-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Peter,
On 9/9/19 17:37, Peter Kreuser wrote:
> Isn‘t that what client certs are for? Https to identify Server A,
> Client cert to authenticate Server B?
Yes, it sounds like the OP is re-designing TLS mutual authentication.
Michael, do you see any
Isn‘t that what client certs are for?
Https to identify Server A, Client cert to authenticate Server B?
Message integrity should then be unnecessary?!
Or am I missing a piece?
Peter
> Am 09.09.2019 um 21:10 schrieb M. Manna :
>
> Why not use JWT cookies/tokens? You sign your claims and only yo
Why not use JWT cookies/tokens? You sign your claims and only you can
validate the claims and ensure that it’s coming from the right place/user.
Thanks,
On Mon, 9 Sep 2019 at 19:26, Michael Duffy wrote:
> I need to communicate securely between two Tomcat servers running in two
> different envir
I need to communicate securely between two Tomcat servers running in two
different environments. I have control of both servers.
I would like to do this through a simple REST call from Server-B to
Server-A.
On the server I am communicating to, Server-A, I can easily set up HTTPS
with a self-sign
