toc

Configure Relay mTLS

Enable mTLS between your Relay and destination server.

TLS is used to provide secure and encrypted connections between server and client. During the establishment of a connection, the server provides the client with a certificate that can be verified by a trusted certificate authority (CA). Mutual TLS (mTLS) is an extension of TLS where the server requests a client certificate signed by the server’s CA during the TLS handshake.

This tutorial will show how you can enable mTLS between a Relay and destination server.

Create a Relay

Navigate to your Team and create a new Relay pointed at mtls-tutorial.evervault.com. This server has mTLS enabled so you can test out this feature.

Create a Relay

Test connection

First, let's curl the Relay and see what happens:

bash
curl https://<Your Relay domain>.relay.evervault.com -H 'x-api-key: <Your API Key>'

If you take a look at your activity log, you will see that the TLS handshake has failed. The request failed because Relay can't create a successful connection without a valid client certificate.

Activity Log

Configure Relay for mTLS

Next, let's add a valid mTLS certificate to this Relay and verify our connection works.

Download a valid test cert for this tutorial here. This client certificate is issued by the server’s CA (Note: there is no third party CA for the client certificate in mTLS)

The certificate for this tutorial has no password so you can leave that field blank.

Upload mTLS client P12

Retest Connection

Make sure your certificate has uploaded successfully and then try to curl the Relay again.

You will know you have successfully connected when you see the following response:

bash
{"response":"Congratulations, you have successfully connected using mTLS!"}

Was this page useful?