Skip to Content

Mutual authentication

Mutual authentication uses TLS certificates to authenticate both the server and the client. Mutual authentication is often used in conjunction with other forms of authentication such as an OAuth 2.0 flow.



Parameter Value Description
ClientCertificate X.509 client certificate. The value must be a base64-encoded, PKCS#12 archive (.pfx). The certificate must contain the private key.
ClientCertificatePassword Client certificate password.
IgnoreTlsErrors Indicates that Vinyl should ignore HTTPS certificate validation errors. This option should only be enabled during development.

Certificate preparation

The process for generating a certificate request and signing the certificate is outside the scope of this document. However, as noted above, the client certificate must be provided as a base64-encoded, PKCS#12 archive. The following command demonstrates how to convert a certificate and private key in PEM format to PKCS#12 using using the OpenSSL command line utility.

openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.pfx

The following command base64 encodes the PKCS#12:

openssl base64 -in cert.pfx -out cert.txt -A