What is mutual TLS (mTLS)?
Mutual TLS (mTLS) is a mutual authentication mechanism. By validating that both parties have the correct private key, mTLS ensures that the individuals at either end of a network connection are who they claim to be. Additional verification is provided by the information included in their respective TLS certificates.
How does mTLS assist with Functionize?
Functionize improves the security of your backend apps by supporting Mutual TLS (mTLS) via our robust proxy service. This feature guarantees that the client and server both authenticate each other's certificates, resulting in a bidirectional verification process. Our proxy operates as a fortified gateway by enforcing mTLS, enabling only validated clients with the correct certificates to interact with your backend services.
When using our testing software, users must follow a simple method to enable transparent Mutual TLS (mTLS) authentication. Here, you will be prompted to enter your certificate chain and private key. By providing these credentials, you configure the testing environment to use mTLS, ensuring that both the client and server participating in your backend services authenticate each other securely.
How to configure mTLS in the "Test Setting"
When setting up Mutual TLS (mTLS) authentication for your tests within our testing product, it's essential to provide a complete certificate chain if your architecture uses intermediate and root certificates. In the Test Settings under the Auth TAB of our user interface, you should place your entire certificate chain in the designated certificate field. This means you must concatenate your server's certificate, the intermediate certificate(s), and the root certificate into a single, ordered chain.
The same approach can be used to add mTLS Test Settings from the Test Listing and Test Detail pages.
-
Go to a test case's Test Setting
-Test Listing Page-
-Test Detail Page-
-
Switch to the Auth TAB
-
Insert the Private Key into the MTLS client key field
Note: Clients can provide their public key and certificate to the server, which validates that the request originates from a recognized client and that the private key corresponds to the public key that the client shared. The client key is included in a PEM encoded file, for example: the private key begins with-----BEGIN PRIVATE KEY -----
and ends with-----END PRIVATE KEY-----
.
-
Enter the Key Certificate in PEM format in the MTLS client certificate(pem format) field
Note: Start with the server certificate, then the intermediate certificates in the sequence necessary to construct a trust chain up to the root certificate. The root certificate should come last in the chain. This ordered chain enables the Mutual TLS (mTLS) system to validate the server certificate's trustworthiness against the intermediate and root certificates, delivering a safe and authenticated communication route for your testing operations. The most used format for X.509 certificates, Certificate Signing Requests (CSRs), and cryptographic keys is PEM (Privacy Enhanced Mail). A PEM file is a text file that contains one or more items encoded in Base64 ASCII, each with plain text headers and footers, for example-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
.
-
After you've completed entering the Private key and certificate, press the Save button
How to configure mTLS in the Project Setting
When setting up Mutual TLS (mTLS) authentication for your tests within our testing product, it's essential to provide a complete certificate chain if your architecture uses intermediate and root certificates. In the Project Settings, under the Auth TAB of our user interface, you should place your entire certificate chain in the designated certificate field. This means you must concatenate your server's certificate, the intermediate certificate(s), and the root certificate into a single, ordered chain. When set at the Project level, any tests built under this Project are created with these mTLS authentication details.
The same approach can be used to add mTLS Test Settings from the Test Listing and Test Detail pages.
-
Go to a test case's Test Setting
-Test Listing Page-
-Test Details Page-
- Switch to the Auth tab
-
Insert the Private Key into the MTLS client key field
Note: Clients can provide their public key and certificate to the server, which validates that the request originates from a recognized client and that the private key corresponds to the public key that the client shared. The client key is included in a PEM encoded file, for example: the private key begins with-----BEGIN PRIVATE KEY -----
and ends with-----END PRIVATE KEY-----
.
-
Enter the Key Certificate in PEM format in the MTLS client certificate(pem format) field
Note: Start with the server certificate, then the intermediate certificates in the sequence necessary to construct a trust chain up to the root certificate. The root certificate should come last in the chain. This ordered chain enables the Mutual TLS (mTLS) system to validate the server certificate's trustworthiness against the intermediate and root certificates, delivering a safe and authenticated communication route for your testing operations. The most used format for X.509 certificates, Certificate Signing Requests (CSRs), and cryptographic keys is PEM (Privacy Enhanced Mail). A PEM file is a text file that contains one or more items encoded in Base64 ASCII, each with plain text headers and footers, for example-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
.
-
After you've entered the Private key and certificate, click the Confirm button