Skip to content

onemarcfifty/client-cert-test

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
ca
ca
 
 
xca db
xca db
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.html
index.html
 
 
testserver.js
testserver.js
 
 
thankyou.html
thankyou.html
 
 

Repository files navigation

client-cert-test

language License Last Commit FileCount Stars Forks

a simple nodejs web server that is using X.509 client certificates

How to install

Download the files from this repository, either by unzipping them into a directory or using git:

git clone https://github.com/onemarcfifty/client-cert-test.git

For this you need nodejs (no modules required, it is just plain html code). On Debian you can install node with apt:

sudo apt install nodejs

then cd into the new directory and run the server:

cd client-cert-test
node testserver.js

How to use it

Now you can open a web browser and browse to the address of the nodejs app. Assuming that your server is called "testserver", browse to https://testserver:8443/form you will most probably get a certificate warning. In the ca subdirectory you can find a self-signed certificate authority (CA) that you can import into your browser. Alternatively - if you want to run this on a server with valid Let's encrypt certificates or the like, just replace the files server.crt and server.key with the certificate and private key of your "real" server. Don't replace the ca.crt file - it's used for client authentication!

The files server.crt and server.key in the ca subdirectory have been signed with the ca.crt for testing purposes. If you want to test without certificate warning, then you could just make an entry into your host file and point testserver to any host, for example your localhost by addding the following into your /etc/hosts file (on Linux) or your C:\Windows\System32\drivers\etc\hosts file (on Windows):

127.0.0.1 localhost testserver

If you now browse to https://testserver:8433/form, then your browser should tell you that you have been rejected as you don't have the right client certificate installed. That's the purpose of this exercise ;-) - In order to gain access, you need to import the file xca.db/testuser.p12 into your browser. The password for this is hello

How does this work

We are using X.509 client certificates and TLS (Transport Layer Security) for this. If you want to edit the certificates using XCA then get XCA installed from Christian Hohnstaedt's site and open the file xca.db/xca.xdb - it contains all certificates. The password for the file again is hello

More Info

The whole process is described in This video on my youtube channel

About

a simple nodejs web server that is using X.509 client certificates

Topics

tls ssl certificate https x509 x509certificates

Resources

Readme

License

GPL-3.0 license
Activity

Stars

7 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages