Custom Action with mLTS certificate based authentication | Community
Skip to main content
D
DN1191
Level 3
May 22, 2026
Question

Custom Action with mLTS certificate based authentication

  • May 22, 2026
  • 2 replies
  • 40 views

Hello Team,

Does anyone has experience working with Custom action using mTLS certificate-based authentication ?

I am trying to make an API call that uses mTLS certificate-based authentication (the certificate is used for both authentication and authorization). As per Adobe documentation - https://experienceleague.adobe.com/en/docs/experience-platform/landing/governance-privacy-security/encryption#mtls-protocol-support:~:text=of%20the%20data.-,mTLS%20protocol%20support,-You%20can%20now , no changes are required in the custom action or journey, as Adobe will automatically handle the process to enable mTLS. However, the API call is returning a 403 error.

Could someone please help confirm if any additional configurations are required to resolve this issue?

@SatheeskannaK ​@Mayank_Gandhi ​@Pulkit_Jain_ ​@ManikSingla 

2 replies

DavidKangni
Community Advisor
DavidKangniCommunity Advisor
Community Advisor
May 22, 2026

Hi ​@DN1191 

 

is your server endpoint mTLS only enabled connection?

Thanks,

David

David Kangni
D
DN1191Author
Level 3
May 25, 2026

@DavidKangni I believe mTLS is enabled on server side. Could you please help me understand how mTLS works. In this case does Adobe gets the certificate back from server side and verifies it along with sending Adobe certificate to the server ? If, so will these both( certificate from Adobe to server and server to adobe) handled automatically when we make a custom action call ? Also when mTLS is enabled do they need to have only TLS 1.3 enabled. As per the input I received from the server side team they have both TLS 1.2 and TLS 1.3 enabled and as per them the way the negotiation works is it tries to connect with the highest level of the protocol first.

Pulkit_Jain_
Adobe Employee
Pulkit_Jain_Adobe Employee
Adobe Employee
May 25, 2026

@DN1191  Ideally, AJO automatically handles mTLS and no config is needed inside the custom action. A 403 almost always means the endpoint is rejecting Adobe’s client certificate.

Most common reasons could be that the endpoint is mTLS‑enabled or the endpoint does not trust Adobe’s mTLS certificate (ajo‑journeys.aep‑mtls.adobe.com) or TLS-only vs mTLS-only settings on the server are misconfigured.

Quick check- import Adobe’s public mTLS certificate or disable mTLS on their server to see if that resolves the issue

D
DN1191Author
Level 3
May 25, 2026

@Pulkit_Jain_ thank you for your response. But,sorry, I’m a bit confused here. As per the documentation, to use mTLS with AJO custom actions, the server address configured in the Adobe Journey Optimizer custom action UI must have standard TLS disabled and only mTLS enabled. However, based on your comment above, it sounds like the failure might be due to the endpoint being mTLS-enabled.

My question is: mTLS should be enabled on the server side for AJO custom actions to work, correct? Could you please clarify that point.

Terms & ConditionsAccessibility statement

Loading footer...