STEP supports Transport Layer Security (TLS) with mutual authentication (mTLS) for outbound HTTP traffic. mTLS is more secure than TLS, as it requires both the server and client to verify each other before data is transferred.
This functionality is controlled via a set of configuration properties for the key store and trust store to use across all features. These configurations must be set via case-sensitive properties in sharedconfig.properties file on the STEP application server.
Changes to the properties file are implemented when the file is saved. No server restart is required.
mTLS Configuration Properties
The following table lists the default case-sensitive configuration properties for mTLS and their descriptions.
| Configuration Property | Description |
|---|---|
SSL.Default.KeyStore.Location |
Full path to the key store file in the file system. For clusters, the key store must be in a directory accessible from all application servers. |
SSL.Default.KeyStore.Password |
Password for the keystore. |
SSL.Default.KeyStore.Type |
The type of keystore. This defaults to 'JKS.' |
SSL.Default.TrustStore.Location |
Full path to the trust store file in the file system. For clusters, the truststore must be in a directory accessible from all application servers. |
SSL.Default.TrustStore.Password |
Password for the truststore. |
SSL.Default.TrustStore.Type |
The type of truststore. This defaults to 'JKS'. |
mTLS functionality has been tested with the gateway integration endpoint REST plugin, the REST and REST Direct Outbound Integration Endpoint delivery plugins, and URLConnections directly from business rule JavaScript.
Note: mTLS will not work in combination with the REST gateway integration endpoint plugin 'SSL trust store location' and the existing REST Direct mTLS functionality configured via properties RESTDeliverySSLKeyStoreLocation, RESTDeliverySSLKeyStorePassword, and RESTDeliverySSLKeyStoreType.
To learn more about the GIEP REST plugin, refer to the Configuring a Gateway Integration Endpoint - REST topic in the Gateway Integration Endpoint section of the Data Exchange documentation here.
To learn more about the OIEP REST delivery method plugin, refer to the REST Delivery Method topic in the OIEP Delivery Methods section of the Data Exchange documentation here.
To learn more about the OIEP REST Direct delivery method plugin, refer to the REST Direct Delivery Method topic in the OIEP Delivery Methods section of the Data Exchange documentation here.