3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-22 05:27:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Move examples repo into main repo (#1102)

Browse source
This commit is contained in:
Travis Groth 2020-07-17 14:23:06 -04:00 committed by GitHub
parent b79e73b8b8
commit ca6715d3c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 851 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
examples/mutual-tls/scripts/curl.sh Executable file
View file

@ -0,0 +1,22 @@
#!/bin/bash
# A valid client cert
curl -v \
--cacert out/good-ca.crt \
--key out/good-curl.key \
--cert out/good-curl.crt \
https://127.0.0.1:8443
# an untrusted server ca, but good client cert, reject by client
# curl -v \
# --cacert out/bad-ca.crt \
# --key out/good-curl.key \
# --cert out/good-curl.crt \
# https://127.0.0.1:8443
# # an untrusted client cert from unustusted ca (rejected by server)
# curl -v \
# --cacert out/good-ca.crt \
# --key out/bad-curl.key \
# --cert out/bad-curl.crt \
# https://127.0.0.1:8443

18
examples/mutual-tls/scripts/generate_certs.sh Executable file
View file

@ -0,0 +1,18 @@
#!/bin/bash
# https://github.com/square/certstrap
certstrap init --common-name good-ca
certstrap init --common-name bad-ca
# pomerium client cert
certstrap request-cert --common-name pomerium
certstrap sign pomerium --CA good-ca
# downstream app
certstrap request-cert -ip 127.0.0.1 -domain web-app,localhost
certstrap sign web-app --CA good-ca
certstrap request-cert --common-name good-curl
certstrap sign good-curl --CA good-ca
certstrap request-cert --common-name bad-curl
certstrap sign bad-curl --CA bad-ca