Mutual Authentication¶
Mutual authentication uses TLS certificates to authenticate both the server and the client. Mutual authentication is often used in conjunction with other forms of authentication such as an OAuth 2.0 flow.
Configuration¶
Parameters¶
| Parameter | Value | Description |
|---|---|---|
| ClientCertificate | X.509 client certificate. The value must be a base64-encoded, PKCS#12 archive (.pfx). The certificate must contain the private key. | |
| ClientCertificatePassword | Client certificate password. | |
| IgnoreTlsErrors | Indicates that Vinyl should ignore HTTPS certificate validation errors. This option should only be enabled during development. |
Certificate Preparation¶
The process for generating a certificate request and signing the certificate is outside the scope of this document. However, as noted above, the client certificate must be provided as a base64-encoded, PKCS#12 archive. The following command demonstrates how to convert a certificate and private key in PEM format to PKCS#12 using using the OpenSSL command line utility.
openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.pfx
The following command base64 encodes the PKCS#12:
openssl base64 -in cert.pfx -out cert.txt -A