AnsweredAssumed Answered

Client Authentication Via Mutual TLS: Can Client's Existing Certificate Be Used?

Question asked by steve.wallace2 on Apr 25, 2017
Latest reply on Dec 11, 2017 by chvillamizar



I've seen plenty of examples of mutual TLS via a gateway generated client certificate, and I think I understand the setup well enough. For a B2B integration, is it possible to use the client's existing certificate without any change to the client side?

Is so, what are the setup steps specific to setting up client's existing certificate on the gateway, so that the gateway presents it as a certificate option during the "Require SSL or TLS Transport with Client Certificate Authentication" exchange? I just need to get to a point where it shows in context variable "request.ssl.clientCertificate". I believe I understand how to validate it against an internal identity provider once I get the context variable populated.