March 2021
Intermediate to advanced
260 pages
5h 45m
English
In the previous section, we used TLS to encrypt our connections and authenticate the server. Now we’ll go one step further and implement mutual TLS authentication (also known as two-way authentication) so the server will use our CA to verify that the client is authentic.
The first thing we need is a cert for our client, which we can generate with cfssl and cfssljson just like our CA and server’s certificates. Put the following JSON in a file called client-csr.json in your test directory:
| | { |
| | "CN": "client", |
| | "hosts": [""], |
| | "key": { |
| | "algo": "rsa", |
| | "size": 2048 |
| | }, |
| | "names": [ |
| | { |
| | "C": "CA", |
| | "L": "ON", |
| | "ST" |
Read now
Unlock full access