- This topic has 2 replies, 3 voices, and was last updated 1 year, 6 months ago by
.
-
Topic
-
I have a client that wants to use web services and be mTLS 1.2. I think that means putting in a certificate, truststore and keystore in the websevice settings. But exactly how to go about this is a mystery and how do I know I’m mTLS 1.2? I know I can change the “Secure Socket Protocol” to TLSv1.2 but what do I have to do to make that work correctly? Documentation/Training for this is pretty scant, especially when more vendors are requiring this. Anyone know how to do this? I see a lot of threads asking about it, but little feedback on how to do it.
-
Replies
-
-
The webservices info that Cloverleaf provides says to use a GUI program called Portecle to manage your trust/key stores. You can generate certs/cert requests, create key/trust stores, export/import keys, etc. You can also do this solely via the command line, but it’s def not as easy.
After you setup your stores/certs, then you point the webservices thread configuration to the appropriate trust/key store locations on the server as needed. Provide the type of store and password also.
This may not be all that’s needed, but it’s where I’d start to look.
You can download Portecle if it’s not already installed. On a linux box you can use MobaXterm to execute (command line) Portecle so it can bring up the GUI.
java -jar <path to portecle.jar>
I think if the above is correct the mTLS should work since it has to do with exchanging the proper certs of both parties.
-
-
- You must be logged in to reply to this topic.
