diff --git a/demo/tls/GNUmakefile b/demo/tls/GNUmakefile new file mode 100644 index 000000000..a33ae4a6e --- /dev/null +++ b/demo/tls/GNUmakefile @@ -0,0 +1,56 @@ +SHELL = bash + +.PHONY: all +all: \ + ca.pem ca-key.pem ca.csr \ + client.pem client-key.pem client.csr \ + dev.pem dev-key.pem dev.csr \ + server.pem server-key.pem server.csr \ + user.pem user-key.pem user.csr user.pfx + +.PHONY: bootstrap +bootstrap: ## Install dependencies + @echo "==> Updating cfssl..." + go get -u github.com/cloudflare/cfssl/cmd/... + +clean: ## Remove generated files + @echo "==> Removing generated files..." + rm -f \ + ca.pem ca-key.pem ca.csr \ + client.pem client-key.pem client.csr \ + dev.pem dev-key.pem dev.csr \ + server.pem server-key.pem server.csr \ + user.pem user-key.pem user.csr user.pfx + +# Generate Nomad certificate authority +ca.pem ca-key.pem ca.csr: + @echo "==> Removing generated files..." + cfssl gencert -initca ca-csr.json | cfssljson -bare ca + +# Generate Nomad server certificate +server.pem server-key.pem server.csr: + @echo "==> Generating Nomad server certificate..." + cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl.json \ + -hostname="server.global.nomad,localhost,127.0.0.1" csr.json \ + | cfssljson -bare server + +# Generate Nomad client node certificate +client.pem client-key.pem client.csr: + @echo "==> Generating Nomad client node certificate..." + cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl.json \ + -hostname="client.global.nomad,localhost,127.0.0.1" csr.json \ + | cfssljson -bare client + +# Generate Nomad combined server and client node certificate +dev.pem dev-key.pem dev.csr: + @echo "==> Generating Nomad server and client node certificate..." + cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl.json \ + -hostname="server.global.nomad,client.global.nomad,localhost,127.0.0.1" csr.json \ + | cfssljson -bare dev + +# Generate certificates for users (CLI and browsers) +user.pem user-key.pem user.csr user.pfx: + @echo "==> Generating Nomad user certificates..." + cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-user.json \ + csr.json | cfssljson -bare user + openssl pkcs12 -export -inkey user-key.pem -in user.pem -out user.pfx -password pass: diff --git a/demo/tls/README.md b/demo/tls/README.md new file mode 100644 index 000000000..8219fed47 --- /dev/null +++ b/demo/tls/README.md @@ -0,0 +1,57 @@ +Demo TLS Configuration +====================== + +**Do _NOT_ use in production. For testing purposes only.** + +See [Securing Nomad](https://www.nomadproject.io/guides/securing-nomad.html) +for a full guide. + +This directory contains sample TLS certificates and configuration to ease +testing of TLS related features. There is a makefile to generate certificates, +and pre-generated are available for use. + +## Files + +| Generated? | File | Description | +| - | ------------- | ---| +| ◻️ | `GNUmakefile` | Makefile to generate certificates | +| ◻️ | `tls-*.hcl` | Nomad TLS configurations | +| ◻️ | `cfssl*.json` | cfssl configuration files | +| ◻️ | `csr*.json` | cfssl certificate generation configurations | +| ☑️ | `ca*.pem` | Certificate Authority certificate and key | +| ☑️ | `client*.pem` | Nomad client node certificate and key | +| ☑️ | `dev*.pem` | Nomad certificate and key for dev agents | +| ☑️ | `server*.pem` | Nomad server certificate and key | +| ☑️ | `user*.pem` | Nomad user (CLI) certificate and key | +| ☑️ | `user.pfx` | Nomad browser PKCS #12 certificate and key *(blank password)* | + +## Usage + +### Agent + +To run a TLS-enabled Nomad agent include the `tls.hcl` configuration file with +either the `-dev` flag or your own configuration file. If you're not running +the `nomad agent` command from *this* directory you will have to edit the paths +in `tls.hcl`. + +```sh +# Run the dev agent with TLS enabled +nomad agent -dev -config=tls-dev.hcl + +# Run a *server* agent with your configuration and TLS enabled +nomad agent -config=path/to/custom.hcl -config=tls-server.hcl + +# Run a *client* agent with your configuration and TLS enabled +nomad agent -config=path/to/custom.hcl -config=tls-client.hcl +``` + +### Browser + +To access the Nomad Web UI when TLS is enabled you will need to import two +certificate files into your browser: + +- `ca.pem` must be imported as a Certificate Authority +- `user.pfx` must be imported as a Client certificate. The password is blank. + +When you access the UI via https://localhost:4646/ you will be prompted to +select the user certificate you imported. diff --git a/demo/tls/ca-csr.json b/demo/tls/ca-csr.json new file mode 100644 index 000000000..ded502e0a --- /dev/null +++ b/demo/tls/ca-csr.json @@ -0,0 +1,19 @@ +{ + "CN": "example.nomad", + "hosts": [ + "example.nomad" + ], + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "US", + "ST": "CA", + "L": "San Francisco", + "OU": "Nomad Demo" + } + ] +} + diff --git a/demo/tls/ca-key.pem b/demo/tls/ca-key.pem new file mode 100644 index 000000000..cc95d7c21 --- /dev/null +++ b/demo/tls/ca-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIKsrq20VeBrZ0VOqMJSvvU6E+w7RAbUR7D5RkZSgNKJQoAoGCCqGSM49 +AwEHoUQDQgAEn/hg7ktoFRazpDTMTkN1mEJoCo/wJOlI7XD98WE1wr6U/4q0Wh9F +YuNyfCb2rK2nSrLKra/1R+z3Q+trXJt2cQ== +-----END EC PRIVATE KEY----- diff --git a/demo/tls/ca.csr b/demo/tls/ca.csr new file mode 100644 index 000000000..01f02b2d8 --- /dev/null +++ b/demo/tls/ca.csr @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBRjCB7AIBADBfMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcT +DVNhbiBGcmFuY2lzY28xEzARBgNVBAsTCk5vbWFkIERlbW8xFjAUBgNVBAMTDWV4 +YW1wbGUubm9tYWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASf+GDuS2gVFrOk +NMxOQ3WYQmgKj/Ak6UjtcP3xYTXCvpT/irRaH0Vi43J8JvasradKssqtr/VH7PdD +62tcm3ZxoCswKQYJKoZIhvcNAQkOMRwwGjAYBgNVHREEETAPgg1leGFtcGxlLm5v +bWFkMAoGCCqGSM49BAMCA0kAMEYCIQDP+rv/peK1JGFzXOzdLmfjjEg2vOFWGccz +iAy63lDurgIhAIF//KajKrghaC1JXmsrqnVHuP40KZLOcAv54Q4PgH1h +-----END CERTIFICATE REQUEST----- diff --git a/demo/tls/ca.pem b/demo/tls/ca.pem new file mode 100644 index 000000000..945638503 --- /dev/null +++ b/demo/tls/ca.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICAzCCAaigAwIBAgIUN0nEio761fu7oRc04wRmlxxY3gowCgYIKoZIzj0EAwIw +XzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRMwEQYDVQQLEwpOb21hZCBEZW1vMRYwFAYDVQQDEw1leGFtcGxlLm5vbWFk +MB4XDTE4MDEwOTE4MDgwMFoXDTIzMDEwODE4MDgwMFowXzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQLEwpO +b21hZCBEZW1vMRYwFAYDVQQDEw1leGFtcGxlLm5vbWFkMFkwEwYHKoZIzj0CAQYI +KoZIzj0DAQcDQgAEn/hg7ktoFRazpDTMTkN1mEJoCo/wJOlI7XD98WE1wr6U/4q0 +Wh9FYuNyfCb2rK2nSrLKra/1R+z3Q+trXJt2caNCMEAwDgYDVR0PAQH/BAQDAgEG +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKaOK4q82ysmZ7dYMhjbZyphHxx3 +MAoGCCqGSM49BAMCA0kAMEYCIQCLoeQKyg1PsyMzETrw3pBA3H3wXU81peHT1t74 +R63a2gIhALIeUT188aOaLtUMgPaWd7wE14BDhSpLp602jVGCNFkH +-----END CERTIFICATE----- diff --git a/demo/tls/cfssl-user.json b/demo/tls/cfssl-user.json new file mode 100644 index 000000000..0fa751cee --- /dev/null +++ b/demo/tls/cfssl-user.json @@ -0,0 +1,12 @@ +{ + "signing": { + "default": { + "expiry": "87600h", + "usages": [ + "signing", + "key encipherment", + "client auth" + ] + } + } +} diff --git a/demo/tls/cfssl.json b/demo/tls/cfssl.json new file mode 100644 index 000000000..6e438c9b9 --- /dev/null +++ b/demo/tls/cfssl.json @@ -0,0 +1,13 @@ +{ + "signing": { + "default": { + "expiry": "87600h", + "usages": [ + "signing", + "key encipherment", + "server auth", + "client auth" + ] + } + } +} diff --git a/demo/tls/client-key.pem b/demo/tls/client-key.pem new file mode 100644 index 000000000..75a665adc --- /dev/null +++ b/demo/tls/client-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIGCce4MNcD+MHx1hQWOARCLQWCPJVhWzrAiI1QV7ftYKoAoGCCqGSM49 +AwEHoUQDQgAEDotF3nv9Stt9Zp5sBv3BNk4936BFBH6eyGAIULRlqSJQUrbc97cf +hcdwrVU0hDJcM98Bpd0R3OhqU7j86rc0FQ== +-----END EC PRIVATE KEY----- diff --git a/demo/tls/client.csr b/demo/tls/client.csr new file mode 100644 index 000000000..eb2821868 --- /dev/null +++ b/demo/tls/client.csr @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBRDCB6wIBADBHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcT +DVNhbiBGcmFuY2lzY28xEzARBgNVBAsTCk5vbWFkIERlbW8wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAQOi0Xee/1K231mnmwG/cE2Tj3foEUEfp7IYAhQtGWpIlBS +ttz3tx+Fx3CtVTSEMlwz3wGl3RHc6GpTuPzqtzQVoEIwQAYJKoZIhvcNAQkOMTMw +MTAvBgNVHREEKDAmghNjbGllbnQuZ2xvYmFsLm5vbWFkgglsb2NhbGhvc3SHBH8A +AAEwCgYIKoZIzj0EAwIDSAAwRQIgRr+uu2A1NPkhso3QFWuq9IFf8eCkU6yzkmJI +9R7JZRQCIQDTj2mN3OqJAl1LsMRc2rmD1J7Fp+GvnGmSDT4fcdQ9zA== +-----END CERTIFICATE REQUEST----- diff --git a/demo/tls/client.pem b/demo/tls/client.pem new file mode 100644 index 000000000..67fb7ed54 --- /dev/null +++ b/demo/tls/client.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWjCCAgCgAwIBAgIUDYX/mI1EZQPtc/6kc7Kv2epWDwQwCgYIKoZIzj0EAwIw +XzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRMwEQYDVQQLEwpOb21hZCBEZW1vMRYwFAYDVQQDEw1leGFtcGxlLm5vbWFk +MB4XDTE4MDEwOTE4MDgwMFoXDTI4MDEwNzE4MDgwMFowRzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQLEwpO +b21hZCBEZW1vMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDotF3nv9Stt9Zp5s +Bv3BNk4936BFBH6eyGAIULRlqSJQUrbc97cfhcdwrVU0hDJcM98Bpd0R3OhqU7j8 +6rc0FaOBsTCBrjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG +CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO2ys/83g7JgjwZf5KY4 +nOQojbV1MB8GA1UdIwQYMBaAFKaOK4q82ysmZ7dYMhjbZyphHxx3MC8GA1UdEQQo +MCaCE2NsaWVudC5nbG9iYWwubm9tYWSCCWxvY2FsaG9zdIcEfwAAATAKBggqhkjO +PQQDAgNIADBFAiEAu+R+nZv0QXbo5c+vEA+b8wryMWqK9TSkMZmh/BwMriwCIHIJ +o/vUarVvgFLy+9ZITDYgtQxMWGLjm8brPyDiXNEA +-----END CERTIFICATE----- diff --git a/demo/tls/csr.json b/demo/tls/csr.json new file mode 100644 index 000000000..4f8ae5938 --- /dev/null +++ b/demo/tls/csr.json @@ -0,0 +1,10 @@ +{ + "names": [ + { + "C": "US", + "ST": "CA", + "L": "San Francisco", + "OU": "Nomad Demo" + } + ] +} diff --git a/demo/tls/dev-key.pem b/demo/tls/dev-key.pem new file mode 100644 index 000000000..381f686fd --- /dev/null +++ b/demo/tls/dev-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJ/MkDicoe6ohduiDoGOwqGXlk2V13fZBwKRB8Ns+2hkoAoGCCqGSM49 +AwEHoUQDQgAEmjMddkSmrwZ5qamlGgn0NpbV09qvhAFmaBtawpGXa3LlPzvauHfm +lRcSEzHzkS1M6NT5eAKjJG8yojGHR78cXQ== +-----END EC PRIVATE KEY----- diff --git a/demo/tls/dev.csr b/demo/tls/dev.csr new file mode 100644 index 000000000..960bde4b4 --- /dev/null +++ b/demo/tls/dev.csr @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBWTCCAQACAQAwRzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQH +Ew1TYW4gRnJhbmNpc2NvMRMwEQYDVQQLEwpOb21hZCBEZW1vMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEmjMddkSmrwZ5qamlGgn0NpbV09qvhAFmaBtawpGXa3Ll +PzvauHfmlRcSEzHzkS1M6NT5eAKjJG8yojGHR78cXaBXMFUGCSqGSIb3DQEJDjFI +MEYwRAYDVR0RBD0wO4ITc2VydmVyLmdsb2JhbC5ub21hZIITY2xpZW50Lmdsb2Jh +bC5ub21hZIIJbG9jYWxob3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIEPHMv5p +xoNybtEQVprQrq5ymLX3rm1ZMkjH0EiJjk/AAiAsM2DTQtK8LnL0YKVbbmBNBX5g +1JQeTRt/kW7yKq0OeA== +-----END CERTIFICATE REQUEST----- diff --git a/demo/tls/dev.pem b/demo/tls/dev.pem new file mode 100644 index 000000000..ed6e67266 --- /dev/null +++ b/demo/tls/dev.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICbjCCAhWgAwIBAgIUc5S8QB/Kai23mJkU23YD4hoO7zkwCgYIKoZIzj0EAwIw +XzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRMwEQYDVQQLEwpOb21hZCBEZW1vMRYwFAYDVQQDEw1leGFtcGxlLm5vbWFk +MB4XDTE4MDEwOTE4MDgwMFoXDTI4MDEwNzE4MDgwMFowRzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQLEwpO +b21hZCBEZW1vMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmjMddkSmrwZ5qaml +Ggn0NpbV09qvhAFmaBtawpGXa3LlPzvauHfmlRcSEzHzkS1M6NT5eAKjJG8yojGH +R78cXaOBxjCBwzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG +CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBng/OMDB+a/pXc07ZYb +I6OODU5ZMB8GA1UdIwQYMBaAFKaOK4q82ysmZ7dYMhjbZyphHxx3MEQGA1UdEQQ9 +MDuCE3NlcnZlci5nbG9iYWwubm9tYWSCE2NsaWVudC5nbG9iYWwubm9tYWSCCWxv +Y2FsaG9zdIcEfwAAATAKBggqhkjOPQQDAgNHADBEAiAKiyqdAvtQewpuEXLU2VuP +Ifdn+7XK82AoTjOW/BbB0gIgNLusqAft2j7mqDT/LNpUTsl6E7O068METh4I9JlT +nEQ= +-----END CERTIFICATE----- diff --git a/demo/tls/server-key.pem b/demo/tls/server-key.pem new file mode 100644 index 000000000..9ab93fa5a --- /dev/null +++ b/demo/tls/server-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIP5t9f7rjG4tWmGaDkfIul+OiMEcCOp4aK9oOGQPFcv3oAoGCCqGSM49 +AwEHoUQDQgAErP0oL1Eo7dnxsUbaM0O1zTa2XLQTQrt8sfYQKuSxq5f1w3GxgUYJ +wHEpQRK34cNfvZZ1piAde/wBK8rAKCzhoQ== +-----END EC PRIVATE KEY----- diff --git a/demo/tls/server.csr b/demo/tls/server.csr new file mode 100644 index 000000000..647048909 --- /dev/null +++ b/demo/tls/server.csr @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBRTCB6wIBADBHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcT +DVNhbiBGcmFuY2lzY28xEzARBgNVBAsTCk5vbWFkIERlbW8wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAASs/SgvUSjt2fGxRtozQ7XNNrZctBNCu3yx9hAq5LGrl/XD +cbGBRgnAcSlBErfhw1+9lnWmIB17/AErysAoLOGhoEIwQAYJKoZIhvcNAQkOMTMw +MTAvBgNVHREEKDAmghNzZXJ2ZXIuZ2xvYmFsLm5vbWFkgglsb2NhbGhvc3SHBH8A +AAEwCgYIKoZIzj0EAwIDSQAwRgIhAMpGeIRtFaCxn2Yp8EqRgRT3OnECUv6Mi4+d +Hwn42L2UAiEAzISsF4+Dkemn6KRrOXTv7Anam8fTeoAdqokWV3j4ELQ= +-----END CERTIFICATE REQUEST----- diff --git a/demo/tls/server.pem b/demo/tls/server.pem new file mode 100644 index 000000000..50f6a7706 --- /dev/null +++ b/demo/tls/server.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWjCCAgCgAwIBAgIUJSWExbHzjFPPc/1Eiod55vk+11IwCgYIKoZIzj0EAwIw +XzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRMwEQYDVQQLEwpOb21hZCBEZW1vMRYwFAYDVQQDEw1leGFtcGxlLm5vbWFk +MB4XDTE4MDEwOTE4MDgwMFoXDTI4MDEwNzE4MDgwMFowRzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQLEwpO +b21hZCBEZW1vMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErP0oL1Eo7dnxsUba +M0O1zTa2XLQTQrt8sfYQKuSxq5f1w3GxgUYJwHEpQRK34cNfvZZ1piAde/wBK8rA +KCzhoaOBsTCBrjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG +CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLK3byFY7RGvoyYtJ9sM +DUKbriNRMB8GA1UdIwQYMBaAFKaOK4q82ysmZ7dYMhjbZyphHxx3MC8GA1UdEQQo +MCaCE3NlcnZlci5nbG9iYWwubm9tYWSCCWxvY2FsaG9zdIcEfwAAATAKBggqhkjO +PQQDAgNIADBFAiB7aohsv0AOs7dnL9zrUNoeU6/B90+BntrRtk8+NHTpnQIhAL7W +EpQ9vbAxQ/FouOPC5lLd94yYkMbbUmoke3H2vKkd +-----END CERTIFICATE----- diff --git a/demo/tls/tls-client.hcl b/demo/tls/tls-client.hcl new file mode 100644 index 000000000..ee129e1b1 --- /dev/null +++ b/demo/tls/tls-client.hcl @@ -0,0 +1,11 @@ +tls { + http = true + rpc = true + + ca_file = "ca.pem" + cert_file = "client.pem" + key_file = "client-key.pem" + + verify_server_hostname = true + verify_https_client = true +} diff --git a/demo/tls/tls-dev.hcl b/demo/tls/tls-dev.hcl new file mode 100644 index 000000000..e41ba8f32 --- /dev/null +++ b/demo/tls/tls-dev.hcl @@ -0,0 +1,11 @@ +tls { + http = true + rpc = true + + ca_file = "ca.pem" + cert_file = "dev.pem" + key_file = "dev-key.pem" + + verify_server_hostname = true + verify_https_client = true +} diff --git a/demo/tls/tls-server.hcl b/demo/tls/tls-server.hcl new file mode 100644 index 000000000..9e1a80269 --- /dev/null +++ b/demo/tls/tls-server.hcl @@ -0,0 +1,11 @@ +tls { + http = true + rpc = true + + ca_file = "ca.pem" + cert_file = "server.pem" + key_file = "server-key.pem" + + verify_server_hostname = true + verify_https_client = true +} diff --git a/demo/tls/user-key.pem b/demo/tls/user-key.pem new file mode 100644 index 000000000..6e7fa6b42 --- /dev/null +++ b/demo/tls/user-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEILshv6hNINiqJk7iPOBr1rL519YdPah78vK/uTrJm+eYoAoGCCqGSM49 +AwEHoUQDQgAES0uuEUedpQxKop5YTUgtywlx7vWJ5dN5PTa2MRoccEhKTVTg1IxW +S8OJxffyTIYXxAtTiDA4JVStchBf1rl2LQ== +-----END EC PRIVATE KEY----- diff --git a/demo/tls/user.csr b/demo/tls/user.csr new file mode 100644 index 000000000..d83211583 --- /dev/null +++ b/demo/tls/user.csr @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBATCBqQIBADBHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcT +DVNhbiBGcmFuY2lzY28xEzARBgNVBAsTCk5vbWFkIERlbW8wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAARLS64RR52lDEqinlhNSC3LCXHu9Ynl03k9NrYxGhxwSEpN +VODUjFZLw4nF9/JMhhfEC1OIMDglVK1yEF/WuXYtoAAwCgYIKoZIzj0EAwIDRwAw +RAIgL01k8EVmO9UBLTa5VDTzPmmOBJuB2GAL7KIUc20BVnQCIFNUx7+KblsI6E5Q +qOIZN1QUMPCGedKufHQvZJ9iX5S3 +-----END CERTIFICATE REQUEST----- diff --git a/demo/tls/user.pem b/demo/tls/user.pem new file mode 100644 index 000000000..d92772350 --- /dev/null +++ b/demo/tls/user.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHjCCAcOgAwIBAgIUeB9kcy9/5oLhHCm0PmBiBe6pybwwCgYIKoZIzj0EAwIw +XzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRMwEQYDVQQLEwpOb21hZCBEZW1vMRYwFAYDVQQDEw1leGFtcGxlLm5vbWFk +MB4XDTE4MDEwOTE4MDgwMFoXDTI4MDEwNzE4MDgwMFowRzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQLEwpO +b21hZCBEZW1vMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES0uuEUedpQxKop5Y +TUgtywlx7vWJ5dN5PTa2MRoccEhKTVTg1IxWS8OJxffyTIYXxAtTiDA4JVStchBf +1rl2LaN1MHMwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwG +A1UdEwEB/wQCMAAwHQYDVR0OBBYEFIjrKUYag+vlAh5h1eJwhsdekvgGMB8GA1Ud +IwQYMBaAFKaOK4q82ysmZ7dYMhjbZyphHxx3MAoGCCqGSM49BAMCA0kAMEYCIQC6 +AZ/eZTHXKOU1sxLTRsK3FHn88DKBqXhHJG/2rbMWEwIhALCC5fi/lTP1lB/EDm1E +j4gRnSu3V03XWZhK6QcdQhr1 +-----END CERTIFICATE----- diff --git a/demo/tls/user.pfx b/demo/tls/user.pfx new file mode 100644 index 000000000..35de38c9d Binary files /dev/null and b/demo/tls/user.pfx differ