{"id":20723321,"url":"https://github.com/jeamon/demo-mtls","last_synced_at":"2025-03-11T08:24:33.128Z","repository":{"id":152279685,"uuid":"404296388","full_name":"jeamon/demo-mtls","owner":"jeamon","description":"This is a cross-platform go tool to demonstrate the implementation of mTLS (Mutual TLS) and how useful it can be to setup authorization on top of TLS certificate - known as Certificate Bound Token. This program could be run into client or server mode. All certificates (for root \u0026 clients CAs, server and clients) are auto generated.","archived":false,"fork":false,"pushed_at":"2023-09-18T18:47:19.000Z","size":19,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-17T23:17:29.191Z","etag":null,"topics":["go","golang","https-client","https-server","mtls","mtls-authentication","tls-certificate"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jeamon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-09-08T09:58:09.000Z","updated_at":"2023-09-18T18:47:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"0bd4d106-1b4d-4bb6-8ed0-1805827e4371","html_url":"https://github.com/jeamon/demo-mtls","commit_stats":null,"previous_names":["jeamon/demo-mtls"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeamon%2Fdemo-mtls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeamon%2Fdemo-mtls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeamon%2Fdemo-mtls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeamon%2Fdemo-mtls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jeamon","download_url":"https://codeload.github.com/jeamon/demo-mtls/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242997801,"owners_count":20219231,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","https-client","https-server","mtls","mtls-authentication","tls-certificate"],"created_at":"2024-11-17T04:08:17.584Z","updated_at":"2025-03-11T08:24:33.099Z","avatar_url":"https://github.com/jeamon.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# demo-mtls\n\nThis is a cross-platform go tool to demonstrate the implementation of mTLS (Mutual TLS) and how useful it can help\nto setup authorization on top of TLS certificate - known as Certificate Bound Token. This program could be run into\nclient or server mode through the mention of flag --client or --server respectively. Only the server mode generates\nboth Root/server and Client CA certificates. These are saved to a fixed location on disk and deleted once server exits.\n\n\n* Click to watch a live [demo video](https://youtu.be/UjylweFUzL0) where server extract and compute the client's \ncommon name and certificate fingerprint (which could be used as token during authorization).\n\n\n## Table of contents\n* [Technologies](#technologies)\n* [Setup](#setup)\n* [Usage](#usage)\n* [License](#license)\n\n\n## Technologies\n\nThis project is developed with:\n* Golang version: \u003e 1.16\n* Native libraries only\n\n\n## Setup\n\nOn Windows, Linux macOS, and FreeBSD you will be able to download the pre-built binaries once available.\nIf your system has [Go \u003e= 1.16](https://golang.org/dl/) you can pull the codebase and build from the source.\n\n```\n# build the auto-mtls-client-server-cli program on windows\ngit clone https://github.com/jeamon/demo-mtls.git \u0026\u0026 cd demo-mtls\ngo build -o mtls-client-server-cli.exe mtls-client-server-cli.go\n\n# build the auto-mtls-client-server-cli program on linux and others\ngit clone https://github.com/jeamon/demo-mtls.git \u0026\u0026 cd demo-mtls\ngo build -o mtls-client-server-cli mtls-client-server-cli.go\n```\n\n\n## Usage\n\n\n```Usage:\n    \nmtls-client-server-cli [--client] [--server] [--help] [--version] [--certs \u003cpath-to-ca-certificates\u003e] \n\n\nOptions:\n\n    -client   Specify to run the program into client mode.\n    -server   Specify to run the program into server mode.\n    -version  Display the current version of this program.\n    -help     Display the help - how to use this program.\n    -port     Specify the port where the server should listen.\n    -ip       Specify the ip address where to bind the server.\n\n\nArguments:\n\n    \u003cpath-to-ca-certificates\u003e  path to both root \u0026 clients CA certificates folder.\n\n\nYou can run this tool into two different modes (client or server) by specifying the flags --client or\n--server. In both mode, you can define the server's ip address and/or port number. By default --ip \naddress is localhost (127.0.0.1) and --port is 8443. When these values are mentionned into client mode,\nit means the address where the client should connect. Also, in client mode, you can specify the path of \nthe parent folder (with --certs flag) from where to load the root/server CA certificate (to authenticate\nthe server) and client CA certificate (to sign the client auto-generated certificate). If not provided\nthe client will expect to find them from a folder named certificates inside the same working directory.\nOnly into server mode that both CA certificates are generated, this means you must run the server before.\nFinally, you can display the instructions with the --help flag and the version with --version flag.\n\n\nExamples:\n\n    $ mtls-client-server-cli --version\n    $ mtls-client-server-cli --help\n    $ mtls-client-server-cli --client\n    $ mtls-client-server-cli --server\n    $ mtls-client-server-cli --client --ip 127.0.0.1 --port 8443 --certs certificates\n    $ mtls-client-server-cli --client --ip 127.0.0.1 --port 8443\n    $ mtls-client-server-cli --server --ip 127.0.0.1 --port 8443\n\t\n```\n\n\n## License\n\nplease check \u0026 read [the license details](https://github.com/jeamon/demo-mtls/blob/master/LICENSE) or [reach out to me](https://blog.cloudmentor-scale.com/contact) before any action.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeamon%2Fdemo-mtls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjeamon%2Fdemo-mtls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeamon%2Fdemo-mtls/lists"}