• State Suggested Answer
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 1264 views
  • Users 0 members are here
Related Discussions
Home » Discussions » Plug-Ins

Need open source plugin to access the endpoint using mtls certificate authentication

Gayathiri Mallikeswaran
Certified Associate Developer

Is there any open source plugin to access the third party endpoint url with mtls certificate authentication. Please help us if it is available.

  Discussion posts and replies are publicly visible

Parents Reply Children
  • 0
    Certified Associate Developer
     in reply to Mathieu Drouin

    Yes it is working. But How do we consume the uploaded certificate in the connection object? If you have any idea, please let me know. Thanks

  • 0
    Certified Lead Developer
     in reply to Gayathiri Mallikeswaran

    You shouldn't need to 'consume' the certificate. It will automatically be used by Appian when making a call.

    How was the certificate generated? Since you mentioned 'mTLS', this isn't the same thing as 'mutual SSL' mentioned here - https://docs.appian.com/suite/help/23.1/connected_system_authentication.html#none

    I'm also generally interested in mTLS, as it's the one transport layer protocol that's preventing our Appian environment from being able to securely connect to a few internal systems / databases.Here are a couple of diagrams that made it clearer for me. Here's what I've found so far:

    There are a few key differences between mutual SSL (which Appian supports) and mTLS (which is unknown if we can get it to work):

    1. Mutual SSL certificates are issued by a public trusted CA, but mTLS is issued by the org
    2. mTLS has additional steps compared to typical the SSL handshake to verify

    It's unclear (so far) if Appian can indirectly support mTLS, but it may be worth trying:

    • Add the Root CA (including the full chain of trust) to the uploaded "Client Certificates" section. This effectively means that your .pem file has multiple certificate keys in it.
    • Add a certificate that contains the Root CA cert (by itself? unclear) to the 'Trusted Servers" section in the admin console
    • Turn on SSL logging (try this in your dev environment only!) and verify that the sequence of events expected by your mTLS-enabled server happens in the proper order.
  • 0
    Certified Associate Developer
     in reply to Jesse Knight

    Thanks Jesse and Mathieu. Your suggestions are helped me to implement mTLS in our project.

    I have followed the below mentioned steps for using mTLS for http calls .

    1. Uploaded mTLS certificate in admin console "Client Certificates" section 

    2. Created Connected Object  and Integration Object to call the api. 

    Note: No idea, How Appian is using appropriate mTLS When we upload more than one mTLS on admin console for different applications. 

© 2024 Appian. All rights reserved.