Skip to content
/ go-tls-mutual-auth Public

SSL/TLS mutual authentication example in Go, and layer 4 (tcp) load balancing

30 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jomoespe/go-tls-mutual-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
certgen
certgen
 
 
client
client
 
 
haproxy
haproxy
 
 
server
server
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Balanced HTTP2 REST service with TLS mutual authentication

Goals

This project realize two goals:

The services are implemented in Go language

Requisites

For SSL/TLS mutual authentication:

For load balancing:

Introduction

Mutual authentication refers to two parties authenticating each other at the same time. That is a client authenticating itself to a server and that server authenticating itself to the client in such a way that both parties are assured of the others' identity. In adition to SSL, muutual authentication provides authentication and non-repudiation of the client, using using digital signatures.

This process it performed with certificates interchange. That is both client and server send its own certificates in connection handshaking, the client validate if the server certificate is valid and then the server validates the client certificate validation. If all it's ok the connection is stablished. After this, the server can read client centificate information to perform client identification.

Because we are realizing client authentication and identification in the service process, we cannot put an HTTP/S (layer 7) reverse proxy/load balancer in front of a service instances. This is why we configure a TCP (layer 4) reverse proxy/load balancer.

SSL/TSL mutual authentication

The project have three main components:

  • The server.
  • The client.
  • A certificate generation tool.

Build

To build all components

make clean all

There are make targets for each component.

make [cert] [serverd] [tlsclient]

Certificate generation tool

Generate certificate:

    ./cert [-org <"Organization name">] [-name <"subject name">] [-duration <duration>] [-cert <certificate filename>] [-key <private key filename>] [-client [<true|false>]] [ip|servers....]

Example: generate a server certificate for 127.0.0.1 and localhost.localdomain

./cert -cert server.crt -key server.key 127.0.0.1 localhost.localdomain

Example: generate a client certificate with client_1 name

./cert -client -cert client.crt -key client.key -name=client_1

The server

./serverd

The client

./tlsclient

References

About

SSL/TLS mutual authentication example in Go, and layer 4 (tcp) load balancing

Topics

go tls golang ssl http http2 golang-examples tls-mutual-authentication

Resources

Readme
Activity

Stars

30 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages