Mutual authentication, or Certificate-Based Authentication (CBA) establishes trust between server and client by exchanging Secure Sockets Layer (SSL) certificates, and validating the certificate with a trusted Certificate Authority (CA). This allows verification that a trusted source is connecting to the Now platform. Set the glide.authenticate.mutual.enabled system property to true to enable CBA for inbound connections to REST and SOAP APIs.

1. Review organizationally-defined requirements to determine if your instance is providing inbound web services to other systems.
2. If your instance is providing inbound web services, enable mutual authentication for inbound web services. Complete the following actions per the referenced materials:
   1. Review any third party endpoints that integrate to your instance. For those that are applicable, gather the client PKI key pair which contains the client certificate and all intermediate and root CA certificates for this client certificate.
   2. Ensure that the instance is using an ADCv2 load balancer. Navigate to https://<instance_fqdn>/adcv2/supports_tls on your instance. If this does not return true, contact support to request that ADC-to-APP mTLS is enabled for your instance.
   3. Activate the Certificate-based authentication (com.glide.auth.mutual) plugin on your instance.
   4. Ensure that the glide.authenticate.mutual.enabled system property is set to true to activate all functionality.
   5. Register CA root and intermediate certificates for the third party endpoints from step A. Follow the docs site instructions to fill out all required fields.
   6. Map PEM certificates provided by integration endpoint to users. The designated user is used to initiate a session and execute the request.
   주:

   In-depth documentation and set-up instructions can be found at Set up Certificate-based authentication and in KB0993615. :

More information