Implementing Two-Way TLS

Mutual or 2-Way TLS is typically used when the user context is not present and a Client/Server application is registered through the SEI Integration Portal. Per SEI’s Information Security requirements, the SM service account is used to mint the Oauth token by using grant_type = client_credentials and implemented with IP whitelisting.

To set up Mutual TLS between SEI and the client’s server, the client must obtain an identity certificate from a SSL provider. The Common Name (CN) of the cert is the service account’s username provided by SEI. If the client is unable to obtain an Identity cert from their provider, SEI will distribute a client cert through our SSL provider, Trustwave.

The SEI certificate download link and instructions are valid for one download. Once the certificate has been downloaded, the link will not work again. If the link expires, please contact SEI to receive a new link. The SEI certificate will expire after two years and the client will be notified ahead of time.

To establish a successful Two-way SSL communication with SEI, the client server making API Calls must:

1. Come down the TLS URL: ( https://mtls.api.seic.com/ )

2. Come from a whitelisted IP source

3. Use a service user credentials

4. Present the identity certificate