301 questions
0
votes
0
answers
49
views
Connection reuse fails when HttpClient uses two-way authentication
`When HttpClient uses two-way authentication, connection multiplexing is invalid. Normal HTTP or HTTPS request connection multiplexing is effective. It only becomes invalid when using Mutual SSL. ...
0
votes
0
answers
259
views
Implementing mTLS on apache server with laravel on a subdomain
An institution we collaborate with has asked us to implement mutual TLS (mTLS) on a GET route they will be calling. On our server, we have added the following lines to the httpd.conf:
SSLVerifyClient ...
2
votes
0
answers
361
views
Mutual Authentication via certificate exchange failing in Java: SSLHandshakeException: Remote host terminated the handshake
I've built a Java client to a HTTP server protected with mutual authentication. This is not the first time I do this, but this is the first time I had this problem.
The application is a Spring Boot ...
0
votes
1
answer
193
views
Establishing mutual TLS connection between Akamai CDN and origin servers
I'm looking to establish mutual TLS between Akamai CDN and origin servers. All the documentation from Akamai seems to focus on mutual TLS between the end user and the CDN. Is it possible to force ...
0
votes
0
answers
162
views
Keycloak identity brokering setup with mutual auth x509 certificate
I'm working on an use case where I want to setup mutual AUTH based authentication for user present in my external KeyCloak.
For configuration purpose, I have added my external KeyCloak in my internal ...
1
vote
1
answer
329
views
Azure Web App Mutual SSL authentication with client certificate in Azure App Service
I'm trying to set up mutual SSL authentication in an Azure Web App using a custom client certificate. I've configured the Azure Web App by switching the "Client certificate mode" to "...
0
votes
2
answers
2k
views
mutualTLS with SpringBoot SslBundles and RestTemplate
I have a SpringBoot Application (client) that makes REST calls to an external service (server). The communication between client and server should be secured with mutual TLS. So in this setting we ...
2
votes
0
answers
835
views
Configure Squid for mutual TLS (mTLS)
I have a public api, call it api.example.com, which is configured for mTLS. I am able to confirm that mTLS is working by using curl https://api.example.com --cert /path/to/cert --key /path/to/key ...
2
votes
0
answers
185
views
Mutual Authentication in ActiveMQ Artemis cluster fails to get hostname from client IP address
I have set up an ActiveMQ Artemis cluster (version 2.27.1) to use mutual authentication. When the second node tries to connect to the first one, I get an error
WARN [org.apache.activemq.artemis.core....
0
votes
1
answer
274
views
Mutual Authentication Client "PKIX path building failed" and "unable to find valid certification path to requested target"
I am programming a client with mutual authentication. The Server has provided me with certificate (.cer), key and password. With these I can connect through Insomnia without problems. Through openSSL ...
0
votes
0
answers
420
views
Windows client not receiving server Change Cipher Spec message at end of mutual TLS handshake
Windows .NET client app connects successfully to Java server and initiates TLSv1.2 handshake. Packet capture at server shows:
C>S Client Hello
S>C Server Hello, Certificate, Server Key Exchange, ...
1
vote
1
answer
183
views
Issue with Mutual TLS Authentication Setup on Vespa Data Plane
I have set up mutual TLS authentication on my Vespa Data Plane by configuring a TLS certificate, following the steps outlined in the Vespa security guide:
https://cloud.vespa.ai/en/security/guide.
The ...
-1
votes
1
answer
684
views
How to manage HTTPS Mutual Authentication including Bearer Token with Spring boot WebClient?
The goal of my post is to directly share my answer regarding the following topic. I share also the links that helped me => I'm developping a backend based on Spring webflux. A frontEnd angular ...
0
votes
1
answer
263
views
Spring Webflux : mutual authentication fails on second request
I am in a context of TLS mutual authentication (server certificate and client certificate).
My client is a Spring Boot application with webflux (WebClient).
The WebClient instance is created once and ...
1
vote
0
answers
372
views
Can I enable Firefox to present the expired client certificate for establishing mutual TLS (mtls)?
Is there a way Firefox browser can present the expired client certificate for establishing the mutual TLS? At the moment, its not picking up the expired client certificate for presenting it to the ...
0
votes
2
answers
85
views
To Invoke Mutual SSL Enabled endpoint in WSO2 EI 6.4.0
I am trying Mutual SSL in WSo2 EI by following exact steps mentioned in this blog
WSO2 EI acts as client and Axis2server is backend
All Pre-requisites mentioned in this blog done and detailed steps ...
0
votes
1
answer
219
views
Mutual SSL in WSO2 EI 6.5.0 - FileNotFoundException - Could not load customSSLProfiles from file path
I am trying Mutual SSL in WSo2 EI by following exact steps mentioned in this blog
WSO2 EI acts as client and Axis2server is backend
Creation of keystore, Exporting certificate, Import the Axis2 ...
1
vote
3
answers
451
views
Mutual SSL enabled API call is not happening via postman in WSO2 API Manager 4.1.0 GA Release
I am trying Mutual SSL in WSO2 APIM 4.1.0 GA Release. I have created Self signed certificate by using Java Keytool.
OS : Windows 11
Below are the commands to generate certificate:
Creating new ...
0
votes
1
answer
467
views
To enable Mutual SSL Authentication (2 way SSL) in WSO2 EI 6.X.X(Docker)
There is a requirement in which client app will accept only certificate based authentication, I believe this can be achieved by enabling mutual SSL Auth in WSO2 EI.
This above scenario will applicable ...
0
votes
1
answer
911
views
"Certificate does not contain any CA certificate" error when I create a SSL profile on Azure Application Gateway
Let me explain more about the scenario.
I have a web application that is hosted on an Azure App Service Plan.
I created two certificates "Root" and "Child" with the blow command:
...
2
votes
1
answer
824
views
Golang - TLS mutual authentication - Dump client certificates
I have TLS server with mutual authentication. I want to dump client certificates if handshake error. I use ErrorLog in http.Server struct, but this logger doesn't get the information about client ...
3
votes
1
answer
948
views
Unexpected POST size limit for Azure App Service with TLS mutual authentication
I have an Azure App Service where I need to activate TLS mutual authentication, and I ran into a completely unexpected issue. We need this service in order to upload images from IoT devices; the ...
0
votes
2
answers
577
views
Can an Amazon ELB break mutual TLS authentication?
I have a service running behind an ELB on AWS Fargate as a docker container with nginx inside it on port 443 (https).
I have added client certificates to my nginx.conf:
ssl_verify_client on;
...
4
votes
0
answers
687
views
Golang - Mutual TLS with Identity from Keychain cannot use signer (type crypto.Signer) as type []byte in argument to tls.X509KeyPair
I am trying to find a way to keychain https client certificate based authentication from macOS system. When I export the certificate and the key I can already successfully connect to my server, but ...
1
vote
0
answers
224
views
How to "clear cookies" in Chrome/Firefox for mTLS?
How do you tell Chrome to stop using a specific mTLS certificate to login to a website?
Whenever I connect to a website supporting mTLS (Mutual TLS), I get a prompt from my browser to pick a ...
3
votes
1
answer
9k
views
Reloading a java.net.http.HttpClient's SSLContext
I've got a program that makes use of the java.net.http.HttpClient, which was introduced in Java 11, to connect and send requests to internal services. These services are mutually authenticated, both ...
2
votes
1
answer
8k
views
How can i solve [Received fatal alert: bad_certificate]?
I've created two servers locally, and I'm going to apply a mutual authentication to their communication.
I just don't know what the problem is. I lack understanding of this mechanism, but I also lack ...
1
vote
0
answers
81
views
Certificate management and use in rabbit mq auth backend
How can we automate certificate management and its distribution with rabbitmq?
Is there any opensourced solution for creating self managed CA and certificate management to enable mutual authentication ...
3
votes
1
answer
511
views
PKI not choosable on Android-Phone
I try to login using PKI. I use this tutorial: http://release-manager.com/rest/images/12702
On firefox this works well. On Android-Smartphone this does not work (I tried several phones Android 6-11)....
0
votes
1
answer
249
views
SSLError(SSLCertVerificationError) when presenting client side cert and key
I have a website that is hosted behind company's network. You could only connect to it using the client.crt and client.key. This client.crt is signed by a self signed ca.crt which is referenced in the ...
3
votes
0
answers
548
views
How to add a self-signed client certificate to haproxy for mutual-tls?
As I've confirmed in this SO security answer I know we can have a self signed client certificate.
I tried adding the client cert into ca.pem as in
bind 0.0.0.0:443 ssl crt /etc/ssl/private/asdf.hdavid....
1
vote
0
answers
1k
views
Possibility to bypass the Certificate Verify in mutual authentication (mTLS)
In the TLS handshake process, the Certificate Verify message will follow the Client Key Exchange message after the server requested a client certificate. The Certificate Verify contains a digital ...
1
vote
1
answer
3k
views
Mutual TLS works with Postman or SoapUI but doesnt work with Java / Springboot
I try to call an endpoint via HTTP Post method which is secured via Mutual TLS which means that I am using a keystore / truststore in order to authenticate. When I try via SoapUI / Postman it works ...
1
vote
1
answer
889
views
Should we compare thumbprints in Mutual TLS?
When implementing Mutual TLS using https://learn.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-5.0 I see they are comparing the thumbprint of the client certificate ...
0
votes
0
answers
144
views
AES256 password exchange for Mutual authentication - different encrypt result between client - server
i'm trying to fix a critical bug emerged during a penetration test on our application.
Environment: an old Gupta/SQL Windows desktop application that need the support from a java webapp (hosted on IBM ...
0
votes
0
answers
310
views
How to ignore server certificate when implementing mutual authentication with OkHttp?
I'm trying to implement mutual authentication in my Java program. Basically, my program has to make an HTTP request to another server. I need to attach a client certificate to that request and ignore ...
1
vote
1
answer
177
views
Does mutual SSL of WSO2 APIM support custom CA certificates for client certificates?
I read the documentation of Securing APIs with Mutual SSL" for WSO2 API Manager 4.0.0. According to the document, you can register the client certficate that is authorized to access the API. ...
1
vote
1
answer
1k
views
Call api with curl and TLS 1.2 Two Way with public certificates of entities
I am currently calling a service which requires mutual authentication with curl and ubuntu, currently
I have the following certificates certRoot.cer, certSub.cer, domain.com.cer and pubkey.pem, to add ...
1
vote
1
answer
1k
views
This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. c#
Maybe this question already has but I think there is a different situation.
I configure all required things from the web config file and install certificates.
I consume java web service in ASP.NET WEB ...
1
vote
1
answer
1k
views
OkHttp client certificate without intermediaries
I'm trying to use okhttp to authenticate to a server.
With curl it would be done this way:
curl \
--cert certificate.cer \
--key private-key.pkcs8 \
"https://some-url"
Unfortunately, okhttp-...
1
vote
2
answers
450
views
Apache Rampart WS-Security: one client, several service instances
I'm adding X.509 Mutual Certificate authentication into the project. The specific case here is that one client (let's say manager) can access several service instances (servers). Each server has its ...
0
votes
1
answer
194
views
AWS API Gateway Mutual TLS certificate selection notification not shown in browser
How can I get an URL exposed through AWS API Gateway to trigger the notification popup for certificate selection in the browser?
I have an API Gateway that (I hope) has been correctly configure to use ...
5
votes
1
answer
2k
views
Using root certificate for AWS api gateway
I am trying to use a valid root CA for mutual SSL in AWS api gateway. However, AWS give me this error message: API Gateway couldn’t build a unique path from the given certificate to a root certificate....
4
votes
1
answer
1k
views
Does MockRestServiceServer support mutual TLS and if so, how to configure it?
We use org.springframework.test.web.client.MockRestServiceServer in our IT tests to verify our RestTemplate handling. Now, I need to include also some tests for mutual authentication and I'm not sure ...
3
votes
1
answer
2k
views
Https request with mutual authentication passes with curl but fails with java
Someone on github asked me a question regarding my library. This library provides some factory classes to easily create a sslcontext. I make sure not the share the details of the library and just ...
1
vote
2
answers
7k
views
HAProxy: unable to forward client-certificate in a header without validation
I have a mutual-TLS setup with HAProxy terminating incoming SSL connections. I need to perform client certificates validation on the backend, not on haproxy side since we have a dynamic truststore and ...
1
vote
1
answer
933
views
Mutual Authentication with Reactive Netty on restricted urls
I am using spring cloud gateway to front a legacy application so that we can start migrating things behind the scenes. Some of the urls that are hosted by the application are public facing and some ...
2
votes
0
answers
2k
views
is client need its private key in mutual authentication
when send request to a server, if mutual authentication is needed, the server always give me a .p12 or .pfx file, which contain a client certificate, a client private key.
In my understanding, the ...
6
votes
1
answer
9k
views
The size of the handshake message (X) exceeds the maximum allowed size (32768):spring boot resttemplate
I am getting the above error when making post request, using spring resttemplate with mutual authentication.
@Bean
public RestTemplate restTemplate() throws UnrecoverableKeyException,
...
1
vote
1
answer
361
views
Vertx Server Set Mutual Auth Requirement Per Route
I have a Vertx (3.9.x) based HTTP server in which I need to cater to two sets of request paths. First path always expects client certificates (ClientAuth.REQUIRED) and another for which client ...