Client certificate authentication

It is possible to use any valid certificate to authenticate the transaction approval client against the transaction approval REST Endpoint. It is also possible to use a self-signed certificate, as it is described in Securing Airlock IAM with HTTPS.

Once you have obtained or created the credentials for the client (i.e. certificate and private key), you have to add the certificate or the issuing CA certificate to a trust store and to supply this trust store to the transaction approval REST Endpoint. The page provides more information on how create a trust store from a list of certificates and how to configure the instance to use this trust store.

Note: The trust store PKCS12 can be used to establish trust to individual certificates and to CA certificates and through the CA to all certificates issued by this CA.