Mendix acting as (Intermediate) Certificate Authority (CA)

Question

Mendix acting as (Intermediate) Certificate Authority (CA)

8

This feature request proposes Mx to acts as (Intermediate) Certificate Authority (CA), as follows:

Customer uses Mx portal to generate PKI Key Pair and associated public certificate. Customer will download PKI Key Pair and Certificate and load these in the customer client system. Mx will include Mx specific attributes in the certificate that allows Mx to authenticate and authorize the incoming connection. Attributes like Tenant Id and User Id allows Mx to connect the user to the right tenant in Mx’s multi-tenant platform.

Advantages:

Mx provides customer-friendly, pay-per-use secure (e.g. Mutual-TSL) connectivity to Mx.
Mx does not need to make customer specific solutions in Mx access layer (Nginx)
Customer does not need to have CA
Connectivity and access more secure

asked 2020-04-20

Theo Koppes

2 answers

Theo Koppes · Answer 1 · 2020-04-21

Hi Johan –

Use case : we use for our service-2-service connections, 2-Way SSL to establish client and server authentication

Current situation:
Tennant info provided in URL
2-Way SSL certificate - with intermediate certificate of customer. CA Root Authority 3rd Party , contracted by customer.
Proposed:
2-Way SSL Certificate with intermediate certificate from Mendix. CA Root Authority 3rd Party contracted by Mendix
Tennant info is attribute added to certificate

Advantage is 100% automation of deployment of software to Mx cloud; better quality , faster deployment, ease of user, CI/CD funnel automated
Software in test and production is the same
Adding tennant info as attribute certificate is part of automated deployment process

Johan Flikweert · Answer 2 · 2020-04-20

Could you elaborate on a use case?