Member-only story
Securing Web Services with YubiKey-Based mTLS Encryption
In a previous post, I discussed the use of Device Attestation to authenticate devices based on specific properties, such as certificates for ACME enrollment. Today, I would like to provide a practical example of how Device Attestation can be used for client authentication in an organization or a production alike environment where high security is desired. Specifically, we’ll look into configuring YubiKey in conjunction with the mTLS protocol, which is especially a common scenario in banking systems where both server and client authentication is required.
We’re gonna first describe system components separately and then I’ll guide you step by step to set it up. To start off, while there are many great articles about mTLS already out there on the web, I believe it’s important to touch upon its significance briefly.
mTLS
mTLS (Mutual Transport Layer Security) is a protocol used for securing communication channels between two endpoints, such as between a client and a server. It is an extension of TLS (Transport Layer Security), which is used to encrypt and authenticate communication between a client and server. With mTLS, both the client and server are authenticated using digital certificates, rather than just the server as is the case with regular TLS.
