Question
![](/profiles/pega_profile/modules/pega_user_image/assets/user-icon.png)
Lloyds Banking Group PLC
GB
Last activity: 10 Jul 2019 3:29 EDT
Mutual Auth for services exposed from PEGA
v7.3.1 | WAS 8.5.5
Our PEGA application exposes a number of services to other non-PEGA applications to consume and basic authentication has been used for auth wherein the calling application passes the user identifier and password to the service.
However, our security requirement suggests we would be better of using mutual auth for this and we would like to know if there would be any challenges in achieving this.
My simple understanding of this was -
Store both the client and service provider certificates of both the applications involved in their corresponding servers and enable the "Require TLS/SSL for REST services in this package" setting in the service package.
Guidance from anyone who has done this before would be appreciated.