GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nicholasjackson → Mtls Go Example

nicholasjackson / Mtls Go Example

Licence: apache-2.0
Simple example using mutual TLS authentication with a Golang server

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects

Labels

certificate

Projects that are alternatives of or similar to Mtls Go Example

Weidentity
基于区块链的符合W3C DID和Verifiable Credential规范的分布式身份解决方案
Stars: ✭ 972 (+872%)
Mutual labels:  certificate
Acmesharp
An ACME client library and PowerShell client for the .NET platform (Let's Encrypt)
Stars: ✭ 1,161 (+1061%)
Mutual labels:  certificate
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (-6%)
Mutual labels:  certificate
Nico
A HTTP2 web server for reverse proxy and single page application, automatically apply for ssl certificate, Zero-Configuration.
Stars: ✭ 43 (-57%)
Mutual labels:  certificate
Ansible Letsencrypt
Ansible role for LetsEncrypt
Stars: ✭ 66 (-34%)
Mutual labels:  certificate
Icingaweb2 Module X509
Keeps track of certificates as they are deployed in a network environment.
Stars: ✭ 78 (-22%)
Mutual labels:  certificate
Tensorflow In Practice Specialization
DeepLearning.AI TensorFlow Developer Professional Certificate Specialization
Stars: ✭ 29 (-71%)
Mutual labels:  certificate
Certificate Authority Situational Awareness
Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber
Stars: ✭ 99 (-1%)
Mutual labels:  certificate
X509
Elixir package for working with X.509 certificates, Certificate Signing Requests (CSRs), Certificate Revocation Lists (CRLs) and RSA/ECC key pairs
Stars: ✭ 68 (-32%)
Mutual labels:  certificate
Lpic 1 Anki Flashcards
Deck of Anki flashcards for the LPIC-1 (Linux System Administrator) exams 101 and 102 of the Linux Professional Institute (LPI).
Stars: ✭ 90 (-10%)
Mutual labels:  certificate
Ghost Nginx Ssl Docker
Ghost blog with nginx proxy, lets encrypt ssl in a docker-compose (ready for production)
Stars: ✭ 45 (-55%)
Mutual labels:  certificate
Webconsole
Spigot plugin to manage your server remotely using a web interface
Stars: ✭ 62 (-38%)
Mutual labels:  certificate
Google It Automation With Python
Repository to keep track of Google IT Automation with Python provided by Coursera
Stars: ✭ 86 (-14%)
Mutual labels:  certificate
Certainly
🎓 Handy simple tool for common certificate-related operations. Has a known issue in latest, see release notes. ONLY USE AND INSTALL 1.6.2. See link =>
Stars: ✭ 36 (-64%)
Mutual labels:  certificate
Pki
The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
Stars: ✭ 97 (-3%)
Mutual labels:  certificate
Pki.js
PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
Stars: ✭ 960 (+860%)
Mutual labels:  certificate
Acme client
Java ACME Client application
Stars: ✭ 77 (-23%)
Mutual labels:  certificate
Teleport
Certificate authority and access plane for SSH, Kubernetes, web apps, databases and desktops
Stars: ✭ 10,602 (+10502%)
Mutual labels:  certificate
Chef Acme
Chef cookbook to request SSL certificates at Let's Encrypt
Stars: ✭ 98 (-2%)
Mutual labels:  certificate
Certificaat
General-purpose ACME client
Stars: ✭ 88 (-12%)
Mutual labels:  certificate
View All Similar Projects ➔

MTLS Example

Simple example to demonstrate how to use Mutual Authentication with Golang HTTP servers.

Generating certificates

Generating the necessary certificates for this example can be performed by running the ./generate.sh command and providing the domain name to create the cert for and the password for the keys.

./generate.sh localhost password

A certificate is only valid if the domain matches the hosted domain of the server, for example a certificate issue to the domain www.example.com would raise an exception if you attempted to run curl https://localhost.

The script generates a root certificate and key, an intermediary, application certificate and a client certificate. Both the application and client certificate are generated from the intermediary this would allow the client to authenticate any server which uses the intermediary chain. It is possible to lock a client certificate down to a particular application by signing it with the applications certificate rather than the intermediary.

Running the server using a self signed certificate

Start the server

$ go run main.go -domain localhost

When calling the endpoint it is requred to add the ca-chain cert to the curl command as this is a self signed certificate.

$ curl -v --cacert 2_intermediate/certs/ca-chain.cert.pem https://localhost:8443/

#...
Hello World%

Running the server with Mutual TLS Authentication and a self signed certifcate

Start the server

$ go run main.go -domain localhost -mtls true

Call the endpoint providing the certificates generated for the client, for the server to validate the request the user must provide its certifcate and private key.

$ curl -v --cacert 2_intermediate/certs/ca-chain.cert.pem --cert 4_client/certs/localhost.cert.pem --key 4_client/private/localhost.key.pem https://localhost:8443/

#...
Hello World%

Calling the endpoint without providing the certificates

$ curl -v --cacert 2_intermediate/certs/ca-chain.cert.pem https://localhost:8443/

#...
curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].