When configuring connection there are advanced settings for each ALM tool. Those can be accessed via following checkbox:
This will show the following settings:
|Client certificate||Allows two-way TLS on the server with custom uploaded client certificate (.pfx/.p12 file encrypted with export passphrase).|
|CA certificate||Allows one-way TLS on the server with custom uploaded CA certificate (.pem/.crt file). Will be ignored if Verify TLS / SSL is set to false.|
|Server certificate validation||Enables / disables TLS certificate (CA) check. If you have setup a custom (self-signed) CA certificate and want that to be used for verification, you need to have the verification enabled.|
|Custom Timeout||Connection timeout in seconds for HTTP requests to the ALM tool. Must be a value between 5 and 60. The default is 5 seconds.|
One-way / Two-way TLS communication
In one-way TLS, or regular TLS, the X.509 server certificate is created by a CA that the client can trust when wants to connect.
To upload CA certificate in PEM format click on the Upload pem in advanced settings and choose the file (.pem / .crt) from your system:
In a two-way TLS (mutual authentication) the server and client does a digital handshake, where the server needs to present a certificate to authenticate itself to the client and vice-versa.
To upload client certificate in PKCS#12 format click on the Upload PKCS#12 in advanced settings. You will be prompted to choose the file (.pfx / .p12) from your system:
After choosing the file you will be required to insert the correct export passphrase which was used when creating the client certificate:
After uploading certificates everything is set for one-way (CA cert only) / two-way (both client and CA certificates) TLS communication.
If needed you can delete the files to disable one-way / two-way TLS with custom certificates.