![]() Then we sign the client certificate also in the same way Openssl req -new -sha256 -key client.key -out client.csr Then create a CSR for the client in the same way Openssl genrsa -des3 -out client.key 2048 Let’s create client certificates so we can use them to call the API. In this case however, we’d like the client to present its certificate and we’d like the server to authenticate it. ![]() If it were to be one-way TLS, we would not need the client certificate, because server would not request it. Signing Client CertificateĪs mentioned in the background, mutual TLS is based on both parties authenticating each other. This should create the server certificate with name server.pemwhich together with server.key will be used to configure Tomcat to enable SSL. You will be prompted for the root CA’s key password to proceed and sign the new certificate. Openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.pem -days 365 -sha256 ![]() In this case, since we also act as the root CA, let’s sign the server certificate with the given CSR. The CSR(s) should be provided by the entity requesting the certificate and then passed to the root CA.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |