Collaborate Disseminate
I am using HAProxy to perform Mutual TLS termination for my API.
HAProxy has Mutual TLS enabled with "verify required" and a cert-auth file to restrict access to the Apache service that proxies to my API.
I only want to allow two… Continue reading HAProxy Trust only specific client certs for mutual
When I am testing mutual TLS handshake performance on TLS1.3 using OpenSSL, I find a very wired thing:
I created two groups of servers and clients:
Server1 has a certificate signed using RSA3072, and Client1 has a certificate signed using… Continue reading Mutual TLS on OpenSSL – When does the server generate the CertificateVerify message?
Scenario: I need to implement MTLS between three of my services communicating with each other.
Based on my understanding of MTLS, I need to import the certificate of target services in the trust store of the source service and the certific… Continue reading Handling MTLS with HSM
I added the client cert into ca.pem as in
bind 0.0.0.0:443 ssl crt /etc/ssl/private/asdf.hdavid.io.pem verify optional ca-file /etc/ssl/certs/ca.pem
http-request set-header X-SSL-Client-Verify %[ssl_c_verify]
And then calling with … Continue reading Adding a self-signed client certificate to HAProxy for mutual-tls?
Is it conceptually possible to allow in the server a specific self signed client certificate for mutual TLS?
If possible but not recommended. Why?
I have a client to who I have to provide a server that does mutual TLS auth. But they say th… Continue reading Can mutual TLS work with a self-signed client certificate?
I work for a software company and I’m currently doing research for an enhancement request. Essentially we have a application client which talks to a rest end point which is authenticated using basic authentication over SSL. A client is re… Continue reading Basic authentication after mTLS?
In mutual TLS, during client-authentication phase, a client proves its identity to the server by sending its client certificate (Certificate message). Additionally, it signs all previous handshake messages using its private key and sends t… Continue reading Mutual TLS – with self-signed client certs – what is the security purpose of a client private key in addition to client cert?
I have two parts that need to perform mutual authentication. However, the certificates are self-signed and so the parts must register their certificates each other.
Does anyone know how this procedure can be accomplished?
i am reading this… Continue reading register a X.509 self-signed certificate
i am reading this in the OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
What is the difference between a client_id and a distinguished name? I see in the PKI Mutual-TLS Method that the distinguished name of … Continue reading client_id vs distinguished name in mutual tls
i am reading this in the OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
What is the difference between a client_id and a distinguished name? I see in the PKI Mutual-TLS Method that the distinguished name of … Continue reading client_id vs distinguished name in mutual tls