Outbound Mutual Authentication Setup
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 05:36 AM
Hi,
I'm working on setting up mutual authentication for our SNOW instances and just cannot get my head wrapped around what we're supposed to do, no matter how many docs I read.
Starting with KB0696002 and setting up our certificate, it sounds like I need to run the keytool command with the steps given in A to generate a key store (I have the platform admin doc with the specific commands). We have an internal team that generates certificates for us for domains we own -- I would have them generate a certificate for whatever domain I want (e.g., myauth.mydomain.com), and use that and any root/intermediate certs for steps 3 and 4 when creating the keystore?
So -- I would generate a keystore first, then send that output over to our internal team to generate a certificate for a company-owned domain (myauth.mydomain.com). They would generate the certificate, then send me that certificate and any others in the chain (root, intermediate). I'd then continue with step 3 as needed, then step 4 with the certificate for myauth.mydomain.com. Are those the correct steps, and I'd import the finished keystore into SNOW?
I think I'm good with the rest of the steps. Thank you!
Marc
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 05:57 AM
When I went through the process I had to the other team generate the entire java keystore and send me that along with a password for the keystore. I uploaded the keystore, added the password and then was all set.
I don't think you need a "public" signed cert as long as both apps trust the keystore.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 07:07 AM
Thanks Chris! I think this is getting me on the right track -- did the other team provide a PEM or DER format certificate to you as well for sharing with the other application?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 08:21 AM
Both the keystore and the cert were on sys_certificate. The cert was stored as a DER format trust store type with a .cer attachment.
I don't think we shared a certificate with them (I assume it was in the keystore?), but it's possible they just pulled the cert from our instance themselves.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 08:41 AM
Ok, great, thank you!