What is 2 way SSL?
- Piotr Sałdan
- Sep 9, 2025
- 1 min read
Updated: Sep 10, 2025
2-way SSL, also known as mutual SSL/TLS authentication, is a security mechanism where both the server and the client verify each other's identities using digital certificates to establish a secure connection.
I recommend using it when need for security is much higher (for example when processing medical or banking data).
How 2-way SSL works
The "handshake" process is as follows:
The client initiates the connection and sends a "Client Hello" message.
The server responds with a "Server Hello," sends its own certificate, and requests a certificate from the client.
The client verifies the server's certificate (checking if it was issued by a trusted Certificate Authority - CA).
The client sends its own certificate to the server.
The server verifies the client's certificate (checking its validity and if it was issued by a trusted CA).
If both verifications are successful, a session key is exchanged to encrypt the connection, and the secure link is established.
There are some scenarios when usage of 2-way SSL is recommended:
Feature | One-way SSL | Two-way SSL |
Authentication | Only the server is authenticated. | Both the server and the client are authenticated. |
Client Requirement | The client does not need a digital certificate. | The client must have a digital certificate. |
Common Uses | Public websites, e-commerce. | Online banking, payment systems, API connections, VPNs, IoT. |
If you need help with connecting your Salesforce org with any external system feel free to reach out ;)
Comments