mTLS authentication example
A simple demonstration of using CA-signed certificates to implement
mTLS in Go.
Running instructions
-
Clone the repository.
-
Start the server in the terminal.
$ go run . --server
- Start the client in a different terminal.
$ go run .
Key re-generation
- Generate CA private key, use the password "foo".
openssl genrsa -des3 -out ca.key 2048
- Generate the root public key:
openssl req -x509 -new -nodes -key ca.key -sha256 -days 1825 -out ca.pem
- Generate client private key:
openssl genrsa -out client.key 2048
- Generate the client certificate service request.
openssl req -new -key client.key -out client.csr
- Generate the client certificate. Use the CA password "foo".
openssl x509 -req -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.crt -days 825 -sha256 -extfile tls.ext
- Generate server private key:
openssl genrsa -out server.key 2048
- Generate the server certificate service request.
openssl req -new -key server.key -out server.csr
- Generate the server certificate. Use the CA password "foo".
openssl req -x509 -new -CA ca.pem -CAkey ca.key -CAcreateserial -key server.key -out server.crt -days 825 -sha256