This is a example of how to create self-signed certificate with OpenSSL and test a mTLS communication with a sample NodeJS application.
- Node - JS runtime environment
- VSCode - IDE
- OpenSSL - TLS toolkit
- cURL - Command line tool to make HTTP requests (optional)
- Postman -API Testing tool (optional)
$ npm installCreate a folder called certificates and inside this folder run the commands listed below:
# creating trust certificate authority (CA) for server and client
$ openssl req -new -x509 -nodes -days 365 -subj '/CN=my-ca' -keyout ca.key -out ca.crt
# creating server's private key
$ openssl genrsa -out server.key 2048
# creating server's certificate signature request (CSR)
$ openssl req -new -key server.key -subj '/CN=localhost' -out server.csr
# creating server's certificate signed by CA
$ openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 -out server.crt
# creating client's private key
$ openssl genrsa -out client.key 2048
# creating client's certificate signature request (CSR)
$ openssl req -new -key client.key -subj '/CN=my-client' -out client.csr
# creating client's certificate signed by CA
$ openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 -out client.crt# watch mode
$ npm run start:dev
# production mode
$ npm run startIn case you are using cURL, run the following command inside certificates folder:
$ curl --cacert ca.crt --key client.key --cert client.crt https://localhost:3000/ -vTo test with Postman, follow the instructions below:
Go to Settings > Certificates:
Now turn on CA Certificates switch and import ca.crt file into PEM file:
After that, click in "Add Certificate" and fill the fields like the image below, and then click on the "Add" button:
To finish, create a new request with our server, your response should look like this:
If you find trouble to have some fun with this code feel confortable to open a new ISSUE.
But if you find it and know how to solve, please open a PULL REQUEST.