WebApp Mutual TLS for connecting to thrid party REST service

[Brian Wolfe <wo...@gmail.com>]

Is there a way to use JSSE in tomcat to manage TLS mutual auth for when a
process in tomcat is acting as a client during a REST call to use a client
certificate from a keystore to authenticate to the third party? Or is this
something that has to be handled at the application level?

I know in Java you can specify these system settings on the commandline.
-Djavax.net.ssl.keyStore=/path/to/clientkeystore.p12 \
-Djavax.net.ssl.keyStorePassword=password

I was wondering if anyone else has experience with this use case.

I want to be clear I am not referring to configuring tomcat to enforce
mutual Authn TLS on the connectors.

-- 
Thanks,
Brian Wolfe
https://www.linkedin.com/in/brian-wolfe-3136425a/

Re: WebApp Mutual TLS for connecting to thrid party REST service

[Mark Thomas <ma...@apache.org>]

On 06/11/2023 17:03, Brian Wolfe wrote:
> Is there a way to use JSSE in tomcat to manage TLS mutual auth for when a
> process in tomcat is acting as a client during a REST call to use a client
> certificate from a keystore to authenticate to the third party? Or is this
> something that has to be handled at the application level?
> 
> I know in Java you can specify these system settings on the commandline.
> -Djavax.net.ssl.keyStore=/path/to/clientkeystore.p12 \
> -Djavax.net.ssl.keyStorePassword=password
> 
> I was wondering if anyone else has experience with this use case.
> 
> I want to be clear I am not referring to configuring tomcat to enforce
> mutual Authn TLS on the connectors.

No. Tomcat has no involvement in outgoing TLS connections. They are 
entirely an application concern.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org