Mutual authentication of 1R instances via mTLS

The 1R standard requires a mutual authentication between 1R server instances. This shall be done via mTLS.

TODO: Final form of implementation still to be discussed in API group.

Acceptance criteria

• For each incoming request (POST, PATCH, GET ...), the requested 1R instance (server) verifies the X.509 certificate of the requesting 1R instance (client).
• For each request made to another 1R instance (server), the requesting 1R instance (client) verifies the X.509 certificate of the requested instance.
• If certifcate validation fails on either side, the connection gets dropped and the issue is logged.
• The project contains a self-signed (sample) root certificate to issue client certificates.
• The 1R server is deployed with a certificate, which is signed by the projects root certificate.
• The usage of mTLS can be optionally switched off at server start via a parameter. This shall enable mTLS termination by a remote proxy like e.g. NGinX in more adavanced deployment scenarios.
• The project documents, how a new certificate can be issued with the projects root certifcate and how it must be deployed to a second 1R server instance.