Skip to content
This repository has been archived by the owner on Oct 6, 2021. It is now read-only.
/ mtls Public archive

A small Go library and utility for generating TLS mutual authentication certificates and key pairs.

License

MIT, Unknown licenses found

Licenses found

MIT
LICENSE
Unknown
LICENSE-THIRD-PARTY.md
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

stephen-fox/mtls

BranchesTags

Repository files navigation

mtls - TLS Mutual Authentication

What is it?

A small Go library and utility for generating TLS mutual authentication certificates and key pairs.

Per Wikipedia:

Mutual authentication or two-way authentication refers to two parties
authenticating each other at the same time, being a default mode of
authentication in some protocols (IKE, SSH) and optional in others (TLS).

In other words, the server will reject the client if the client does not provide the correct certificate and key, and the client will reject the server if the server does not provide the correct certificate and key.

This authentication method is particularly useful for services running on an end user's machine, or for services with only one consumer. This package provides automation for generating the certificate and private key.

How do I use the application?

By default, the application creates a certificate.crt and a private-key.pem in the current working directory. These two files are needed to facilitate TLS mutual authentication by both the client and the server.

There are several use cases which may change how you use the application.

If you would like to generate a mTLS pair for an IP address, do the following:

$ mtls -o "Junk, Inc." -i 127.0.0.1

If you would like to generate a mTLS pair that supports several organizations, separate them by pipes |:

$ mtls -o 'Junk, Inc.|Better Junk LLC.' -i 127.0.0.1

If you would like to generate a mTLS pair that supports several IP addresses, separate them by commas ,:

$ mtls -o "Junk, Inc." -i 192.168.1.10,192.168.2.5

If you would like to generate a mTLS pair for a DNS address:

$ mtls -o "Junk, Inc." -d mycoolsite.com

If you would like to generate a mTLS pair that supports several DNS addresses, separate them by commas ,:

$ mtls -o "Junk, Inc." -d mycoolsite.com,anothersite.net

You can view additional examples by running the application with -x:

$ mtls -x

TLS mutual authentication in a server

The following steps describe how to run a web server that uses mTLS.

  1. Run the included example server:
$ go run cmd/mtls-server-example/main.go
  1. In a separate terminal, execute curl:
$ curl \
    --cacert certificate.crt \
    --cert certificate.crt \
    --key private-key.pem \
    -X 'GET' \
    https://127.0.0.1:8888/test

TLS mutual authentication in a client

Please refer to the mtls-client-example application.

About

A small Go library and utility for generating TLS mutual authentication certificates and key pairs.

Topics

tls certificate cross-platform tls-mutual-authentication

Resources

Readme

License

MIT, Unknown licenses found

Licenses found

MIT
LICENSE
Unknown
LICENSE-THIRD-PARTY.md
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

Initial release. Latest
Jan 6, 2018

Packages

No packages published

Languages