This application is the POC for Authentication between microservices.
This PoC uses self-signed certificate to authenticate.
A microservice running on NodeJS
and Express
Framework.
A microservice running on Python
and Flask
Framework.
openssl req -x509 -days 365 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem
openssl req -x509 -days 1000 -newkey rsa:2048 -out local-cert.pem -keyout local-key.pem -subj "/CN=0.0.0.0"
openssl req -new -x509 -days 9999 -newkey rsa:4096 -keyout ca-key.pem -out ca-cert.pem
- Common Name should be different from both client and server
openssl genrsa -out server-key.pem 4096
openssl req -new -key server-key.pem -out server-csr.pem
- Command Name should be different, and client will verify this
- no password
openssl x509 -req -days 9999 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
- it will ask for CA password
openssl verify -CAfile ca-cert.pem server-cert.pem
openssl genrsa -out client-key.pem 4096
openssl req -new -key client-key.pem -out client-csr.pem
- Command Name should be different, and server will NOT verify this
- no password
openssl x509 -req -days 9999 -in client-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem
- it will ask for CA password
openssl verify -CAfile ca-cert.pem client-cert.pem
curl -v --cert certs/local-cert.pem --key certs/local-key.pem https://0.0.0.0:4000
curl -v --cert client-cert.pem --key client-key.pem https://localhost:4000/
curl -v -k --cacert ca-cert.pem https://0.0.0.0:4000/
- works when rejectUnauthorized: false