To subscribe to an mTLS plan, the client must add a certificate to their application. To add a certification to an application, complete the following steps:
- In the console, navigate to Applications, and then click a specific application.
- For that application, click the setting the Tls Configuration. The client certificate is pasted in base64-encoded format.
Screenshot showing Tls configuration
{% hint style="warning" %} Multiple applications in the same APIM instance must not share client certificates. You cannot save an application’s configuration if the added client certificate is already present for another application. {% endhint %}
When you add a client certificate to an application, the gateway adds this application to its truststore. At runtime, the gateway checks whether the truststore has a certificate that matches an application with a valid subscription for the API.