Mastering Two-Way TLS
This tutorial will walk you through the process of protecting your application with TLS authentication, only allowing access for certain users based on their certificates. This means that you can choose which users are allowed to call your application.
This sample project demonstrates a basic setup of a server and a client. The communication between the server and client happens through HTTP, so there is no encryption at all yet. The goal is to ensure that all communication will be encrypted.
These are the following steps:
- Starting the server
- Saying hello to the server (without encryption)
- Enabling HTTPS on the server (one-way TLS)
- Require the client to identify itself (two way TLS)
- Two way TLS based on trusting the Certificate Authority
- Automated script for enabling authentication with TLS
Definition
- Identity: A KeyStore which holds the key pair also known as private and public key
- TrustStore: A KeyStore containing one or more certificates also known as public key. This KeyStore contains a list of trusted certificates
- One way authentication (also known as one way tls, one way ssl): Https connection where the client validates the certificate of the counter party
- Two way authentication (also known as two way tls, two way ssl, mutual authentication): Https connection where the client as well as the counter party validates the certificate, also known as mutual authentication
Usefull links
Below is a list of already tested clients, plain Java based Http Client configurations can be found at the ClientConfig class. The service directory contains the individual Http Clients with an example requests. Kotlin and Scala based Http Client Configurations are included as nested class, because of language limitation within the ClientConfig class I couldn’t include it there. All client examples use the same base ssl configuration created within the SSLConfig class.
#java #server #security #scala #spring boot #ssl #tls #client #two-way
