Skip to content
This repository has been archived by the owner on Jun 12, 2018. It is now read-only.

Client example for two way ssl authentication / tls with custom client certificate #2

Open
nickxpx opened this issue Oct 16, 2014 · 5 comments
Open

Client example for two way ssl authentication / tls with custom client certificate #2

nickxpx opened this issue Oct 16, 2014 · 5 comments

Comments

@nickxpx
Copy link

nickxpx commented Oct 16, 2014

I want connect to server with custom client certificate ssl file.
How can i do this with your lib.
Thank you.
@eidheim
Copy link
Owner

eidheim commented Oct 17, 2014

If I understand you correctly, you want to add custom (trusted) certification authorities from a file.

Try the latest version. I added the possibility to use custom certification authorities here, however, it is not tested. Try for instance with:
SocketClient client("some.wss.server.com", "ca.pem");
The certification authorities has to be in pem-format.

Please give me feedback if this works or not:)

@eidheim
Copy link
Owner

eidheim commented Oct 17, 2014

I have studied this issue abit more. You want to use a certificate for client authentication? In this case you have two files; the certificate and a private key file?

@eidheim
Copy link
Owner

eidheim commented Oct 17, 2014

Try latest version now with for instance:
SocketClient client("some.wss.server.com", true, "ca.pem", "client.crt", "client.key");

if you do not need a custom certificataion authority file:
SocketClient client("some.wss.server.com", true, "", "client.crt", "client.key");

Again this is not tested, and feedback would be appreciated.

@nickxpx
Copy link
Author

nickxpx commented Oct 18, 2014

I test this later, first i want try this implementation on golang.
I have CA Certaficate: ca.crt and ca.key
I have Server Keys: server.crt and server.key
And i have Clients keys: client.crt, client.key and ca.crt
For browser i can use *.p12 or *.pfx keys
Here example fo golang http://www.hydrogen18.com/blog/your-own-pki-tls-golang.html

"1 Create a Certificate Authority. This is commonly called a "CA".
2 Distribute the root certificate to all clients and servers.
3 Generate a server certificate for the server.
4 Use the CA to sign the server certificate.
5 Generate a client certificate for the client.
6 Use the CA to sign the client certificate.
7 Configure the server to trust the CA to authenticate clients.
8 Configure the client to trust the CA to authenticate servers."

@eidheim
Copy link
Owner

eidheim commented Nov 1, 2014

I decided to moved the pem-filename parameter to the end of SocketClient constructor so its similar to the SocketServer constructor:
SocketClient client("some.wss.server.com", true, "client.crt", "client.key", "ca.pem");

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickxpx @eidheim