TLS can be used to authenticate the user, this is called TLS client authentication. To be able to use the TLS client authentication method, a connector configured to manage client authentication is required.
- To enable a connector to manage TLS with client authentication, configure a regular TLS connector, see above.
- Point out a truststore. See Manage truststores in Nexus Timestamp Server for information on how to create a truststore.
To configure the TLS connector with client authentication enabled, enter this in timestamp.properties:
Example: TLS connector with client authentication enabled
CODE
connector.2.name=localhost
connector.2.port=8886
connector.2.ssl.keystore=${config}/keys/sslDemo.p12
connector.2.ssl.keystore.pin=1234
connector.2.ssl.keyStorePassword=1234
connector.2.ssl.needClientAuth=true
connector.2.ssl.truststore=${config}/certs
The needClientAuth
and wantClientAuth
parameters are used to define if client authentication is required or if it shall be optional. If those parameters are not set, the web application can control if and when to authenticate the user, which is the case for the TLS client authentication method.
An example of how to use the Nexus Timestamp Client to send an TLS request to a connector with client authentication enabled can be found in Use Nexus Timestamp Server test client.