Questions tagged [mtls]
The mtls tag has no summary.
11 questions
1
vote
1
answer
75
views
Should a client be able to validate his own client certificate issues by a private CA for mTLS?
I am working for a company and we are investigating how mTLS should work. Since public ca's won't issue in the nearby future the client auth EKU, we have to look for alternatives.
When searching on ...
- 115
0
votes
2
answers
132
views
mTLS for clients who won't accept private certificates for API requests
I am working for a company who has to change the current mTLS setup because public CA's won't issue the client auth extension anymore, which is required to setup mTLS. We are currently demanding from ...
- 115
4
votes
1
answer
2k
views
What makes Certificate-Based Authentication phishing resistant?
In a typical phishing scenario where a user sends their credentials to a malicious 3rd party server (Attacker) instead of the intended server (e.g. Microsoft) by accident, how does Certificate-Based ...
- 51
0
votes
2
answers
324
views
Understanding of Client Authentication Certificates for mTLS
A third party supplier of an mTLS protected service gave us the following requirement:
We were to obtain & share with them a client authentication certificate so their service can authenticate us
...
- 205
0
votes
2
answers
231
views
Can I skip verifying server CA in mTLS if I don't need request confidentiality nor response integrity?
Consider this scenario in an HTTPS (m)TLS [*] request:
A trusted client sends a select query (the request) to a read-only database server
The server uses a self-signed certificate, so it is ...
- 133
1
vote
1
answer
369
views
mTLS with trust established through a chain of client certificates rather than a central CA
TL;DR: I want to forward-chain client certificates by including their successor public key as an extension. See Questions.
I am thinking about using client-side certificates in TLS (mTLS) as a more ...
- 11
1
vote
1
answer
284
views
Is TLS1.2/3 + PSK recommended for future products?
I have build multiple embedded devices with TLS1.2/3 + PSK using mbedtls and wolfssl libraries.
My products have been with microcontrollers(ESP32, Silicon labs, etc.) and OpenWRT based Linux products. ...
- 111
1
vote
1
answer
165
views
mTLS - revoking client certificates and maintaining CRL
is it possible to revoke certificates manually without presenting the client certificate? i.e. provide certificate id only?
technically in the certificates db maintained by the CA, each entry has its ...
- 11
4
votes
1
answer
981
views
Attack surface of a reverse proxy secured with mTLS?
Suppose that I have a reverse proxy such as caddy or Traefik that requires a client certificate to authenticate via mTLS, globally across reverse proxy.
What is the attack surface for services behind ...
- 43
2
votes
0
answers
185
views
Pros and Cons of implementing custom certificate provisioning for IoT devices
I`m working on a project for improving security of IoT devices by using per device X.509 certificate for authentication. The company uses IoT sensors, created inhouse, to gather data for analytics.
...
- 21
3
votes
1
answer
1k
views
API Key over HTTPS vs mTLS
I wonder what are the benefits of using mTLS for verifying clients when we have an API Key being sent over HTTPS.
I am thinking on backend to backend communications, where one server needs to fetch ...
- 333