Legacy Dev Forum Posts

 View Only

Sign Up

Back to discussions
Expand all | Collapse all

Question about Web Services integration and MTLS

  • 1.  Question about Web Services integration and MTLS

    Posted 06-05-2025 18:46

    abudwill | 2024-09-17 17:04:53 UTC | #1

    I have a general question about setting up a Web Services integration using MTLS to hit an on-prem hosted web service. I have reviewed https://help.mypurecloud.com/articles/mtls-support-for-data-actions/, but seem to be missing something.

    During the MTLS handshake process, doesn't the on-prem web service present its certificate to Genesys Cloud to verify? I am not understanding what CA's Genesys Cloud supports for this step in verification.

    For reference, I am running under the assumption the below steps are the high level steps during the MTLS handshake process:

    1. ClientHello: (Genesys Cloud / data action sends a ClientHello to on-prem web service)
    2. ServerHello (On-prem web service responses with ServerHello and sends its server certificate)
    3. Server Certificate Verification: Genesys cloud verifies the servers certificate
    4. Client Certificate Request: The on-prem web service requests the clients mTLS certificate
    5. Client Certificate: Genesys cloud sends its client certificate (which will be signed by the root CA mentioned in the support article)
    6. Client Certificate Verification: The on-prem web services verifies the Genesys Cloud certificate (because the on-prem web service has imported the certificate mentioned in the support article and established a trust relationship with the Genesys Root CA)

    This being said, I am stuck on step 3. If Cloud is validating the certificate sent by the web service - what CAs is Cloud using to verify against? Isn't the certificate being presented one that the customer is providing, or self-signed?

    Thanks for any guidance.

    Jason_Mathison | 2024-09-17 17:22:48 UTC | #2

    Data Actions require that the server present a publicly trusted certificate. Here is the FAQ for this:

    https://help.mypurecloud.com/faqs/which-root-certificates-are-trusted-for-web-services-data-actions/

    --Jason

    abudwill | 2024-09-17 17:27:33 UTC | #3

    Not sure how I missed that, thanks!

    system | 2024-10-18 17:28:07 UTC | #4

    This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.

    This post was migrated from the old Developer Forum.

    ref: 29371



Related Content