demo-mtls

This is a cross-platform go tool to demonstrate the implementation of mTLS (Mutual TLS) and how useful it can help to setup authorization on top of TLS certificate - known as Certificate Bound Token. This program could be run into client or server mode through the mention of flag --client or --server respectively. Only the server mode generates both Root/server and Client CA certificates. These are saved to a fixed location on disk and deleted once server exits.

Click to watch a live demo video where server extract and compute the client's common name and certificate fingerprint (which could be used as token during authorization).

Technologies
Setup
Usage
License

Technologies

This project is developed with:

Golang version: > 1.16
Native libraries only

Setup

On Windows, Linux macOS, and FreeBSD you will be able to download the pre-built binaries once available. If your system has Go >= 1.16 you can pull the codebase and build from the source.

# build the auto-mtls-client-server-cli program on windows
git clone https://github.com/jeamon/demo-mtls.git && cd demo-mtls
go build -o mtls-client-server-cli.exe mtls-client-server-cli.go

# build the auto-mtls-client-server-cli program on linux and others
git clone https://github.com/jeamon/demo-mtls.git && cd demo-mtls
go build -o mtls-client-server-cli mtls-client-server-cli.go

Usage

    
mtls-client-server-cli [--client] [--server] [--help] [--version] [--certs <path-to-ca-certificates>] 


Options:

    -client   Specify to run the program into client mode.
    -server   Specify to run the program into server mode.
    -version  Display the current version of this program.
    -help     Display the help - how to use this program.
    -port     Specify the port where the server should listen.
    -ip       Specify the ip address where to bind the server.


Arguments:

    <path-to-ca-certificates>  path to both root & clients CA certificates folder.


You can run this tool into two different modes (client or server) by specifying the flags --client or
--server. In both mode, you can define the server's ip address and/or port number. By default --ip 
address is localhost (127.0.0.1) and --port is 8443. When these values are mentionned into client mode,
it means the address where the client should connect. Also, in client mode, you can specify the path of 
the parent folder (with --certs flag) from where to load the root/server CA certificate (to authenticate
the server) and client CA certificate (to sign the client auto-generated certificate). If not provided
the client will expect to find them from a folder named certificates inside the same working directory.
Only into server mode that both CA certificates are generated, this means you must run the server before.
Finally, you can display the instructions with the --help flag and the version with --version flag.


Examples:

    $ mtls-client-server-cli --version
    $ mtls-client-server-cli --help
    $ mtls-client-server-cli --client
    $ mtls-client-server-cli --server
    $ mtls-client-server-cli --client --ip 127.0.0.1 --port 8443 --certs certificates
    $ mtls-client-server-cli --client --ip 127.0.0.1 --port 8443
    $ mtls-client-server-cli --server --ip 127.0.0.1 --port 8443

License

please check & read the license details or reach out to me before any action.

jeamon / demo-mtls Goto Github PK

demo-mtls's Introduction

demo-mtls

Table of contents

Technologies

Setup

Usage

License

demo-mtls's People

Contributors

Stargazers

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent