Skip to content
/ mtls_poc Public

We are configuring the certificates with mtls. The objective is server a service where the client must use a certificate to acess a endpoint and in parallel the service must use a certificate to ensure a https endpoint.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

monicabgs/mtls_poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
setup
setup
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

mtls_poc

We are configuring the certificates with mtls. The objective is server a service where the client must use a certificate to acess a endpoint and in parallel the service must use a certificate to ensure a https endpoint.

Installing and Configuring Nginx

sudo apt update

sudo apt install nginx

sudo ufw allow 'Nginx Full'

Creating Certificates

mkdir /certs

cd /certs

Generate Certificate Authority (CA) files

  • For this step we need choose a password, in this case I'm using ubuntu

  • You can see the output of each step in setup/output and must set the fields like the configurations

openssl genrsa -des3 -out ca.key 4096

openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

cat ca.key > ca.pem

Generating Client/User Certificates

  • For this step we need choose a password, in this case I'm using ubuntu

  • You can see the output of each step in setup/output and must set the fields like the configuration

openssl genrsa -des3 -out user.key 4096

openssl req -new -key user.key -out user.csr

openssl x509 -req -days 365 -in user.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out user.crt

openssl pkcs12 -export -out user.pfx -inkey user.key -in user.crt -certfile ca.crt

Generating Server Certificates

  • For this POC I'm using a fake DNS, but you must to change the "nginx.mssl.com" for the GUT endpoint

  • You can see the output of each step in setup/output and must set the fields like the configuration

openssl genrsa -out nginx.mssl.com.key 4096

openssl req -new -key nginx.mssl.com.key -out nginx.mssl.com.csr

openssl x509 -req -days 365 -sha256 -in nginx.mssl.com.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out nginx.mssl.com.crt

Setting up our endpoint with Nginx

  • For this step, the files will be in setup/endpoint

sudo vim /etc/hosts

mkdir -p /usr/share/nginx/mssl

cd /usr/share/nginx/mssl

touch index.html

Configuring the Nginx server to enable two way SSL

  • The files for this step will be in setup/server

cp -r /certs /etc/nginx

cd /

chmod 777 -R /certs

cd /etc/nginx/sites-available

touch proxy.conf

vim proxy.conf

ln -s /etc/nginx/sites-available/proxy.conf /etc/nginx/sites-enabled/proxy.conf

systemctl restart nginx

systemctl status nginx

Get request to the domain endpoint by terminal

cd /certs curl --cert user.crt --key user.key --cacert ca.crt https://nginx.mssl.com:443

About

We are configuring the certificates with mtls. The objective is server a service where the client must use a certificate to acess a endpoint and in parallel the service must use a certificate to ensure a https endpoint.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages