Stack Overflow
Stack Overflow

Questions tagged [mtls]

Use for mutual TLS, a technology to enhance network security.

mTLS, or mutual TLS is common on Zero Trust Networking architectures to increase security in internal networks, especially when deployed in a cloud environment.

mTLS is often implemented with a Service Mesh in a Kubernetes cluster.

222 questions
2
votes
0 answers

Quarkus Two-Way TLS: Backend does not accept the certificate

I am trying to implement mTLS by my own regarding to the tutorial from https://quarkus.io/blog/quarkus-mutual-tls/. This is how I have generated server-keystore, client-keystore and server-trustore keytool -genkeypair \ -storepass password…
softshipper
  • 32,463
  • 51
  • 192
  • 400
2
votes
1 answer

Prometheus remote write mTLS

I'm trying to set up Prometheus-to-Prometheus metrics flow, I was able to do it by flag --enable-feature=remote-write-receiver. However I need to have mTLS there, can someone advice a manual or post a config sample? Appreciate you help
Victor EStalin
  • 171
  • 1
  • 11
2
votes
1 answer

ASP.NET TLS client authentication, how to submit acceptable Distinguished CA Names

How can I configure ASP.NET (Kestrel) to submit a list of acceptable distinguished CA names in SERVER HELLO of the mTLS handshake, to avoid the user to be presented with a list of client certificates in the browser of which most are not…
Lemon Sky
  • 677
  • 4
  • 10
2
votes
0 answers

2 way TLS setup in Spring Boot

I am looking to integrate Spring Boot with 2 way TLS. My query is that I want to use this for development and can we have the 2 way TLS in one Spring MVC or do we need to create a separate client MVC? I used this link for reference…
swarajsingh78
  • 79
  • 8
2
votes
0 answers

Is it possible to secure only one spring boot rest endpoint via MTLS

Is it possible to secure only one spring boot rest endpoint via x509Certificate? (MTLS)
Udesh Athukorala
  • 383
  • 3
  • 10
2
votes
0 answers

Client certificate not working in xamarin.android

I'm trying to establish mtls connection using https://github.com/chkr1011/MQTTnet library in my xamarin.android project. During this process I encountered with such an exception in Init method on calling…
Yurii
  • 21
  • 2
2
votes
1 answer

Why adding localhost to SAN list in considered not secured?

Question on the SAN list of a certificate please. Currently, I have a web application where mTLS, mutual TLS, two way SSL is enabled. All my clients have the valid sets of certificates and they all pass the handshakes and are able to get the…
PatPanda
  • 3,644
  • 9
  • 58
  • 154
2
votes
7 answers

Kubernetes liveness probe on a secure mTLS health check endpoint

I would like some help to solve a particular Kubernetes + mTLS problem please. How to make Kubernetes liveness probe work on a secure https mTLS health check endpoint please? My application is a web application where a health check endpoint is…
PatPanda
  • 3,644
  • 9
  • 58
  • 154
2
votes
1 answer

mTLS in OpenShift + Istio (client certificate)

There is an application (Java) deployed in OpenShift. The istio-ingress-gateway is also configured. My task is to call my service using the https protocol with mTLS. At the moment, I have the following settings in the ingress-gateway in the tls…
Дима Гуманов
  • 117
  • 2
  • 12
2
votes
1 answer

How the proper SSL certificate is selected from java keystore in order to be sent to corresponding endpoint in case of mutual TLS

I have an HTTPS endpoint that requires a client certificate(mutual TLS). I have created a keystore using KeyStore Explorer tool and inserted the client certificate and private key into it(entry has an alias, that is some random string). Then I…
Suren Aznauryan
  • 984
  • 10
  • 24
2
votes
1 answer

Result of `req.socket.authorized` is not correct using nodejs https and express [mutual authentication]

I'm trying to set up a https server with mutual authentication. I created the key and the certificate for the server (auto-signed). Now I use firefox to connect to the server without providing any client certificate. This should result in the…
Zanna_37
  • 122
  • 10
2
votes
1 answer

Java MTLS Subject and Issuer order

We are upgrading the connection between ourselves and a partner, they require that we upgrade to MTLS. I've been debugging low level java, javax.net.debug=all and I can see that the handshake is successful. However the partner, does a full string…
dstarh
  • 4,976
  • 5
  • 36
  • 68
1
vote
1 answer

Cannot get mTLS working on a Google Cloud Load Balancer using PrivateCA

I am trying to get mTLS working on a global HTTPS load balancer in Google Cloud, but the client connections are just being rejected with the error "client_cert_validation_failed". I followed the exact instructions here and here but it appears the…
Tom Medhurst
  • 61
  • 4
1
vote
1 answer

Debugging SSL connection termination issue

I've a ASP.NET core web application that uses built in kestrel server and configurations to setup a https connection. Here's how the configutarion (settings.json) looks like { "Kestrel": { "Endpoints": { "Https": { "Url":…
SQLProfiler
  • 109
  • 7
1
vote
1 answer

mTLS Google Cloud not providing certificate authorities in TLS handshake

I'm using mTLS with Google Cloud for a load balancer. I have defined a TrustAnchor defining my supported root CAs. The expectation would be that a certificate_authorities extension is included in the certificate_request_context extensions to inform…
k_o_
  • 5,143
  • 1
  • 34
  • 43
1 2
3
14 15