I am attempting to connect to a remote server which requires mutual auth. I have received a .p12 file from the server, and used the following commands to generate my private key and client cert:
openssl pkcs12 -in my_dev.p12 -out clientCert.crt -nokeys -clcerts
openssl pkcs12 -in my_dev.p12 -nocerts -nodes -passin pass:mypassword | openssl rsa -out privkey.pem
And I have used the following code to setup a Manticore Client :
client = Manticore::Client.new(
pool_max: 200,
pool_max_per_route: 200,
ssl: { verify: :disable, client_key: client_key , client_cert: client_cert })
url = "https://my_url.com"
resp = client.get(url).call
The response I am getting is this:
401 Unauthorized
Unauthorized
This server could not verify that you\nare authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.
I am very new to using mutual auth, and am not sure exactly where I am going wrong. Have I extracted the clientCert and privateKey correctly ? Am I suppling the key and cert to Manticore correctly ?
You can use PKCS12 files directly from Manticore with the ssl[:keystore] option:
client = Manticore::Client.new(
pool_max: 200,
pool_max_per_route: 200,
ssl: { keystore: "/path/to/auth.p12", keystore_password: "your_password" }
)
keystore is used for the certs you wish to present to the remote server, while truststore is used for the public certs you wish to use to validate the identity of the remote server; you should probably not use verify: :disable in this case, since you do want to validate the identity of the other end of the connection.