Enabling mTLS authentication between services
In this last section, we will enable TLS encryption with mutual authentication between service endpoints in App Mesh using X.509 certificates. We will be using a separate application called colorapp and deploying it on the same EKS cluster. Before we start enabling mTLS, let's understand what mTLS is and why we need it.
You must have encountered TLS almost 100 times today. Whenever you are visiting a website with HTTPS as the protocol, it uses TLS. TLS is mostly used whenever your web server is in the public domain and a client wants to request the data from the web server. Then, the client will ask the server to identify itself, and the server provides a certificate, which is signed by a Certificate Authority (CA), and the client trusts the CA. This way, a TLS handshake takes place and the client can identify the server and create a secure HTTPS transfer.
What if the server also wants to verify the identity of the client? In...
