Skip to content

Commit 2d7a931

Browse files
tommysitutommysitu
committed
Update documentation for SSL configuration
1 parent 197c786 commit 2d7a931

File tree

2 files changed

+23
-1
lines changed

2 files changed

+23
-1
lines changed

docs/pages/tutorials/advanced/behindaproxy/behindaproxy.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
.. _behind_a_proxy:
22

33
Using Hoverfly behind a proxy
4-
================================
4+
=============================
55

66
In some environments, you may only be able to access the internet via a proxy. For example,
77
your organization may route all traffic through a proxy for security reasons.

docs/pages/tutorials/advanced/configuressl/configuressl.rst

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,13 @@
33
Configuring SSL in Hoverfly
44
===========================
55

6+
Hoverfly supports both one-way and two-way SSL authentication.
7+
8+
Hoverfly uses default certificate which you should add to your HTTPS client's trust store for one-way SSL authentication. You have options to provide your own certificate, please see below.
9+
10+
Override default certificate for one-way SSL authentication
11+
-----------------------------------------------------------
12+
613
In some cases, you may not wish to use Hoverfly's default SSL certificate. Hoverfly allows
714
you to generate a new certificate and key.
815

@@ -26,3 +33,18 @@ to start an instance of Hoverfly using these files.
2633

2734
.. note::
2835
Both a certificate and a key file must be supplied. The files must be in unencrypted PEM format.
36+
37+
38+
Configure Hoverfly for two-way SSL authentication
39+
-------------------------------------------------
40+
41+
For two-way or mutual SSL authentication, you should provide Hoverfly with a client certificate and a certificate key that you use to authenticate with the remote server.
42+
43+
Two-way SSL authentication is only enabled for request hosts that match the value you provided to the ``--client-authentication-destination`` flag. You can also pass a regex pattern if you need to match multiple hosts.
44+
45+
.. code:: bash
46+
47+
hoverctl start --client-authentication-client-cert cert.pem --client-authentication-client-key key.pem --client-authentication-destination <host name of the remote server>
48+
49+
50+
If you need to provide a CA cert, you can do so using the ``--client-authentication-ca-cert`` flag.

0 commit comments

Comments
 (0)