The Feeling is Mutual: Elegant & Effective Authentication

If your user base is primarily IoT devices and your organization doesn’t want to manage passwords for each device, then it seems like a series of unguessable passwords such as “d3v1ce [serial-number]” is the only solution. While that technically works, it isn’t the most user-friendly option. For a more elegant and effective solution, consider mutual TLS, or mTLS, authentication.

With mutual TLS authentication, the server authenticates the client at the TLS level before allowing encrypted application layer data to flow. While the server still presents a certificate that the IoT device validates against a trusted Root CA, the server now sends a `CertificateRequest` message asking the IoT device to do the same…

Read Full Blog

Shares

Written by:

Leave a comment