mutual authentication is a common way to authentication your client or integrate with upstream/downstream services. This post will demostrate how to enable mutual authentication, or so-call mTLS in SSL, in Jetty server.
Change the password "changeit" in below commands if you generate a real certificate in production.
Run below commans to generate server and client certificates. It's notable that when terminal prompts your to input your first name and last name, input your domain name or ip address. It's mandatory that your hostname match your certificate.
I assume that you generate certs in src/main/resources where we normally do.
The key to Jetty is to configurate the SslContextFactory. Things are pretty straightforward. You set the KeyStore and KeyStore password, and then set the TrustStore and TrustStore password. You need to call setNeedClientAuth(true) to enable mTLS.