diff --git a/compose/auth_certs/generate.sh b/compose/auth_certs/generate.sh
index 5ca54784c..f277f2679 100644
--- a/compose/auth_certs/generate.sh
+++ b/compose/auth_certs/generate.sh
@@ -4,4 +4,4 @@ set -xe
 
 CERTS_DIR="$(dirname "$(readlink -f "$0")")"
 
-openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out "${CERTS_DIR}/certificate.pem" -keyout "${CERTS_DIR}/private.key"
+openssl req -new -addext "subjectAltName = DNS:auth" -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out "${CERTS_DIR}/certificate.pem" -keyout "${CERTS_DIR}/private.key" -subj "/C=CA/ST=ON/L=Toronto/O=RedHat/OU=JavaMonitoring/CN=Cryostat"
diff --git a/compose/sample_apps/gameserver-jdk17.yml b/compose/sample_apps/gameserver-jdk17.yml
index a3f086c8f..beb01a648 100644
--- a/compose/sample_apps/gameserver-jdk17.yml
+++ b/compose/sample_apps/gameserver-jdk17.yml
@@ -13,11 +13,12 @@ services:
       CRYOSTAT_AGENT_APP_NAME: gameserver-jdk17
       CRYOSTAT_AGENT_WEBSERVER_HOST: gameserver-jdk17
       CRYOSTAT_AGENT_WEBSERVER_PORT: 9495
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_PATH: /auth_certs/certificate.pem
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_TYPE: X.509
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_ALIAS: cryostat
       CRYOSTAT_AGENT_CALLBACK: http://gameserver-jdk17:9495/
       CRYOSTAT_AGENT_BASEURI: ${CRYOSTAT_PROXY_PROTOCOL}://${CRYOSTAT_HTTP_HOST}:${CRYOSTAT_PROXY_PORT}/
       CRYOSTAT_AGENT_BASEURI_RANGE: public
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUST_ALL: "true"
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_VERIFY_HOSTNAME: "false"
       CRYOSTAT_AGENT_AUTHORIZATION_TYPE: basic
       CRYOSTAT_AGENT_AUTHORIZATION_VALUE: user:pass
       CRYOSTAT_AGENT_API_WRITES_ENABLED: "true"
@@ -34,3 +35,5 @@ services:
       JMX_HOST: gameserver-jdk17
       JMX_PORT: "7092"
       JVM_OPTS: -javaagent:/opt/cryostat/agent.jar
+    volumes:
+      - ${DIR}/compose/auth_certs:/auth_certs:z
diff --git a/compose/sample_apps/gameserver-jdk21.yml b/compose/sample_apps/gameserver-jdk21.yml
index 5d8a6f1a0..ab998ff6c 100644
--- a/compose/sample_apps/gameserver-jdk21.yml
+++ b/compose/sample_apps/gameserver-jdk21.yml
@@ -13,11 +13,12 @@ services:
       CRYOSTAT_AGENT_APP_NAME: gameserver-jdk21
       CRYOSTAT_AGENT_WEBSERVER_HOST: gameserver-jdk21
       CRYOSTAT_AGENT_WEBSERVER_PORT: 9496
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_PATH: /auth_certs/certificate.pem
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_TYPE: X.509
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_ALIAS: cryostat
       CRYOSTAT_AGENT_CALLBACK: http://gameserver-jdk21:9496/
       CRYOSTAT_AGENT_BASEURI: ${CRYOSTAT_PROXY_PROTOCOL}://${CRYOSTAT_HTTP_HOST}:${CRYOSTAT_PROXY_PORT}/
       CRYOSTAT_AGENT_BASEURI_RANGE: public
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUST_ALL: "true"
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_VERIFY_HOSTNAME: "false"
       CRYOSTAT_AGENT_AUTHORIZATION_TYPE: basic
       CRYOSTAT_AGENT_AUTHORIZATION_VALUE: user:pass
       CRYOSTAT_AGENT_API_WRITES_ENABLED: "true"
@@ -34,3 +35,5 @@ services:
       JMX_HOST: gameserver-jdk21
       JMX_PORT: "7093"
       JVM_OPTS: -javaagent:/opt/cryostat/agent.jar
+    volumes:
+      - ${DIR}/compose/auth_certs:/auth_certs:z
diff --git a/compose/sample_apps/quarkus-cryostat-agent.yml b/compose/sample_apps/quarkus-cryostat-agent.yml
index 296e34873..23e4545c8 100644
--- a/compose/sample_apps/quarkus-cryostat-agent.yml
+++ b/compose/sample_apps/quarkus-cryostat-agent.yml
@@ -29,14 +29,15 @@ services:
       CRYOSTAT_AGENT_CALLBACK: http://quarkus-cryostat-agent:9977/
       CRYOSTAT_AGENT_BASEURI: ${CRYOSTAT_PROXY_PROTOCOL}://${CRYOSTAT_HTTP_HOST}:${CRYOSTAT_PROXY_PORT}/
       CRYOSTAT_AGENT_BASEURI_RANGE: public
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUST_ALL: "true"
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_VERIFY_HOSTNAME: "false"
       CRYOSTAT_AGENT_AUTHORIZATION_TYPE: basic
       CRYOSTAT_AGENT_AUTHORIZATION_VALUE: user:pass
       CRYOSTAT_AGENT_HARVESTER_PERIOD_MS: 30000
       CRYOSTAT_AGENT_HARVESTER_MAX_FILES: 3
       CRYOSTAT_AGENT_HARVESTER_EXIT_MAX_AGE_MS: 60000
       CRYOSTAT_AGENT_HARVESTER_EXIT_MAX_SIZE_B: 153600 # "$(echo 1024*150 | bc)"
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_PATH: /auth_certs/certificate.pem
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_TYPE: X.509
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_ALIAS: cryostat
       CRYOSTAT_AGENT_API_WRITES_ENABLED: "true"
     restart: always
     healthcheck:
@@ -45,3 +46,5 @@ services:
       retries: 3
       start_period: 30s
       timeout: 5s
+    volumes:
+      - ${DIR}/compose/auth_certs:/auth_certs:z
diff --git a/compose/sample_apps/vertx-cryostat-agent.yml b/compose/sample_apps/vertx-cryostat-agent.yml
index aa4fb6a4a..501198a8b 100644
--- a/compose/sample_apps/vertx-cryostat-agent.yml
+++ b/compose/sample_apps/vertx-cryostat-agent.yml
@@ -32,6 +32,7 @@ services:
       retries: 3
       start_period: 30s
       timeout: 5s
+
   vertx-agent-2:
     depends_on:
       cryostat:
@@ -44,10 +45,11 @@ services:
       USE_JDP: "true"
       USE_AUTH: "true"
       CRYOSTAT_AGENT_APP_NAME: "vertx-cryostat-agent-2"
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUST_ALL: "true"
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_VERIFY_HOSTNAME: "false"
       CRYOSTAT_AGENT_WEBSERVER_HOST: "vertx-agent-2"
       CRYOSTAT_AGENT_WEBSERVER_PORT: "8911"
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_PATH: /auth_certs/certificate.pem
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_TYPE: X.509
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_ALIAS: cryostat
       CRYOSTAT_AGENT_CALLBACK: "http://vertx-agent-2:8911/"
       CRYOSTAT_AGENT_API_WRITES_ENABLED: "true"
       CRYOSTAT_AGENT_BASEURI: "${CRYOSTAT_PROXY_PROTOCOL}://${CRYOSTAT_HTTP_HOST}:${CRYOSTAT_PROXY_PORT}/"
@@ -66,6 +68,9 @@ services:
       retries: 3
       start_period: 30s
       timeout: 5s
+    volumes:
+      - ${DIR}/compose/auth_certs:/auth_certs:z
+
   vertx-agent-3:
     depends_on:
       cryostat:
@@ -79,10 +84,11 @@ services:
       USE_AUTH: "true"
       USE_SSL: "true"
       CRYOSTAT_AGENT_APP_NAME: "vertx-cryostat-agent-3"
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUST_ALL: "true"
-      CRYOSTAT_AGENT_WEBCLIENT_TLS_VERIFY_HOSTNAME: "false"
       CRYOSTAT_AGENT_WEBSERVER_HOST: "vertx-agent-3"
       CRYOSTAT_AGENT_WEBSERVER_PORT: "8912"
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_PATH: /auth_certs/certificate.pem
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_TYPE: X.509
+      CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_ALIAS: cryostat
       CRYOSTAT_AGENT_CALLBACK: "http://vertx-agent-3:8912/"
       CRYOSTAT_AGENT_API_WRITES_ENABLED: "true"
       CRYOSTAT_AGENT_BASEURI: "${CRYOSTAT_PROXY_PROTOCOL}://${CRYOSTAT_HTTP_HOST}:${CRYOSTAT_PROXY_PORT}/"
@@ -101,6 +107,9 @@ services:
       retries: 3
       start_period: 30s
       timeout: 5s
+    volumes:
+      - ${DIR}/compose/auth_certs:/auth_certs:z
+
   vertx-agent-4:
     depends_on:
       cryostat: