{"id":18146,"date":"2019-02-21T06:46:31","date_gmt":"2019-02-21T06:46:31","guid":{"rendered":"https:\/\/developer.kore.ai\/?post_type=docs&#038;p=16871"},"modified":"2020-11-27T11:50:28","modified_gmt":"2020-11-27T11:50:28","slug":"enabling-2-way-ssl-for-service-nodes","status":"publish","type":"post","link":"https:\/\/multisite.korebots.com\/v9-0\/docs\/bots\/bot-builder-tool\/dialog-task\/enabling-2-way-ssl-for-service-nodes\/","title":{"rendered":"Enable Two-way SSL for Service nodes"},"content":{"rendered":"<section class=\"l-section wpb_row height_auto\"><div class=\"l-section-h i-cf\"><div class=\"g-cols vc_row via_grid cols_1 laptops-cols_inherit tablets-cols_inherit mobiles-cols_1 valign_top type_default stacking_default\"><div class=\"wpb_column vc_column_container\"><div class=\"vc_column-inner\"><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><p><strong>Two-way SSL authentication<\/strong> is a certificate-based mutual authentication protocol that refers to two parties authenticating each other by verifying the provided digital certificate so that both parties are assured of the others&#8217; identity.<\/p>\n<p>It refers to a client (web browser or client application) authenticating themselves to a server (website or server application) and the server also authenticating itself to the client through verifying the public key certificate\/digital certificate issued by the trusted Certificate Authorities (CAs).<\/p>\n<\/div><\/div><div class=\"w-separator size_small with_line width_default thick_1 style_solid color_border align_center\"><div class=\"w-separator-h\"><\/div><\/div><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><h2><span class=\"ez-toc-section\" id=\"Koreai_Implementation\"><\/span>Kore.ai Implementation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Kore.ai Bots platform offers this support by default in their cloud offering. In case, the services you use need a two-way SSL, the platform provides the certificate.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"For_On-premises_Users\"><\/span>For On-premises Users<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>During the bots platform installation, configure the SSL certificate following the instructions given in the Installation Guide.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Prerequisites\"><\/span>Prerequisites<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To establish a Two-Way SSL (Mutual Authentication) connection, you must have the following:<\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li>Private Key<\/li>\n<li>Client Certificate<\/li>\n<li>Certificate Authority Root Certificate<\/li>\n<li>Certificate Authority Intermediate Certificates.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>The client can acquire a certificate from any of the trusted Certificate Authority (CA).<\/p>\n<\/div><\/div><div class=\"w-separator size_small with_line width_default thick_1 style_solid color_border align_center\"><div class=\"w-separator-h\"><\/div><\/div><div class=\"wpb_text_column\"><div class=\"wpb_wrapper\"><h2><span class=\"ez-toc-section\" id=\"Working\"><\/span>Working<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Whenever the bots platform makes a call to backend services for API invocation (from Service node) that requires mutual authentication (or two way SSL), the bots platform presents the configured certificate to the API endpoint for SSL handshake. If the certificate is not valid or not trusted by the API service, the bot cannot make that call.<\/p>\n<p><span style=\"font-weight: 400\">The authentication message exchange during SSL handshake between bots platform and API server includes the following steps:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">The bots platform makes a request to a configured API endpoint.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">The API server presents its certificate to the bots platform.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">The bots platform verifies the server&#8217;s certificate.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">If successful, the bots platform sends its configured two-way SSL certificate to the API server.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">The API server verifies the presented certificate credentials.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400\">If successful, the server grants API access to the bots platform.<\/span><\/p>\n<p>This process is applicable for service nodes (<a href=\"\/docs\/bots\/bot-builder\/defining-bot-tasks\/dialog-tasks\/working-with-the-service-node\/\">know more about service node<\/a>) in a bot.<\/p>\n<\/div><\/div><div class=\"w-separator size_small with_line width_default thick_1 style_solid color_border align_center\"><div class=\"w-separator-h\"><\/div><\/div><\/div><\/div><\/div><\/div><\/section>\n","protected":false},"excerpt":{"rendered":"Two-way SSL authentication is a certificate-based mutual authentication protocol that refers to two parties authenticating each other by verifying the provided digital certificate so that both parties are assured of the others&#8217; identity. It refers to a client (web browser or client application) authenticating themselves to a server (website or server application) and the server...","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/posts\/18146"}],"collection":[{"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/comments?post=18146"}],"version-history":[{"count":9,"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/posts\/18146\/revisions"}],"predecessor-version":[{"id":25548,"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/posts\/18146\/revisions\/25548"}],"wp:attachment":[{"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/media?parent=18146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/categories?post=18146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/multisite.korebots.com\/v9-0\/wp-json\/wp\/v2\/tags?post=18146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}