Enable Mutual TLS authentication support in Browser-based only scans
Problem to solve
As a customer I would like to ensure my DAST scan is able to access a site that is protected by mutual TLS authentication.
This has been implemented for legacy scans in the issue #299596 (closed).
Proposal
Follow the guidelines outlined for Chromium: https://chromium.googlesource.com/chromium/src/+/refs/heads/lkgr/docs/linux/cert_management.md. We will need the user to provide a certificate, and optionally the username/password for the certificate file.
We will need to setup an e2e test to ensure this works in various configurations.
Intended users
What does success look like, and how can we measure that?
A user can supply a certificate and it successfully imports into the browser. We can measure this by ensuring e2e tests are created to handle the various cases (with/without credentials for the certificate).
What is the type of buyer?
Links / references
Edited by Cameron Swords