_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

mTLS v praxi

12. 05. 2018 1 min read advanced

How It Works

Standardní TLS: klient ověřuje server. mTLS: obě strany.

Certifikáty

CA

openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout ca.key -out ca.crt -subj ‘/CN=MyCA’

Server

openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj ‘/CN=server’ openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

Client

openssl req -nodes -newkey rsa:2048 -keyout client.key -out client.csr -subj ‘/CN=client’ openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt

Nginx

ssl_client_certificate /etc/ssl/ca.crt; ssl_verify_client on;

curl

curl –cert client.crt –key client.key –cacert ca.crt https://api.example.com

mTLS = Zero Trust

V service mesh je automatický. Pro vlastní služby interní CA.

mtlstlssecurityzero trust
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

mTLS — Mutual TLS vysvětlení

Co je mutual TLS, kdy ho použít a jak nakonfigurovat.

SSL/TLS certificates in Java applications

Managing SSL certificates in Java keystores. Keytool, truststore, mutual TLS and common HTTPS problems.

Zero Trust — The End of Perimeter Security

VPN and firewalls aren't enough. The Zero Trust model assumes the attacker is already inside the network. How we're...