Skip to content

Commit 8c43c9a

Browse files
committed
Clearer instructions
1 parent 38c6b89 commit 8c43c9a

1 file changed

Lines changed: 8 additions & 4 deletions

File tree

README.md

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -201,19 +201,23 @@ curl -s -k -X POST -d 'cauliflower' http://localhost:8080/a/b/c?response_body_on
201201

202202
The output will be 'cauliflower'.
203203

204-
## Client certificate details (mTLS)
204+
## Client certificate details (mTLS) in the response
205205

206-
If you pass a client certificate, then the details about that certificate can be echoed back in the response body.
206+
If you pass a client certificate, then the details about that certificate can be echoed back in the response body. The client certificate will not be validated.
207207

208-
For example, invoke using curl, passing a certificate and key. The client certificate will not be validated.
208+
For example, invoke using curl, passing a certificate and key.
209209

210210
```bash
211211
curl -k --cert cert.pem --key privkey.pem https://localhost:8443/
212212
```
213213

214214
The response body will contain details about the client certificate passed in.
215215

216-
If you browse to https://localhost:8443/ in Firefox, you won't get prompted to supply a client certificate unless you have [an imported certificate by the same issuer as the server](https://superuser.com/questions/1043415/firefox-doesnt-ask-me-for-a-certificate-when-visiting-a-site-that-needs-one). If you need browser prompting to work, you'll need to follow the 'use your own certificates' section.
216+
If you browse to https://localhost:8443/ in Firefox, you won't get prompted to supply a client certificate unless you have [an imported certificate by the same issuer as the server](https://superuser.com/questions/1043415/firefox-doesnt-ask-me-for-a-certificate-when-visiting-a-site-that-needs-one). If you need browser prompting to work, you'll need to follow the 'use your own certificates' section. Firefox needs the imported certificate to be in a PKCS12 format, so if you have a certificate and key already, you can combine them using
217+
218+
```bash
219+
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out certpkcs12.pfx
220+
```
217221

218222

219223
## Output

0 commit comments

Comments
 (0)