mTLS Instructions

mendhak · mendhak · commit f97df82c70b4 · 2022-10-30T13:38:26.000Z
diff --git a/README.md b/README.md
@@ -201,6 +201,30 @@ curl -s -k -X POST -d 'cauliflower' http://localhost:8080/a/b/c?response_body_on
 
 The output will be 'cauliflower'. 
 
+## Client certificate details (mTLS)
+
+There's also an HTTPS server that requests client certificates (also known as mTLS), listening on port 8444 by default. 
+
+```bash
+docker run -p 8444:8444 --rm -t mendhak/http-https-echo:25
+```
+
+You can then call it with curl passing a certificate and key.  The client certificate will not be validated.  
+
+```bash
+curl -k --cert cert.pem --key privkey.pem  https://localhost:8444/
+```
+
+The response body will contain details about the client certificate passed in.  
+
+You can change the port by using the `HTTPS_MTLS_PORT` environment variable. 
+
+```bash
+docker run -e HTTPS_MTLS_PORT=3333 -p 3333:3333 --rm -t mendhak/http-https-echo:25
+```
+
+If you browse to https://localhost:8444/ in Firefox, you should get prompted to supply a client certificate as long as you have [an imported certificate by the same issuer as the server](https://superuser.com/questions/1043415/firefox-doesnt-ask-me-for-a-certificate-when-visiting-a-site-that-needs-one).  If you need browser prompting to work,  you'll need to follow the 'use your own certificates' section.  
+
 
 ## Output
 
