https://github.com/varugasu/two-way-ssl
Private CA and Two Way SSL (Client Certificate)
https://github.com/varugasu/two-way-ssl
certificate-authority nginx nginx-configuration python ssl ssl-certificates two-way-ssl-authentication
Last synced: 2 months ago
JSON representation
Private CA and Two Way SSL (Client Certificate)
- Host: GitHub
- URL: https://github.com/varugasu/two-way-ssl
- Owner: varugasu
- License: mit
- Created: 2019-06-03T22:54:57.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-10-25T19:46:35.000Z (6 months ago)
- Last Synced: 2024-12-27T06:09:59.987Z (4 months ago)
- Topics: certificate-authority, nginx, nginx-configuration, python, ssl, ssl-certificates, two-way-ssl-authentication
- Language: Python
- Homepage:
- Size: 12.7 KB
- Stars: 0
- Watchers: 0
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Two Way SSL
## Requirements:
- Docker
- OpenSSL
## CA Self signed certificate:
```
openssl genrsa -out ca/ca.key 2048
openssl req -new -x509 -key ca/ca.key -out ca/ca.crt -subj "/C=BR/ST=SP/L=SP/O=CA Example/OU=IT Department/CN=example.com"
cp ca/ca.crt nginx/certs/
```
## Server:
```
openssl req -new -out server.csr -config nginx/server.conf
openssl x509 -req -in server.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out server.crt
cp server.csr server.key server.crt nginx/certs/
cp server.csr server.key server.crt api/server/certs/
rm server.*
```
## Client:
```
openssl req -new -out client.csr -config client/client.conf
openssl x509 -req -in client.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out client.crt
mv client.* client/
```
## Initialize:
```
docker-compose up --build
```
## Verify:
--cacert is needed to skip curl's verification
```
curl https://server.example.br --cacert ca/ca.crt
```
Returns:
```html
400 No required SSL certificate was sent
400 Bad Request
No required SSL certificate was sent
nginx
```
Adding client's certificate:
```
curl https://server.example.br --cacert ca/ca.crt --key client/client.key --cert client/client.crt
```
Output:
```
Hello, World
```