mTLS (Mutual TLS) Documentation
Overview
KeyRunner now supports mTLS (Mutual TLS) to enhance security by ensuring that both the client and server authenticate each other. This documentation provides a detailed guide on how to use mTLS within KeyRunner.
Getting Started
Certificate Management
Accessing Certificate Management:
- Click on the certificate icon located in the footbar of the KeyRunner interface.
- This will open the Certificate Management tab where you can add and manage your certificates.
Adding Certificates:
- In the Certificate Management tab, you will see fields to input the following details:
- Host: The domain or IP address of the server.
- Cert Path: The file path to the certificate (.crt) file.
- Key Path: The file path to the private key (.key) file.
- PFX File Path: The file path to the PFX (.pfx) file, if applicable.
- Pass Phrase: The passphrase for the private key or PFX file, if applicable.
- You can add multiple certificates for different domains.
- In the Certificate Management tab, you will see fields to input the following details:
Deleting Certificates:
- In the Certificate Management tab, you can also delete any certificates you have added by selecting the certificate and clicking the delete button.
Using mTLS in Requests
- Detecting and Using Certificates:
- When you enter a URL in the Request tab, KeyRunner will automatically detect the domain.
- If a certificate exists for that domain, an mTLS chip will appear in the URL bar, indicating that the certificate will be used for the request.
- The mTLS chip signifies that mTLS is enabled for the request.
Disabling mTLS for a Request:
- You can click on the mTLS chip in the URL bar to disable mTLS for that particular request.
- This provides flexibility if you need to make a request without mTLS temporarily.
Example Usage
Adding a Certificate
- Click on the certificate icon in the footbar.
- In the Certificate Management tab, fill in the following fields:
- Host:
api.example.com
- Cert Path:
/path/to/certificate.crt
- Key Path:
/path/to/private.key
- PFX File Path:
/path/to/certificate.pfx
- Pass Phrase:
yourPassphrase
- Host:
- Click "Add Certificate".
Making a Request with mTLS
- Go to the Request tab.
- Enter the URL:
https://api.example.com/data
- The mTLS chip will appear in the URL bar if a certificate for
api.example.com
exists. - Proceed with your request, and mTLS will be used automatically.
Disabling mTLS for a Specific Request
- In the Request tab, after entering the URL, you will see the mTLS chip in the URL bar.
- Click on the mTLS chip to disable mTLS for this request.
- Proceed with your request without mTLS.
FAQs
What is mTLS and why is it important?
mTLS (Mutual TLS) is an extension of the standard TLS protocol. While TLS ensures that the server is authenticated, mTLS ensures that both the client and server authenticate each other, providing a higher level of security.
Can I add multiple certificates for different domains?
Yes, you can add multiple certificates for different domains in the Certificate Management tab.
How do I know if mTLS is enabled for a request?
If the mTLS chip appears in the URL bar when you enter a URL, mTLS is enabled for that request.
Troubleshooting
- Certificate Not Detected: Ensure that the host in the Certificate Management tab matches the domain of the URL exactly.
- Passphrase Issues: Double-check the passphrase entered for accuracy.
- Disabling mTLS: If mTLS is not required, you can disable it by clicking the mTLS chip in the URL bar.
For further assistance, please contact our support team.