Tls mutual authentication #301
Comments
|
The gist doesn’t exist but I have just fiddled around with this and documenting for reference. (def ssl-context
(->
(SslContextBuilder/forServer (io/file “cert.pem”) (io/file “key.pem”))
(.clientAuth (ClientAuth/REQUIRE))
(.trustManager (io/file “trust.pem”))
(.build)))
(http/start-server handler {:ssl-context ssl-context})Wrote on my phone so apologies for formatting. Created issue #501 to expose the client certificate details in the request. |
|
Addressed : #505 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm not an expert, but here is what I've done trying to get mutual authentication :
https://gist.github.com/dvlopt/de48dbe6b7e1d7ea93c3beb929e146d0
Basically, in order for the client to make a request to my local https server, I have to set the sysprop "javax.net.ssl.trustStore" to the same truststore I've declared in the client's ssl context. Is this redundancy normal ? I expected the ssl context to be self sufficient and contain all the information it needs. The problem is specific to the client as requesting from the server using curl with --cacert to the pem file used to build the truststore works just fine.
Furthermore, how can mutual authentication be enforced ? Curling the server works but isn't mutual.
The text was updated successfully, but these errors were encountered: