Looking for information on using client certs with Docker and the Automation framework
16 views
Skip to first unread message
Kyle
Mar 11, 2026, 7:12:10 AM (3 days ago) Mar 11
to ZAP User Group
I'm looking for any and all information on how to configure ZAP to send a client certificate for mTLS authentication when running in docker with the automation framework.
I've found and read over the documentation but all of it pertains to the web GUI. I found a few things by poking around online but no matter what I do I havent been able to get a spider or scan to work yet.
Automation plan failures:
Job spider failed to access URL https://my.company.domain : Received fatal alert: certificate_required
docker run -v ${PWD}:/zap/wrk/:rw -t zaproxy/zap-stable zap.sh -cmd `
-config network.options.clientcertificates.pkcs12.file=/zap/wrk/my.cert.pfx `
-config network.options.clientcertificates.pkcs12.password=MyCertPassword `
-config network.options.clientcertificates.pkcs12.store=true `
-autorun /zap/wrk/template.yaml
I know the cert is valid and working as I can make a get request against the site from PowerShell without issue. I'm just not sure how to get ZAP to use it within the container.
Invoke-WebRequest -Uri https://my.company.domain/path -Certificate $cert
StatusCode : 200
StatusDescription : OK
[...]
Appreciate any pointers anyone can provide!
PROPRIETARY and CONFIDENTIALITY NOTICE: This email and any attachments to it are intended only for the identified recipient(s). It may contain Federal Contract Information (FCI) and/or proprietary or otherwise legally protected information of The Informatics Applications Group, Inc. (TIAG). By accepting it, you agree to hold it in strict confidence and not to disseminate or disclose it (orally or in writing) to any other person or entity, except your employees and advisors with a need to know and who agree to comply with these confidentiality restrictions. If you have received this communication in error, please notify the sender and delete or otherwise destroy the email and all attachments immediately.
I've found and read over the documentation but all of it pertains to the web GUI. I found a few things by poking around online but no matter what I do I havent been able to get a spider or scan to work yet.
Automation plan failures:
Job spider failed to access URL https://my.company.domain : Received fatal alert: certificate_required
docker run -v ${PWD}:/zap/wrk/:rw -t zaproxy/zap-stable zap.sh -cmd `
-config network.options.clientcertificates.pkcs12.file=/zap/wrk/my.cert.pfx `
-config network.options.clientcertificates.pkcs12.password=MyCertPassword `
-config network.options.clientcertificates.pkcs12.store=true `
-autorun /zap/wrk/template.yaml
I know the cert is valid and working as I can make a get request against the site from PowerShell without issue. I'm just not sure how to get ZAP to use it within the container.
Invoke-WebRequest -Uri https://my.company.domain/path -Certificate $cert
StatusCode : 200
StatusDescription : OK
[...]
Appreciate any pointers anyone can provide!
PROPRIETARY and CONFIDENTIALITY NOTICE: This email and any attachments to it are intended only for the identified recipient(s). It may contain Federal Contract Information (FCI) and/or proprietary or otherwise legally protected information of The Informatics Applications Group, Inc. (TIAG). By accepting it, you agree to hold it in strict confidence and not to disseminate or disclose it (orally or in writing) to any other person or entity, except your employees and advisors with a need to know and who agree to comply with these confidentiality restrictions. If you have received this communication in error, please notify the sender and delete or otherwise destroy the email and all attachments immediately.
Simon Bennetts
Mar 13, 2026, 12:05:01 PM (18 hours ago) Mar 13
to ZAP User Group
Try changing network.options.clientcertificates.pkcs12 to network.options.clientCertificates.pkcs12 - capital C in clientCertificates.
I dont have a way to test this right now, but it looks like that key is invalid.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages