Hi guys,

I have a requirement to build a mutual authentication (2-way TLS) to connect ServiceNow with internal application. ServiceNow is the client and the internal application is the server,

In this case, MID Server is a must for this integration. I have done a research and reading on the potential risk and work around. Below are the links that  I have figured out:

This link tells that we cannot use MID Server if we want to use Mutual Authentication:
Outbound Web Service mutual Authentication

I did more research and I found several work around that we can do:

1) We can change the MID Server to Mutual Authentication : Setting up Mutual Authentication for Web Services.

2) Import Certificate into ServiceNow : Upload a trusted server certificate

3) How to setup the mutual authentication in ServiceNow : Setting up mutual authentication

4) Control the connection using MID Server security policy : MID Server certificate check policies

My questions are summarized as per below:

1) Based on the documentation, we should have 2 certs placed in the Client and Server for the mutual authentication. Am I understand this correctly?

2) How to initiate mutual authentication between ServiceNow and MID Server?

3) How to initiate mutual authentication between MID Server with internal application?

4) After the handshake is a success, when we want to send the payload, can we just use basic authentication for the REST API payload or there is another way to connect since we are using mutual authentication?

Please advise on this.