: Click on Deploy.

Step 17: Choose the Environment and click on Next: Select Versions.

Step 18:  Click on Next: Review.

Step 19: Click on Deploy.

Step 20: Click on Manage.

Step 21: Now click on Atom Management.

Step 22:  Go to your Atom > Shared web server. Set the API type as Intermediate. In Listening Port Configuration, check the SSL checkbox and set the authentication type as Client Certificate.  Add the Private Certificate of Server in the SSL Certificate option.

Step 23:   Go to User Management and upload the Public key for the Client.

Step 23: Create a new process for consuming the API that we just exposed. Create a process which starts with Start shape with No Data type. Then take an HTTP client connector.

Step 24: Configure the connection of the HTTP client connector. Create a connection, and provide the URL (Base URL from shared web server + simple path from shared web server operation).

Step 25: Go to SSL options in the connection, Check the checkbox Use Trusted SSL Certificate and below add the Public certificate of Server in the Trust SSL Server Certificate.

Step 26: Go to SSL options in the connection, Check the checkbox Use Client SSL Authorization and below add the Private certificate for Client in the Client SSL Authorization.

Step 27: Set the Action as Get. Create an operation.

Step 28:  Configure the operation. Then click on Save & Close.

Step 29:  Put a stop shape. And Hit the test button.

Step 30: Choose the runtime engine and Click on OK.

Step 31: Click on Stop Shape. Click on Shape Source Data