Search

Configuring mTLS for Tests

Mutual TLS (mTLS) is a two-way authentication mechanism that verifies both client and server identities by validating their TLS certificates. Unlike standard TLS, which only authenticates the server, mTLS provides bidirectional verification. This ensures that both parties possess the correct private keys and certificate chains, making it a critical security measure for sensitive backend applications.

Functionize supports mTLS through a secure proxy service. By enabling mTLS, Functionize ensures that only validated clients with the proper certificates can interact with your backend services during test execution.

How Functionize Uses mTLS

  • Proxy Gateway: Functionize routes requests through a proxy that enforces mTLS authentication.
  • Bidirectional Verification: Both client and server certificates are validated before allowing communication.
  • User Control: Testers can provide their own certificate chain and private key to enable secure authentication.

Accessing mTLS Settings

You can configure mTLS at two levels:

  1. Test Settings → Applies to a single test.
  2. Project Settings → Applies to all tests within the project.

mTLS options are found under the Auth tab in both Test and Project settings. For the test-level, mTLS Configuration can also be added as an Action.

Configuring mTLS in Test Settings

Follow these steps to enable mTLS authentication for a single test case:

  1. Navigate to Test Settings
    • From the Test Listing Page: Select your test case.
    • From the Test Detail Page: Open the test case and click into its settings.
  2. Open the Auth Tab
    • Switch to the Auth tab within the test settings.
  3. Insert Private Key
    • Paste your private key into the mTLS client key box.
    • Must be PEM-encoded (e.g., begins with -----BEGIN PRIVATE KEY----- and ends with -----END PRIVATE KEY-----).
  4. Enter Certificate Chain
    • Paste your certificate chain into the mTLS client certificate box.
    • Order matters:
      1. Server certificate
      2. Intermediate certificate(s)
      3. Root certificate
    • Certificates must be in PEM format (Base64-encoded ASCII with headers/footers like -----BEGIN CERTIFICATE-----).
  5. Save Configuration
    • Click Save to apply the changes.

Configuring mTLS in Project Settings

If you want all tests under a project to use mTLS authentication:

  1. Open Project Settings
    • From the Project Listing Page, select your project.
    • From the Project Detail Page, open the project configuration using the ellipsis menu.
  2. Open the Auth Tab
    • Navigate to the Auth tab within the project settings.
  3. Insert Private Key
    • Paste your PEM-encoded private key in the mTLS client key field.
  4. Enter Certificate Chain
    • Provide the full certificate chain in PEM format (server → intermediate(s) → root).
  5. Save Configuration
    • Click Confirm to apply to all tests in the project.

Notes & Best Practices

  • Always provide the full certificate chain (server → intermediate(s) → root).
  • Ensure private keys and certificates are PEM-encoded for compatibility.
  • Changes to certificates or keys require you to re-save and re-run tests to take effect.
  • For multi-page test flows, certificate-based validation persists across steps once configured.
  • Always use valid, non-expired certificates issued by a trusted Certificate Authority

Summary

By enabling mTLS in Functionize, you ensure that test executions communicate only with verified servers and clients. This added security layer protects sensitive backend applications, enforces trust, and aligns Functionize tests with enterprise-grade authentication standards.