It is not intuitive that there is some work to do to get WebClient to communicate with certs. Having written this twice now across two projects, here it is: // Pull these in however you like @Value("${user.keystore}") String keyStoreLocation; @Value("