Outgoing REST calls with mTLS

REST call with authentication via Client certificate with mTLS

Mutual TLS (mTLS) stands for Mutual Transport Layer Security and is an extension of TLS (Transport Layer Security), the most widely used security protocol for encrypting and protecting data on the Internet. While TLS is mainly used to secure communication between a client (e.g. a web browser) and a server, mTLS goes one step further by enabling two-way authentication. This means that both the client and the server must confirm each other's identity before secure communication can take place.

Advantages of mTLS:

1. Improved security: Thanks to two-sided authentication, both the client and the server can be sure that they are exchanging data with the right partner. This protects against various types of attacks, including man-in-the-middle attacks.

2. Fine-tuned access control: mTLS enables detailed access control to resources. Since the identity of each client is verified, access to specific services or data can be strictly regulated.

3. Data protection: Encrypted communication protects sensitive information from being accessed by third parties.

4. Standard conformity: For certain industries, particularly in finance and healthcare, mTLS can help meet compliance requirements.

Requirements for mTLS:

1. TLS support: Both Clients and servers must support TLS.

2. Certificates: Both the client and the server require digital certificates. These serve as digital passports or ID cards that confirm identities. These certificates are usually issued by a trustworthy certification authority (CA).
   The customer is responsible for storing suitable certificates in the CRM so that these are available for a REST call with mTLS.
   The CRM requires a key pair consisting of a private, encrypted key (encrypted private key) and the corresponding public certificate in order to authenticate itself to the remote peer. The key must be in PKSC8 syntax and the certificate in X.509 syntax. Both values are stored together in PEM format in the CRM.

3. Trusted certification authorities: The client and the server must trust each other, which means that the certificate chains that validate their certificates must be traceable back to a jointly recognized CA.

mTLS offers a very high level of security for communication between systems. It is particularly useful in environments where there are high security and trust requirements. However, it increases the complexity due to the effort involved in setting up and managing the certificates (certificates have an expiration date and must be reissued and distributed regularly) and in designing the REST calls.