Skip to content

varugasu/Two-Way-SSL

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
api
api
 
 
ca
ca
 
 
client
client
 
 
nginx
nginx
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 

Repository files navigation

Two Way SSL

Requirements:

  • Docker
  • OpenSSL

CA Self signed certificate:

openssl genrsa -out ca/ca.key 2048
openssl req -new -x509 -key ca/ca.key -out ca/ca.crt -subj "/C=BR/ST=SP/L=SP/O=CA Example/OU=IT Department/CN=example.com"
cp ca/ca.crt nginx/certs/

Server:

openssl req -new -out server.csr -config nginx/server.conf
openssl x509 -req -in server.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out server.crt
cp server.csr server.key server.crt nginx/certs/
cp server.csr server.key server.crt api/server/certs/
rm server.*

Client:

openssl req -new -out client.csr -config client/client.conf
openssl x509 -req -in client.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out client.crt
mv client.* client/

Initialize:

docker-compose up --build

Verify:

--cacert is needed to skip curl's verification

curl https://server.example.br --cacert ca/ca.crt

Returns:

<html>
  <head>
    <title>400 No required SSL certificate was sent</title>
  </head>
  <body>
    <center><h1>400 Bad Request</h1></center>
    <center>No required SSL certificate was sent</center>
    <hr />
    <center>nginx</center>
  </body>
</html>

Adding client's certificate:

curl https://server.example.br --cacert ca/ca.crt --key client/client.key --cert client/client.crt

Output:

Hello, World

About

Private CA and Two Way SSL (Client Certificate)

Topics

python nginx ssl certificate-authority ssl-certificates nginx-configuration two-way-ssl-authentication

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages