I have three spring applications running on weblogic 12.2.1.4.0. Two of these applications (App1 and App2) expose REST APIs which they use for intercommunication. Some of these REST endpoints are also called by the third application(App3) which is bundled with Angular.
Scenario:
- user opens browser and types in xyx.com (requesting a page from App3)
- App3 receives the request and then makes a back end call to either App1 or App2.
- App1/App2 returns a response to to App3
- App3 forwards the response to the browser.
Problem: When 2-way SSL is configured, App3 can communicate with App1/App2 correctly. However, before we ever get to this part, the client must initiate the request from the frontend(browser). But because 2-way SSL is enabled, it fails when the browser initiates the request. This is becasue the certificate trusted by the server is not install on the browser.
Question: Is is possible to configure weblogic such that:
- Communication between the browser and App3 uses 1 way ssl
- Communication between App3 and App1/App2 uses 2 way ssl.
NOTE Assume that App3 is deployed on a seperate server
I have tried to configure a different http listener for the requests which come from the browser, but I con't see how to do this isn weblogic server 12.2.1.4.0.
Note that it's not possible to require client certificates based on URL/path, because the certificate must be presented during the TLS handshake, before the path is sent. Luckily your problem can be solved with "client certs requested but not enforced", since you control the client that wants to use mTLS.