I’m trying to secure webhook communication. I’m using PRISM Element. My callback server uses https and has a web-server certificate installed issued by a local CA.
First question is, which CA certificate will PRISM use to validate the callback server certificate? Is it the same CA certificate used for the PRISM web server?
Second question, how does the callback server verify that the webhook effectively originated from PRISM? Is this mutual TLS or is there another method? If mutual authentication, what certificate does PRISM use for this?