Hi,   I added the following on the handle response processor:   Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: POST Access-Control-Allow-Origin: *   I also had to allow the options method in the handle http request processor and respond to the options request with this header. You could use wildcards for everything if you are testing.   The browser does a preflight options request for cross origin requests. It does this if it is not classified as a simple request: https://stackoverflow.com/a/40373949/3359365   So if you set the content-type to application/json on the client for a cross origin post the browser will check if the server supports it with the options request. ... View more

Hi,   I used keystore explorer (https://keystore-explorer.org/downloads.html) to generate a client certificate from the server certificate. The server's intermediate CA public cert has to be in the truststore as well as the server certificate.   As for the user cert I sign it with the server cert, export as user.p12 and export the user cert. The trick is the extentions you have to add on the user cert. You can use this template with keystore explorer: https://drive.google.com/open?id=1k_BVTtNb8EcrKHDgOvnVMx-GevYZgQqF    The main thing is the basic constraints extention should be Subject is not a CA and the extended key usage should be for server and client auth ... View more