mTLS Client Certificates for Authentication

What is mutual TLS (mTLS)?

Mutual TLS "mTLS", is a mutual authentication mechanism. By validating that both parties have the right private key, mTLS assures that the persons at either end of a network connection are who they claim to be. Additional verification is provided by the information included inside their separate TLS certificates.

How does mTLS assist with Functionize?

“Functionize” improves the security of your backend apps by supporting mutual TLS (mTLS) via our robust proxy service. This feature guarantees that the client and server both authenticate each other's certificates, resulting in a bidirectional verification process. Our proxy operates as a fortified gateway by enforcing mTLS, enabling only validated clients with the right certificates to interact with your backend services.

When using our testing software, users must undertake a simple method to enable transparent mutual TLS (mTLS) authentication. Here, you will be prompted to enter your certificate chain and private key. By providing these credentials, you configure the testing environment to use mTLS, ensuring that both the client and server participating in your backend services authenticate each other securely.

How to configure mTLS in the "Test Setting"

When setting up mutual TLS (mTLS) authentication for your tests within our testing product, it's essential to provide a complete certificate chain if your architecture uses intermediate and root certificates. In the "Test Settings" under the "Auth" tab of our user interface, you should place your entire certificate chain in the designated certificate field. This means you must concatenate your server's certificate, the intermediate certificate(s), and the root certificate into a single, ordered chain.

The same approach can be used to add mTLS Test Settings from the Test Listing and Test Detail pages.

  1. Go to a test case's Test Setting.

From the Test Listing Page -

 

From the Test Detail Page -

 

  1. Switch to the Auth tab

 

  1. Insert the Private Key into the MTLS client key box
    Note - Clients can provide their public key and certificate to the server, which validates that the request originates from a recognized client and that the private key corresponds to the public key that the client shared. The client key is included in a PEM encoded file as 'e.g. The private key begins with "-----BEGIN PRIVATE KEY -----" and ends with "-----END PRIVATE KEY-----".



  1. Enter the Key Certificate in PEM format in the MTLS client certificate box.
    Note - Start with the server certificate, then the intermediate certificates in the sequence necessary to construct a trust chain up to the root certificate. The root certificate should come last in the chain. This ordered chain enables the mTLS system to validate the server certificate's trustworthiness against the intermediate and root certificates, delivering a safe and authenticated communication route for your testing operations.

The most used format for X.509 certificates, CSRs, and cryptographic keys is PEM ("Privacy Enhanced Mail"). A PEM file is a text file that contains one or more items encoded in Based64 ASCII, each with plain text headers and footers "e.g. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----" 

 

 

  1.  After you've completed evaluating and modifying the Private key and certificate, press the Save button.

 

How to configure mTLS in the "Project Setting"

When setting up mutual TLS (mTLS) authentication for your tests within our testing product, it's essential to provide a complete certificate chain if your architecture uses intermediate and root certificates. In the "Project Settings" under the "Auth" tab of our user interface, you should place your entire certificate chain in the designated certificate field. This means you must concatenate your server's certificate, the intermediate certificate(s), and the root certificate into a single, ordered chain.  When set at the Project-level, then any tests built under this Project are created with these mTLS authentication details.

The same approach can be used to add MTLS Test Settings from the Test Listing and Test Detail pages.

  1. Go to a test case's Test Setting

 

From the Test listing page -

 

From the Test Detail Page -

 

  1. Switch to the Auth tab

 

  1. Insert the Private Key into the MTLS client key box
    Note - Clients can provide their public key and certificate to the server, which validates that the request originates from a recognized client and that the private key corresponds to the public key that the client shared. The client key is included in a PEM encoded file as 'e.g. The private key begins with "-----BEGIN PRIVATE KEY -----" and ends with "-----END PRIVATE KEY-----".

 



  1. Enter the Key Certificate in PEM format in the MTLS client certificate box.
    Note - Start with the server certificate, then the intermediate certificates in the sequence necessary to construct a trust chain up to the root certificate. The root certificate should come last in the chain. This ordered chain enables the mTLS system to validate the server certificate's trustworthiness against the intermediate and root certificates, delivering a safe and authenticated communication route for your testing operations.

The most used format for X.509 certificates, CSRs, and cryptographic keys is PEM ("Privacy Enhanced Mail"). A PEM file is a text file that contains one or more items encoded in Based64 ASCII, each with plain text headers and footers "e.g. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----"    

                    

  1.  After you've reviewed and edited the Private key and certificate, click the Confirm button.