Mutual Transport Layer Security (mTLS) is an end-to-end security process that verifies the identity of both sides of a communication stream — the client and the Pismo platform. This provides an added layer of trust and security, and ensures that the platform can only be accessed by clients with a signed certificate authority (CA).

📘

If you are interested in configuring mTLS, contact your Pismo representative to begin the process.

How the mTLS process works

The following is an overview of how the authentication process works on the Pismo platform. During the process, if either side fails to present a valid certificate, the connection ends and no data is transmitted in either direction.

1. You connect to the platform.
2. The platform sends its TLS certificate.
3. You verify the certificate.
4. You send your certificate to the platform.
5. The platform verifies the certificate.
6. The platform grants access to you.
7. Data exchange occurs securely over the encrypted TLS connection.

Important details

The mTLS process ensures that all parties involved in the connection are who they claim to be. This protocol keeps the platform in compliance with legal requirements, such as the European Union's eIDAS regulation and the revised Payment Services Directive (PSD2).

The Pismo platform uses Cloudflare to provide signed certificates for the mTLS process, which expires after three years. If you want to use certificates from a different signing authority, you must provide a risk letter, because in such cases Pismo cannot guarantee that the parties in each connection are who they claim to be. In addition to the certificates, Pismo uses the Cloudflare Web Application Firewall (WAF), a more robust service against distributed denial-of-service (DDoS) attacks.