279 questions
0
votes
0
answers
39
views
MQTT broker TLS error when connecting with client
I am testing a C code using mosquitto library.
First, below is the broker conf related to TLS.
per_listener_settings true
listener 1883 0.0.0.0
allow_anonymous true
listener 8883 0.0.0.0
...
- 6,084
1
vote
1
answer
43
views
implementation of mtls with php
I want to achieve mTLS on dummy php webpage from a guest to my Openldap Server.
I have issue and it seems my php never sends client certificate to my server even then I specified the options ...
- 38
0
votes
1
answer
52
views
HTTP Error code for Mutual TLS Handshake Certificate Error
We're working on an integration that will allow and external 3rd party too call our APIs..
The third party controls the governance of the how our APIs should respond, and have stipulated that we must ...
- 30.5k
0
votes
0
answers
14
views
mTLS call using axios in node.js fails with '400 No required SSL certificate was sent'
I'm trying to perform an oAuth2 token request using axios in a node.js program, currently using the following code. The oAuth server is returning 400 Bad Request, No required SSL certificate was sent. ...
- 33
0
votes
1
answer
20
views
How to associate a Trust store to an ALB with AWS CLI
In the context of configuring mTLS above ALBs, I need to automate the configuration with AWS CLI.
I know how to check if a Trust store is associated with an ALB with the describe-trust-store-...
- 12k
0
votes
1
answer
28
views
Does mtls work when there are multiple service involved?
Supposed I have 2 services
Service A --> Service B
Service A (client) and Service B (server) is already setup to perform mlts where Service A attach the client certificate through a ...
- 29
1
vote
2
answers
81
views
mTLS on AWS ALBs across multiple regions
I'm configuring mutual TLS (mTLS) on multiple Application Load Balancers (ALBs) spread across different AWS regions, and I have a question about the truststore setup.
In AWS, the truststore is ...
- 12k
2
votes
1
answer
52
views
How Istio mTLS works with Prometheus
I am trying to make prometheus work with istio with mesh wide Strict mTLS enabled. From the istio documentation, istio certs has been shared with prometheus container and update scrapping job to use ...
0
votes
1
answer
72
views
What to do, given mTLS with HTTP Version 2 is not available in Azure App Service?
At the time of writing, the Azure documentation clearly shows a screenshot where client certificates are required on an App Service and the HTTP version is set to 2.0. However, this no longer appears ...
- 25.6k
0
votes
0
answers
21
views
Refresh MTLS Webclient instance's SSLContext during runtime for automatic certificate rotation
I am using sprint 6 with webClient implementation for making calls to downstreams. I need to connect to one of the downstream over MTLS. For that, I am creating a secured HttpClient by setting ...
- 3
0
votes
0
answers
46
views
Unknown ca after importing the client CA into the oracle wallet
I have an oracle database that has a server certificate signed by a root ca. I have a client that also has a client certificate that is signed by the same root CA.
I can configure a java application ...
- 178
0
votes
0
answers
144
views
How to securely run HashiCorp Vault with mTLS with certificates that are not in the vault?
I want to run HashiCorp Vault with mTLS. I use Docker compose for this:
version: "3"
services:
vault:
image: hashicorp/vault:latest
container_name: vault
restart: unless-...
- 1,505
0
votes
0
answers
31
views
Is there a way to implement mTLS in tomcat that will validate the leaf certificate and not just the signing authority?
We want to implement mtls in tomcat(acting as server) and it should validate the client leaf certificate
It's allowing the connection just by having the root and intermediary being added to the trust ...
-1
votes
1
answer
65
views
AWS Api Gateway with mTLS and WAF
If my API Gateway has mTLS enabled as well as WAF, when requests are routed to my API endpoint, which one is invoked first? mTLS or WAF?
- 2,079
0
votes
1
answer
59
views
Ktor and Netty control trustManager or sslContext
I'm trying to add a custom logic to accept tls connection to the server using Ktor server and Netty, I didn't find a way to modify trustManger or sslContext.
val environment = ...
- 11
0
votes
0
answers
191
views
Azure API Manager behind frontdoor with Mutual TLS (mTLS)
Public traffic of our application is currently routed through frontdoor Premium and then forwarded to API MANAGER where it is forwarded to the service running on kubernetes.
One issue I have is the ...
- 349
0
votes
1
answer
122
views
Keycloak truststore issue authenticating with mTLS
Description
Greetings,
I'm trying to authenticate to a client (myclient_mTLS) with mTLS (x509) authentication and I'm getting 401 unauthorized.
I'm deploying keycloak on AWS on an EC2 instanced served ...
- 19
0
votes
0
answers
91
views
MTLS with React Native
Has anyone of you implemented MTLS with React Native? I can't believe that there is no working solution out there. I'm using Cloudflare to protect my API.
- 959
1
vote
0
answers
87
views
How to validate a ceritifcate chain in mTLS using nginx ingress controller in kubernetes
I'm implementing mutual TLS through my nginx ingress controller in kubernetes,
and I was able to implement a basic one, using a self signed certificate (OpenSSL) acting as the root certificate,
and ...
0
votes
0
answers
56
views
Implementing mTLS for WebSocket Connection in Next.js with Apollo Client
I'm working on a Next.js app that connects to our GraphQL server using Apollo Client. Recently, I was asked to set up mTLS (mutual TLS) for this GraphQL connection.
I successfully created an internal ...
- 888
0
votes
0
answers
18
views
Can FluentD append the client certificate into the record
I'm trying to setup a FluentD service. It will append the metadata into the log record, such as timestamp, hostname, username, etc.
It is working with Mutual Authentication (self-signed) with HTTP ...
- 55
0
votes
0
answers
47
views
unable to find valid certification path to requested target [Spring boot 3 - kafka]
I am trying to make a mtls connection between spring boot kafka consumer and remote brocker of my company which is configured with mtls.
My entrypoint files are: chain_bundle.pem and my_name.p12.
I ...
- 1,003
0
votes
0
answers
94
views
How to Restrict mTLS Client Certificates to Specific Services Without Modifying Standard Software Verification Logic?
I’m setting up mTLS to secure communication between my application’s components, specifically Service A and Service B. I’ve issued server certificates for both Service A and Service B, and they trust ...
- 1
0
votes
1
answer
378
views
WSO2 API Manager 4.2 with AWS ALB : Problems with mTLS Authentication Setup
I am using the WSO2 API Manager 4.2 platform, which is fronted by an AWS Application Load Balancer (ALB). I need to implement Mutual TLS (mTLS) authentication for a specific API deployed on WSO2 ...
- 37
0
votes
1
answer
84
views
Why the stateOrProvinceName in CSR should match with CA?
To study mTLS, I followed the guide on the following website to create the necessary certificates:
https://medium.com/@nisanth.m.s/guide-setting-up-mtls-authentication-with-openssl-for-client-server-...
- 127
0
votes
1
answer
141
views
Docker registry and mTLS client certs
Try to use mTLS client certs with docker registry. I deployed standard registry from docker docs with port 5000. And external nginx with mTLS on port 443. Nginx check client cert and proxy traffic to ...
- 21
0
votes
0
answers
39
views
Node.js mTLS authentication using Windows Certificate Store
Normally for mTLS HTTP requests in Node.js, you do the following:
const fs = require('fs');
const https = require('https');
const req = https.request(
{
hostname: 'server.com',
port: 443,
...
- 30.8k
0
votes
1
answer
62
views
Configure Helidon with SSL in http4k
I am trying to configure Helidon Webserver with mutual SSL in http4k.
The following is my configuration
class HelidonSsl(val port: Int = 8305) : ServerConfig {
override val stopMode = ServerConfig....
- 33
2
votes
1
answer
347
views
mTLS with go: client certificate not sent to server
I'm trying to establish a mTLS connection with the server being the Caddy admin-API and the client being go.
Certificates are set up and working - verified with curl.
There are plenty of explanations ...
- 45
0
votes
1
answer
100
views
gRPC server running on EKS cluster accepts traffic when TLS is disabled, but refuses connection when using certificates created by awspca/cert-manager
I wrote this sample grpc server : https://github.com/chasehippen/grpc-server-test (some values removed for sensitivity) where I've tried to set up a tls server that will do client authentication using ...
- 655
0
votes
0
answers
26
views
java.net.SocketTimeoutException retrofit
We are using a Retrofit 2.6 client to call a partner server, but for some calls, we are getting a socket connection timeout exception. We also have a Step Functions activity poller implemented within ...
0
votes
0
answers
115
views
Understanding the Restrictions of I/O Threads with TLS/SSL in Redis 7.x
I am currently working with Redis and trying to configure it to use I/O threads along with TLS/SSL. According to the Redis documentation, I/O threading is not supported with TLS. However, in my ...
- 195
0
votes
1
answer
34
views
TLS and plain text traffic to the same sidecar
I am trying to transition my legacy applications to the service mesh. To do this, I would like to support both plaintext traffic and TLS traffic into the Pod so that application in the same ...
- 1
0
votes
0
answers
142
views
M-tls on Android 29+ using a self-signed certificate
2 weeks ago, I wanted to port my go functionality of an MTS-fetch using a self-singing X509Certificate to Android because we want to support android for a side project of mine.
func (a *App) MTLSFetch(...
- 1
1
vote
1
answer
418
views
400 The SSL certificate error from Azure Application Gateway with mTLS setup by Terraform
I try to setup mTLS with an Azure Application Gateway. Unfortunately I always get an error
<html>
<head><title>400 The SSL certificate error</title></head>
<body>
&...
- 93
0
votes
0
answers
145
views
mTLS authentication between two systems
This may be a basic question but looking to understand whats the best practice here.
Use case:
CompanyA and CompanyB wants to exchange information via REST API.
CompanyA (REST API provider) and ...
- 1,941
0
votes
0
answers
32
views
Access API Gateway Interface Endpoint from ALB
I have an API gateway deployed with a private endpoint configuration, the endpoint configuration consists of an interface endpoint with the service name "com.amazonaws.af-south-1.execute-api"...
0
votes
1
answer
36
views
Duplicate Resources error on generating singed apk with react native by using @viro-community/react-viro
I was facing duplicate resources error on generating singed apk with react native by using @viro-community/react-viro in Viro3DObject when using objects & mtl files from local directory inside ...
- 1,589
0
votes
0
answers
202
views
Cloudflare Tunnel with Kubernetes Istio and mTLS enforced
I am using Cloudflare Tunnel as a pod inside Kubernetes and that works great without Istio.
I have tried to apply Istio mesh by enforcing mTLS between the pods. I am also interested in enforcing ...
- 415
1
vote
0
answers
229
views
How to decrypt a CSR in golang with passphrase
I have a private key I've generated with openssl req that has passphrase. I'm trying to decrypt it so I can add it to a tls certificate, but can't seem to decrypt it. it fails at DecryptPEMBlock ...
- 49
0
votes
1
answer
266
views
CERTIFICATE_VERIFY_FAILED when require_client_auth=True is set in python grpc server
When setting up an grpc server with mTLS it's not possible for me to authenticate the client certificate.
My setup consists of a selfsigned root CA which signed the server certificate and a ...
- 251
0
votes
0
answers
118
views
Configuring mTLS in nginx for postman client
I want to configure mTLS for my nginx reverse proxy, this is my nginx reverse proxy's default.conf configuration,
server {
listen 443 ssl;
index index.html index.htm index....
- 99
0
votes
0
answers
168
views
Invoke-WebRequest fails at TLS Server Certificate Request with ECC Certificate
I have a following scenario:
We have created some self signed CA Certificates (RSA and ECCC variants) that are set up on the server for TLS Auth.
We have Created some client certificates for test ...
- 187
0
votes
1
answer
193
views
Establishing mutual TLS connection between Akamai CDN and origin servers
I'm looking to establish mutual TLS between Akamai CDN and origin servers. All the documentation from Akamai seems to focus on mutual TLS between the end user and the CDN. Is it possible to force ...
0
votes
2
answers
1k
views
mTLS not working with FastAPI and Uvicorn
I'm completely new to ssl, so sorry if this is a super obvious issue. My project requires mTLS authentication, and I have to admit, I'm really confused! (this is about hour 10 into this rabbit hole).
...
- 23
1
vote
1
answer
261
views
psql environment variable for sslkey password?
I'm connecting to a PostgreSQL 13.13 db using psql 13.14 on a mac. I'm using client cert auth. I've set the environment variables to include the correct values for PGSSLMODE, PGSSLROOTCERT, ...
- 365
-1
votes
1
answer
244
views
Mutual TLS support in mbed-TLS
I've been looking for examples of mutual TLS support using mbed-TLS but have not found anything. Does anyone know or have experience with this before? Especially in embedded systems?
Thanks
Looking ...
0
votes
0
answers
93
views
Why MTLS validation works on CURL, Axios with node.js but not on Axios with React on the browser?
I have created a block rule in the Cloudfare WAF using a client certificate in order to have identified requests. Now I need to have this certificate loaded in all requests that passes through my ...
1
vote
1
answer
103
views
Oracle ADB TLS connection error in Tomcat
It fails with different errors when I connect to an OCI ADB instance from a Tomcat-hosted [version 9.0.65] / [jdk8 - 202 build] application using the TLS mechanism. However, when I download the Wallet ...
- 35
0
votes
0
answers
193
views
Unknow CA in rabbitmq Operator (mTLS)
I have working rabbitMq cluster created with rabbitmq Operator. Clients is connecting with TLS. Now i try to configure cluster to use mTLS.
I generate CA certs with tool provided by rabbitmq here (...
- 96