When configuring connection there are advanced settings for each ALM tool. Those can be accessed via following checkbox:
This will show the following settings:
|Client certificate||Allows two-way TLS on the server with custom uploaded client certificate (.pfx/.p12 file encrypted with export passphrase).|
|CA certificate||Allows one-way TLS on the server with custom uploaded CA certificate (.pem/.crt file). Will be ignored if Verify TLS / SSL is set to false.|
|Server certificate validation||Enables / disables TLS certificate (CA) check. If you have setup a custom (self-signed) CA certificate and want that to be used for verification, you need to have the verification enabled.|
|Custom Timeout||Connection timeout in seconds for HTTP requests to the ALM tool. Must be a value between 5 and 60. The default is 5 seconds.|
If the certificate of your ALM is signed by a intermediate certificate (and not by the root CA one), you need to bring all the intermediate certificates (including the root) into one .pem file first. An example (with one intermediate) can be seen here:
ROOT CA CERT THAT ISSUES THE INTERMEDIATE CA CERT
INTERMEDIATE CA CERT
The order (root-ca first then intermediate-ca / intermediate-ca first then root-ca) does not matter
One-way / Two-way TLS communication
In one-way TLS, or regular TLS, the X.509 server certificate is created by a CA that the client can trust when wants to connect.
To upload CA certificate in PEM format click on the Upload pem in advanced settings and choose the file (.pem / .crt) from your system:
In a two-way TLS (mutual authentication) the server and client does a digital handshake, where the server needs to present a certificate to authenticate itself to the client and vice-versa.
To upload client certificate in PKCS#12 format click on the Upload PKCS#12 in advanced settings. You will be prompted to choose the file (.pfx / .p12) from your system:
After choosing the file you will be required to insert the correct export passphrase which was used when creating the client certificate:
After uploading certificates everything is set for one-way (CA cert only) / two-way (both client and CA certificates) TLS communication.
If needed you can delete the files to disable one-way / two-way TLS with custom certificates.