STEP supports Transport Layer Security (TLS) with mutual authentication (mTLS) for outbound HTTP traffic. mTLS is more secure than TLS, as it requires both the server and client to verify each other before data is transferred.
This functionality is controlled via a set of configuration properties for the key store and trust store to use across all features. These configurations must be set in sharedconfig.properties on the STEP application server.
mTLS Configuration Properties
The following tables lists the configuration properties for mTLS and their descriptions:
| Configuration Property | Description |
|---|---|
SSL.Default.KeyStore.Location |
Full path to the key store file in the file system. For clusters, the key store must be in a directory accessible from all application servers. |
SSL.Default.KeyStore.Password |
Password for the key store. |
SSL.Default.KeyStore.Type |
The type of key store. This defaults to 'JKS.' |
SSL.Default.TrustStore.Location |
Full path to the trust store file in the file system. For clusters, the trust store must be in a directory accessible from all application servers. |
SSL.Default.TrustStore.Password |
Password for the trust store. |
SSL.Default.TrustStore.Type |
The type of trust store. This defaults to 'JKS'. |
mTLS functionality has been tested with the gateway integration endpoint REST plugin, the REST and REST Direct Outbound Integration Endpoint delivery plugins, and URLConnections directly from business rule JavaScript.
Note: mTLS will not work in combination with the REST gateway integration endpoint plugin 'SSL trust store location' and the existing REST Direct mTLS functionality configured via properties 'RESTDeliverySSLKeyStoreLocation,' 'RESTDeliverySSLKeyStorePassword,' and 'RESTDeliverySSLKeyStoreType.'
To learn more about the GIEP REST plugin, see the Configuring a Gateway Integration Endpoint - REST topic in the Gateway Integration Endpoint section of the Data Exchange documentation here.
To learn more about the OIEP REST delivery method plugin, see the REST Delivery Method topic in the OIEP Delivery Methods section of the Data Exchange documentation here.
To learn more about the OIEP REST Direct delivery method plugin, see the REST Direct Delivery Method topic in the OIEP Delivery Methods section of the Data Exchange documentation here.