search

boobo94 / boobo94.github.io

My personal website.
https://whyboobo.com
MIT License
3 stars 1 forks source link

Implement mutual authentication or Two-way authentication #10

Closed boobo94 closed 3 years ago

boobo94 commented 3 years ago

Nodejs

const fs = require('fs');
const https = require('https');

https
  .createServer(
    {
      // ...
      requestCert: true,
      rejectUnauthorized: false,
      ca: fs.readFileSync('ca.crt'),
      // ...
    },
    (req, res) => {
      if (!req.client.authorized) {
        res.writeHead(401);
        return res.end('Invalid client certificate authentication.');
      }

      res.writeHead(200);
      res.end('Hello, world!');
    }
  )
  .listen(9443);

Axios

const httpsAgent = new https.Agent({
  ca: fs.readFileSync("./resource/bundle.crt"),        
  cert: fs.readFileSync("./resrouce/thirdparty.crt"),
  key: fs.readFileSync("./resource/key.pem"), 
})

axios.get(url, { httpsAgent })

// or

const instance = axios.create({ httpsAgent })

Documentation

Wiki https://en.wikipedia.org/wiki/Mutual_authentication Mutual Authentication Protocol for HTTP https://tools.ietf.org/html/rfc8120

How to implement

https://grizzlybit.info/blog/how-to-generate-keys-for-mutual-tls-authentication

boobo94 commented 3 years ago

Utils:

  1. https://www.matteomattei.com/client-and-server-ssl-mutual-authentication-with-nodejs/ code here
  2. https://github.com/julie-ng/nodejs-certificate-auth
  3. https://smallstep.com/hello-mtls/doc/combined/nodejs/axios and https://smallstep.com/hello-mtls/doc/combined/express/nodejs
  4. https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl
  5. https://freedomben.medium.com/what-is-asymmetric-encryption-64c74b2a0a82
  6. https://medium.com/littlemanco/the-magic-of-tls-x509-and-mutual-authentication-explained-b2162dec4401
boobo94 commented 3 years ago

Certificate-based Mutual TLS Authentication with Nginx - https://levelup.gitconnected.com/certificate-based-mutual-tls-authentication-with-nginx-57c7e693759d

boobo94 commented 3 years ago

CURL:

curl --cert certificates/client1-crt.pem --key certificates/client1-key.pem URL
boobo94 commented 3 years ago

https://grizzlybit.info/blog/how-to-generate-keys-for-mutual-tls-authentication https://github.com/zubair1024/mutual-tls-authentication https://levelup.gitconnected.com/certificate-based-mutual-tls-authentication-with-nginx-57c7e693759d https://smallstep.com/hello-mtls/doc/combined/nodejs/axios https://www.matteomattei.com/client-and-server-ssl-mutual-authentication-with-nodejs/ https://github.com/matteomattei/nodejs-ssl-mutual-authentication/blob/master/client.js https://smallstep.com/hello-mtls/doc/server/nginx https://medium.com/rahasak/tls-mutual-authentication-with-golang-and-nginx-937f0da22a0e https://codeburst.io/mutual-tls-authentication-mtls-de-mystified-11fa2a52e9cf

boobo94 commented 3 years ago

some issues described here https://serverfault.com/questions/875229/two-way-ssl-error-400-the-ssl-certificate-error-just-for-client-certificate