If I get a public certificate from a public CA and let’s say it’s usage is clientAuth.
Will a java server with
-ssl : enabled and working
-client auth : need
-truststore : the default one
accept it from a client during mtls authentication ?
I don’t see why not since the truststore trusts public certificates.
Because of this how do we implement mtls authentication well ? (that validate client certificate in some way) ?
For example, fortigate validates the VPN client certificate by matching the client’s common name to the user (a little like domain validation in server certificate).
Thank you
I didn’t try nothing yet, it’s a question
New contributor