WaveMaker Docs

WaveMaker Docs

  • Get started
  • Widgets
  • Mobile
  • How-to
  • Enterprise
  • Releases
  • Blog
  • Sign-in

›All Blog Posts

All Blog Posts

  • Mutual TLS Support in REST APIs
  • Monitoring performance and health of deployed WaveMaker app
  • Mitigating Spring Zero-day Vulnerability CVE-2022-22965
  • WaveMaker application pom.xml
  • Upgrading saml to saml2-service-provider
  • Archiving WaveMaker 9 Projects
  • URL Change in WaveMaker Android WebView
  • Announcement about Angular 11 Update
  • Mitigating Log4J 2 Vulnerability CVE 2021 44228
  • Ending Support of WaveMaker 9 Projects
  • Git Branching Strategy
  • Important Announcement about Angular 10 Update
  • Accessibility Support in WaveMaker
  • Generating .aab files using wm-cordova-cli or AppChef
  • WaveMaker Studio enables faster database imports
  • Integrate SAP HANA Database with WaveMaker
  • Redshift Database Integration
  • Important Announcement about Changes to Documentation Domain
  • WaveMaker Releases 10.7 Version
  • Theme Builder with some coding (Build + Edit)
  • Understanding Scaling of WaveMaker Applications
  • Automatically Import your Website Branding Styles into a Theme
  • Certificate Pinning Case Study
  • Cordova 10.0.0 Upgrade
  • WaveMaker Releases 10.6 Version
  • Retain UI State in WaveMaker Apps
  • Theme builder is ready with a new update
  • PostgREST OpenAPI support in WaveMaker
  • Fully automated and scalable test execution using k8s
  • New file picker for mobile apps - Improvements in UI to select files in mobile
  • WaveMaker releases 10.5 version
  • Deliver faster applications with WaveMaker!
  • GraphQL in a Micro Services Architecture
  • Build Themes for WaveMaker Apps Without Any Coding
  • COVID-19 Visualization using WaveMaker - Part 2
  • COVID-19 Visualization using WaveMaker - Part 1
  • WaveMaker Integrates with DigitalOcean Kubernetes for App Deployments
  • Deployment Experience made better!
  • OpenAPI support in WaveMaker
  • WaveMaker platform is updated to use WKWebView.
  • Deliver WaveMaker Apps as Micro Frontend Modules
  • All-new WaveMaker docs with a powerful Search
  • Welcome to the WaveMaker Developers Blog

Mutual TLS Support in REST APIs

August 23, 2022

Praveen Chandra


TLS (Transport Layer Security) is an encryption protocol that encrypts all the information communicated between the client and the server. Mutual TLS is an additional configuration in which the server and client authenticate each other, and only then is the connection established. This blog explains in detail what MTLS (Mutual Transport Layer Security) is and why it is used.

note

WaveMaker supports MTLS from WaveMaker 11 GA onwards. For more information, see how to Configure MTLS in WaveMaker application.

Mutual TLS

Mutual TLS is a configuration in which the client authenticates the server first, and then the server authenticates the client as well. The SSL connection gets established if both client and server are authenticated successfully.

Mutual-TLS

  1. Client connects to the server to initiate an SSL connection.

  2. Server presents its certificate to the client.

  3. The client authenticates the server's certificate from its truststore and can verify the hostname (Optional).

  4. Client presents its certificate to the server.

  5. Server authenticates the client certificate.

  6. Symmetric session keys are created, and an SSL connection gets established.

  7. The client and server exchange information in a secure connection.

Server Authentication

The server presents its certificate to the client, and the client authenticates it. The client authenticates the server's certificate using its truststore. TrustStore is used to store certificates from Certified Authorities (CA) that authenticate the certificate presented by the server in an SSL connection. If the server is using a self-signed certificate, then a custom truststore needs to be generated with the server's certificate, and you must configure it in the client.

The client can then use this custom truststore to authenticate the server's certificate and proceed to further steps in initiating the SSL connection.

Client Authentication

The client presents its certificate to the server, and the server authenticates it. The server authenticates the client using the Keystore configured using the client key and certificate. When the server authenticates the client, then it proceeds to the further steps in initiating the SSL connection. When the client authentication is enabled along with the server authentication, it indicates that the SSL connection is configured with mutual TLS.

Why is Mutual TLS used?

Typically, TLS protocol only proves the server's identity to the client, but the server cannot authenticate the client. MTLS provides an additional layer of security in which the server should authenticate the client and prevent unauthorized access.

Configure Mutual TLS in a Webserver

MTLS is part of the TLS standard, and any web server that uses TLS to secure its connection should be capable of mutual authentication. In order to implement mutual authentication, the server needs to ask the client for its certificate specifically. Web servers are not configured to do this by default. For more information, see tomcat documentation to configure MTLS.

WaveMaker MTLS Support in REST APIs

WaveMaker now supports mutual TLS in REST APIs or imported APIs using Swagger by configuring a few properties in the application. See Configure MTLS in WaveMaker application for more details.

Tweet
Recent Posts
  • Mutual TLS
    • Server Authentication
    • Client Authentication
  • Why is Mutual TLS used?
  • Configure Mutual TLS in a Webserver
  • WaveMaker MTLS Support in REST APIs
WaveMaker
  • PRICING
  • PARTNERS
  • CUSTOMERS
  • ABOUT US
  • CONTACT US
Terms of Use | Copyright © 2013-2023 WaveMaker, Inc. All rights reserved.