I've been experimenting with using the server's public SSL key as a client certificate to authenticate self-hosted and cross-server web service requests since the cert should be available at runtime in common enterprise setups yet incentives align to keep it well-secured.
I would appreciate pointers to any open source libraries demonstrating best practices and/or promoting this approach, specifically protecting against replay attacks and race conditions that come up as the cert is renewed (much more often - thanks Let's Encrypt!).
I would appreciate pointers to any open source libraries demonstrating best practices and/or promoting this approach, specifically protecting against replay attacks and race conditions that come up as the cert is renewed (much more often - thanks Let's Encrypt!).