How to authenticate host service via tls

I have a host service that uses tls for password authentication , so while mapping that host service how do I fulfil its tls requirement in openziti ?

I'm not sure what you're asking. If you are using TLS, you just configure the server to provide a certificate and / or do the same at the client side. I don't understand what you're actually asking here.

To form a TLS connection over ziti, whatever intercept you choose, that certificate simply needs to be served from the side the client is connecting to. If you intercept "my.ziti.test" -- the server needs to return a cert that is valid for "my.ziti.test".

It'll 'just work'.

Let's say I'm using trino service which requires tls for pass authentication .

If its url was trino.default.svc I want to connect it as https://trino.default.svc even if intercept (ziti domain) like trino.ziti.internal can be http .

I know what I'm asking is bit uncommon but what if some applications like trino support password authentication only via tls

I want service to present a certificate and request it via https to trino endpoint

Do correct me if I miss something

If you have a service that requires TLS and only serves TLS like "https://trino.default.svc" then when a user tries to go to "http://trino.ziti.internal" it will get a protocol violation error and no connection will be established. So the easy way of dealing with this is to only offload from the openziti overlay towards the HTTPS/TLS port and no HTTP request can ever be made.

ok what if I keep ziti url also https here ?

To be clear, only https will work properly in the situation you described. So if you use http -- it will not work. There is no way for you to perform a scheme change with ziti. it must be http->http or https->https.

yes in case of https->https could you please guide me how do I do it ?

It's exactly like every other service. Just make sure the clients type "https" and make sure your bind config sends traffic to the https port and the rest is all the same.

sure ill try thanks @TheLumberjack