Functionize and mTLS Integration Overview
Mutual TLS (mTLS) is a mutual authentication mechanism that ensures both parties in a network connection are who they claim to be by validating that both have the correct private key. This additional verification is provided by the information contained within their respective TLS certificates.
How Does mTLS Assist with Functionize?
Functionize enhances the security of your backend applications by supporting mutual TLS (mTLS) through a robust proxy service. This feature ensures that both the client and server authenticate each other's certificates, resulting in bidirectional verification. By enforcing mTLS, our proxy acts as a secure gateway, allowing only validated clients with the correct certificates to interact with your backend services.
When using our testing software, users can easily enable mTLS authentication by providing their certificate chain and private key. This ensures secure authentication between the client and server for your backend services.
Configuring mTLS in the "Test Settings"
When setting up mutual TLS (mTLS) authentication for your tests, it's crucial to provide a complete certificate chain if your architecture uses intermediate and root certificates. In the "Test Settings" under the "Auth" tab, you should place your entire certificate chain in the designated certificate field. This means concatenating your server's certificate, intermediate certificate(s), and root certificate into a single, ordered chain.
Steps to Configure mTLS in Test Settings
-
Go to a Test Case's Test Settings:
-
From the Test Listing Page:
- Navigate to the test listing page and select the test case.
- Navigate to the test listing page and select the test case.
-
From the Test Detail Page:
- Open the test detail page for the selected test case.
- Open the test detail page for the selected test case.
-
From the Test Listing Page:
-
Switch to the Auth Tab:
- Navigate to the "Auth" tab within the test settings.
- Navigate to the "Auth" tab within the test settings.
-
Insert the Private Key:
- Enter the private key into the MTLS client key box.
Note: The client key is included in a PEM encoded file, typically beginning with "-----BEGIN PRIVATE KEY-----" and ending with "-----END PRIVATE KEY-----".
- Enter the private key into the MTLS client key box.
-
Enter the Key Certificate:
- Enter the key certificate in PEM format in the MTLS client certificate box.
Note: Start with the server certificate, followed by the intermediate certificates, and end with the root certificate. This ordered chain allows the mTLS system to validate the server certificate's trustworthiness.
The most used format for X.509 certificates, CSRs, and cryptographic keys is PEM ("Privacy Enhanced Mail"). A PEM file is a text file that contains one or more items encoded in Based64 ASCII, each with plain text headers and footers "e.g. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----"
- Enter the key certificate in PEM format in the MTLS client certificate box.
-
Save the Configuration:
- After evaluating and modifying the private key and certificate, press the "Save" button.
- After evaluating and modifying the private key and certificate, press the "Save" button.
Configuring mTLS in the "Project Settings"
When setting up mutual TLS (mTLS) authentication at the project level, it's essential to provide a complete certificate chain. This ensures that any tests built under this project use these mTLS authentication details.
Steps to Configure mTLS in Project Settings
-
Go to a Test Case's Test Settings:
-
From the Test Listing Page:
- Navigate to the test listing page and select the test case.
- Navigate to the test listing page and select the test case.
-
From the Test Detail Page:
- Open the test detail page for the selected test case.
- Open the test detail page for the selected test case.
-
From the Test Listing Page:
-
Switch to the Auth Tab:
- Navigate to the "Auth" tab within the project settings.
- Navigate to the "Auth" tab within the project settings.
-
Insert the Private Key:
- Enter the private key into the MTLS client key box.
Note: The client key is included in a PEM encoded file, typically beginning with "-----BEGIN PRIVATE KEY-----" and ending with "-----END PRIVATE KEY-----".
- Enter the private key into the MTLS client key box.
-
Enter the Key Certificate:
- Enter the key certificate in PEM format in the MTLS client certificate box.
Note: Start with the server certificate, followed by the intermediate certificates, and end with the root certificate. This ordered chain allows the mTLS system to validate the server certificate's trustworthiness.
The most used format for X.509 certificates, CSRs, and cryptographic keys is PEM ("Privacy Enhanced Mail"). A PEM file is a text file that contains one or more items encoded in Based64 ASCII, each with plain text headers and footers "e.g. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----"
- Enter the key certificate in PEM format in the MTLS client certificate box.
-
Save the Configuration:
- After reviewing and editing the private key and certificate, click the "Confirm" button.
- After reviewing and editing the private key and certificate, click the "Confirm" button.