https://github.com/oluizeduardo/mutual-tls-java-demo
Example project demonstrating digital certificate generation and mutual TLS authentication using Java and OpenSSL.
https://github.com/oluizeduardo/mutual-tls-java-demo
java mtls mtls-authentication openssl
Last synced: 3 months ago
JSON representation
Example project demonstrating digital certificate generation and mutual TLS authentication using Java and OpenSSL.
- Host: GitHub
- URL: https://github.com/oluizeduardo/mutual-tls-java-demo
- Owner: oluizeduardo
- License: mit
- Created: 2025-05-31T19:04:13.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2025-05-31T22:45:10.000Z (4 months ago)
- Last Synced: 2025-06-01T09:31:00.958Z (4 months ago)
- Topics: java, mtls, mtls-authentication, openssl
- Language: Java
- Homepage:
- Size: 6.84 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Mutual TLS (mTLS) Demo in Java
This project is a simple demonstration of **Mutual TLS (mTLS)** authentication using Java and OpenSSL-generated certificates in **PKCS12** format.
It includes:
- A Bash script (`setup-mtls.sh`) to generate certificates.
- A Java HTTPS server (`MutualTLSServer.java`) that requires clients to present valid certificates.
- A Java HTTPS client (`MutualTLSClient.java`) that authenticates itself and trusts only a known server.
## π What is Mutual TLS?
**Mutual TLS** is an extension of standard TLS (*Transport Layer Security*) where **both** the server and the client authenticate each other using certificates.
- In normal TLS (e.g., HTTPS), the client verifies the server's identity via its certificate.
- In **mutual** TLS, the server also requires the client to present a trusted certificate, creating a **two-way trust**.
This is commonly used in:
- Secure microservice communication
- APIs requiring strong client identity
- Enterprise VPNs
## π§ How to Use This Project
### 1. Clone the Repository
```bash
git clone https://github.com/your-username/mutual-tls-java-demo.git
cd mutual-tls-java-demo
```
### 2. Generate Certificates
Make sure you have OpenSSL installed, then run:
```bash
./setup-mtls.sh
```
This will generate:
- A Certificate Authority (CA)
- A server certificate signed by the CA
- A client certificate signed by the CA
- PKCS12 keystores: `server.p12`, `client.p12`
### 3. Compile the Java Classes
Ensure youβre using Java 11 or later (for TLS 1.3 compatibility).
```bash
javac MutualTLSServer.java
javac MutualTLSClient.java
```
### 4. Run the Server
```bash
java MutualTLSServer
```
You should see:
```bash
HTTPS server with mTLS started on port 8443
```
### 5. Run the Client
Open a second terminal and run:
```bash
java MutualTLSClient
```
Expected output:
```bash
Server response: Hello, authenticated client!
```
## π Requirements
- Java 11+
- OpenSSL (for generating certificates)
- Bash shell
## β
Security Notes
- This setup is for local development and educational purposes.
- In production, certificates should have stronger protection, revocation support, and expiry handling.
- Passwords like `changeit` should never be used in real deployments.