I am trying to implement mTLS by my own regarding to the tutorial from https://quarkus.io/blog/quarkus-mutual-tls/.
This is how I have generated server-keystore, client-keystore and server-trustore
keytool -genkeypair \
-storepass password \
-keyalg RSA \
-keysize 2048 \
-dname "CN=example-server" \
-alias server \
-ext "SAN:c=DNS:localhost,IP:127.0.0.1" \
-keystore ./server-keystore.jks
keytool -genkeypair \
-storepass password \
-keyalg RSA \
-keysize 2048 \
-dname "CN=example-client" \
-alias client \
-ext "SAN:c=DNS:localhost,IP:127.0.0.1" \
-keystore ./client-keystore.jks
cp ./client-keystore.jks ./server-truststore.jks
keytool -exportcert \
-alias client \
-storepass password \
-keystore ./server-truststore.jks \
-rfc \
-file client.pem
as you can see the server-truststore is a copy of client-keystore. Afterwards, I have exported the certificate from server-truststore and named it as client.pem.
Doing the request to the backend via curl curl --cert client.crt https://localhost:8443/hello it complains:
curl: (58) could not load PEM client certificate, LibreSSL error error:02FFF002:system library:func(4095):No such file or directory, (no key found, wrong pass phrase, or wrong file format?)
I assume that the private key is missing in the certificate client.crt. Regarding to Use and utility of .p12 certificate/file I thing I need to generate client.p12 file that also contains the private key.
I also tried via Postman with the following certificate configuration:
Unfortunately, I have got a bad response:
What I am trying to achieve is that I would like to generate client certificates and provide it to customers, so that they can do the request to the backend server.
The code is hosted on https://github.com/softshipper/playwithmtls.
