{"id":17101725,"url":"https://github.com/nicholasjackson/mtls-go-example","last_synced_at":"2025-07-19T22:37:06.756Z","repository":{"id":50931100,"uuid":"114638964","full_name":"nicholasjackson/mtls-go-example","owner":"nicholasjackson","description":"Simple example using mutual TLS authentication with a Golang server","archived":false,"fork":false,"pushed_at":"2020-07-10T16:14:37.000Z","size":11,"stargazers_count":154,"open_issues_count":1,"forks_count":62,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-10-15T15:26:38.170Z","etag":null,"topics":["certificate","client-certificate","go"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nicholasjackson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-12-18T12:33:28.000Z","updated_at":"2024-09-12T23:15:49.000Z","dependencies_parsed_at":"2022-09-16T04:11:20.889Z","dependency_job_id":null,"html_url":"https://github.com/nicholasjackson/mtls-go-example","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicholasjackson%2Fmtls-go-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicholasjackson%2Fmtls-go-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicholasjackson%2Fmtls-go-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicholasjackson%2Fmtls-go-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nicholasjackson","download_url":"https://codeload.github.com/nicholasjackson/mtls-go-example/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221675318,"owners_count":16861860,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","client-certificate","go"],"created_at":"2024-10-14T15:26:34.442Z","updated_at":"2024-10-27T12:34:12.583Z","avatar_url":"https://github.com/nicholasjackson.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MTLS Example\nSimple example to demonstrate how to use Mutual Authentication with Golang HTTP servers.\n\n## Generating certificates\nGenerating the necessary certificates for this example can be performed by running the `./generate.sh` command and providing the domain name to create the cert \nfor and the password for the keys.\n\n```bash\n./generate.sh localhost password\n```\n\nA certificate is only valid if the domain matches the hosted domain of the server, for example a certificate issue to the domain www.example.com would raise an exception\nif you attempted to run `curl https://localhost`.\n\nThe script generates a root certificate and key, an intermediary, application certificate and a client certificate.  Both the application and client certificate are generated from the \nintermediary this would allow the client to authenticate any server which uses the intermediary chain.  It is possible to lock a client certificate down to a particular application \nby signing it with the applications certificate rather than the intermediary.\n\n## Running the server using a self signed certificate\nStart the server  \n```bash\n$ go run main.go -domain localhost\n```\n\nWhen calling the endpoint it is requred to add the ca-chain cert to the curl command as this is a self signed certificate.\n\n```bash\n$ curl -v --cacert 2_intermediate/certs/ca-chain.cert.pem https://localhost:8443/\n\n#...\nHello World% \n```\n\n## Running the server with Mutual TLS Authentication and a self signed certifcate\nStart the server  \n```bash\n$ go run main.go -domain localhost -mtls true\n```\n\nCall the endpoint providing the certificates generated for the client, for the server to validate the request the user must provide its \ncertifcate and private key.\n```bash\n$ curl -v --cacert 2_intermediate/certs/ca-chain.cert.pem --cert 4_client/certs/localhost.cert.pem --key 4_client/private/localhost.key.pem https://localhost:8443/\n\n#...\nHello World% \n```\n\nCalling the endpoint without providing the certificates\n\n```bash\n$ curl -v --cacert 2_intermediate/certs/ca-chain.cert.pem https://localhost:8443/\n\n#...\ncurl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnicholasjackson%2Fmtls-go-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnicholasjackson%2Fmtls-go-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnicholasjackson%2Fmtls-go-example/lists"}