How to create a custom suspend node that can do MTLS call to external microservices

Hi,
I want to develop a Custom Email Suspend Node that can send email using external microservice. This microservice expose a secure api with Mutual TLS (MTLS)

I have something like this

@Inject
    public ManutanEmailSuspendNode(@Assisted Config config, @Assisted Realm realm, Secrets secrets,
        CloseableHttpClientHandlerFactory closeableHttpClientHandlerFactory,
        IdmIntegrationService idmIntegrationService, LocaleSelector localeSelector) {
        this.config = config;
        this.realm = realm;
        this.idmIntegrationService = idmIntegrationService;
        this.localeSelector = localeSelector;

        Options extraOptions = Options.defaultOptions();

        if (config.mtlsEnabled()) {
            logger.error(secrets.getGlobalSecrets().toString());
            Purpose<CryptoKey> purpose = Purpose.purpose(config.mtlsSecretLabel().orElseThrow(), CryptoKey.class);
            var keyManager = secrets.getGlobalSecrets().getKeyManager(purpose);
            var trustManager = secrets.getGlobalSecrets().getTrustManager(purpose);

            extraOptions.set(HttpClientHandler.OPTION_KEY_MANAGERS, new KeyManager[] {keyManager});
            extraOptions.set(HttpClientHandler.OPTION_TRUST_MANAGERS, new TrustManager[] {trustManager});
        }

        this.handler = (CloseableHttpClientHandler) closeableHttpClientHandlerFactory.create(extraOptions);
    }

But i don’t know how to load keystore and truststore from my own certificates

Thanks for your help

@djamel.hamas ,

You may want to check out the new “tntp-restnode” marketplace node that is coming in both self-managed deployments and Identity cloud. It allows for outbound mTLS connections. It is currently configured with certificate/key in PEM format rather than using the secret store mappings.

-Rob