Slide 20
Slide 20 text
Client certificate
authentication (mTLS)
Live example from
pratipad_example_device project:
1. Using the settings as the right
figure, the device001 can be both a
TLS server and a TLS client try
authentication in mTLS manner.
2. If both verify and
fail_if_no_peer_cert are set,
servers must verify client
certificates to authenticate them.
CIte: pratipad_example_device/rootfs_overlay/etc/device001.tls.conf https://github.com/kentaro/pratipad_example_device/blob/main/rootfs_overlay/etc/device001.tls.conf
[
{server,
[{cacertfile, "/etc/ca.crt"},
{certfile, "/etc/device001.pratipad.local.crt"},
{keyfile, "/etc/device001.pratipad.local.key"},
{secure_renegotiate, true},
{fail_if_no_peer_cert, true},
{verify, verify_peer}
]},
{client,
[{cacertfile, "/etc/ca.crt"},
{certfile, "/etc/device001.pratipad.local.crt"},
{keyfile, "/etc/device001.pratipad.local.key"},
{secure_renegotiate, true},
{fail_if_no_peer_cert, true},
{verify, verify_peer}
]}
].
device001.tls.conf