Comment by jazzyjackson
5 days ago
After coming across a brief tutorial of mTLS in this tool for locking down access to my family photo sharing [0] I have bounced around the internet following various guides but haven't ended up with a pfx file that I can install in a browser. Can you recommend any resource to understand which keys sign what, and what a client certificate is verified against?
The guides I find often contain the openssl incantations with little explanation so I feel a bit like stumbling through the dark. I realize how much I've taken stacktraces for granted when this auth stuff is very "do or do not, there is no error"
[0] https://github.com/alangrainger/immich-public-proxy/blob/mai...
Honestly, the most approachable way will be to use something like Keystore Explorer: https://keystore-explorer.org/
Alternatively, this guide focuses on Apache2 configuration but also goes through the certs https://www.openlogic.com/blog/mutual-authentication-using-a... (it’s a little dated though)
Here’s also something a bit more recent for Nginx https://darshit.dev/posts/two-way-ssl-nginx/