# HTTPS Mutual Authentication Notebook
Connecting to a destination with mutual TLS. See `https://github.com/drkiettran/rabbitmq` repository for how to generate certs/keys/etc.

Example of creating `localhost.jks` file and keys, etc:

```shell
keytool -genkeypair -keystore localhost.jks -storepass changeit -keyalg RSA -alias localhost

keytool -storepass changeit -keystore localhost.jks -certreq -alias localhost -file localhost-certreq.csr

keytool -storepass changeit -keystore ca.jks -gencert -alias ca -ext ku:c=dig,keyEncipherment -rfc -infile localhost-certreq.csr -outfile localhost.pem

keytool -keystore localhost.jks -storepass changeit -importcert -alias root -file root.pem

keytool -keystore localhost.jks -storepass changeit -importcert -alias ca -file ca.pem

keytool -keystore localhost.jks -storepass changeit -importcert -alias localhost -file localhost.pem

keytool -importkeystore -srckeystore localhost.jks -destkeystore localhost.p12 -deststoretype PKCS12 -srcalias localhost -deststorepass changeit -destkeypass changeit

openssl pkcs12 -in localhost.p12 -nodes -nocerts -out localhost-priv-key.pem
openssl pkcs12 -in localhost.p12 -nokeys -out localhost-cert.pem

```

Example: of using a `curl` command for posting HTTPS request:

```shell

curl --location --request POST 'https://192.168.1.102:9999/to_ddb' --header 'Content-Type: application/json' --data-raw '{"http.port": 9999}' -k
```

```
{"statusCode":200,"reason":"OK"}
```

Mutual TLS with `curl`:
```shell
curl --location --request POST 'https://localhost:9999/to_ddb' --header 'Content-Type: application/json' --data-raw '{"http.port": 9999}' --key ./client-priv-key.pem --cert ./client-cert.pem --cacert ./ca_bundle.pem
```

In [8]:
import requests
import json
from IPython import display

In [11]:

private_key_file = '/home/student/certs/client-priv-key.pem'
public_key_file = '/home/student/certs/client-cert.pem'
ca_file = '/home/student/certs/ca_bundle.pem'

headers = {'content-type':'application/json'}
url = 'https://localhost:9999/to_ddb'
data = {"eye-catcher": "=====>>>>>> ", "http.port": 9999}

response = requests.post(url, headers=headers, data=json.dumps(data), verify=ca_file, cert=(public_key_file, private_key_file))
response.text




'{"statusCode":200,"reason":"OK"}'

## Mutual TLS with POSTMAN:
Consider the following information to configure POSTMAN for MUTUAL TLS HTTP Post

In [None]:
display.Image('./postman-ssl-cert-verification-image.png')


In [None]:
display.Image('./postman-tls-cert-key-image.png')