search cancel

Does the SSL Visibility Appliance support decrypting mTLS?

book

Article ID: 227487

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

mTLS or mutual authentication is a method of verifying that the parties at each end of a network connection are who they claim to be by verifying they both have the correct private key.  The information within their respective TLS certificates provides additional verification.  

mTLS is often used in a Zero Trust security framework to verify users, devices, and servers within an organization. It can also help keep APIs secure.

The SSL Visibility appliances do not decrypt or participate in Mutual TLS authentication.

Cause

In mTLS both the client and server have a certificate, and both sides authenticate using their public/private key pair.  The SSLV does not support client certificates.  The SSL Visibility appliances only decrypt TLS traffic between a client and a server when the client makes a request and the server has a certificate.

Resolution

In order to pass mTLS traffic through the appliance, a cut-through rule would need to be added to the policy based either upon the source IP address or the destination IP address.