Need open source plugin to access the endpoint using mtls certificate authentication

Certified Associate Developer

Is there any open source plugin to access the third party endpoint url with mtls certificate authentication. Please help us if it is available.

  Discussion posts and replies are publicly visible

Parents Reply
  • You shouldn't need to 'consume' the certificate. It will automatically be used by Appian when making a call.

    How was the certificate generated? Since you mentioned 'mTLS', this isn't the same thing as 'mutual SSL' mentioned here - https://docs.appian.com/suite/help/23.1/connected_system_authentication.html#none

    I'm also generally interested in mTLS, as it's the one transport layer protocol that's preventing our Appian environment from being able to securely connect to a few internal systems / databases.Here are a couple of diagrams that made it clearer for me. Here's what I've found so far:

    There are a few key differences between mutual SSL (which Appian supports) and mTLS (which is unknown if we can get it to work):

    1. Mutual SSL certificates are issued by a public trusted CA, but mTLS is issued by the org
    2. mTLS has additional steps compared to typical the SSL handshake to verify

    It's unclear (so far) if Appian can indirectly support mTLS, but it may be worth trying:

    • Add the Root CA (including the full chain of trust) to the uploaded "Client Certificates" section. This effectively means that your .pem file has multiple certificate keys in it.
    • Add a certificate that contains the Root CA cert (by itself? unclear) to the 'Trusted Servers" section in the admin console
    • Turn on SSL logging (try this in your dev environment only!) and verify that the sequence of events expected by your mTLS-enabled server happens in the proper order.
Children
  • 0
    Certified Associate Developer
    in reply to Jesse Knight

    Thanks Jesse and Mathieu. Your suggestions are helped me to implement mTLS in our project.

    I have followed the below mentioned steps for using mTLS for http calls .

    1. Uploaded mTLS certificate in admin console "Client Certificates" section 

    2. Created Connected Object  and Integration Object to call the api. 

    Note: No idea, How Appian is using appropriate mTLS When we upload more than one mTLS on admin console for different applications.