Why should we use mutual authentication (MTLS)? Setting up and maintaining mutual authentication that is, the provision of new, and the rotating of outdated, certificates, is known to be complex and is therefore seldom used.ģ.This provides a higher level of security compared to normal TLS/HTTPS usage, where only the identity of the server is proven.When using mutual authentication, not only does the service side prove its identity by exposing a certificate, but also the clients prove their identity to the servers by exposing a client-side certificate.We can use mutual TLS where both clients request certificates from the server to ensure the server is who it says it is, and the server requests certificates from the client to prove who it is as well.By default TLS only validates the authenticity of the server and not of the client (application) which is sending the request.The second and equally important protection is that TLS authenticates the server to the client (and optionally the client to the server as well) with the use of signed certificates.The first protection, and the one most commonly associated with TLS, is that TLS encrypts your traffic to protect it from eavesdropping.
TLS provides you with two primary protections.
TLS protects traffic at the transport layer so you can wrap a number of higher-level plain-text protocols in TLS to secure them.It is an update to the Secure Sockets Layer ( SSL) protocol that preceded it, and often people still refer to both collectively as “SSL” or use the terms “SSL” and “TLS” interchangeably.Transport Layer Security ( TLS) is a protocol you can use to protect network communications from eavesdropping and other types of attacks.I hope you are already familiar with SSL and TLS.We will use openssl to create the required certificates and verify the mutual TLS authentication. In this article we will explore Mutual Transport Layer Security (MTLS) and we will use a client and server setup to quickly validate mTLS authentication.