Tech Study Guide
Networking TLS and mTLS Examples
Practical networking examples for certificate inspection and mTLS requests.
Networking TLS and mTLS Examples
These examples complement Networking, certificates and HTTPS, TCP, TLS, and HTTP, and firewalls, iptables, and Netfilter.
TLS and mTLS Examples
Inspect the served certificate with SNI:
openssl s_client \
-connect api.example.com:443 \
-servername api.example.com \
-showcerts </dev/null
Verify a client certificate and key match before using them for mTLS:
openssl x509 -in client.crt -noout -modulus | openssl sha256
openssl rsa -in client.key -noout -modulus | openssl sha256
openssl verify -CAfile client-ca.crt client.crt
Call an mTLS endpoint:
curl -v \
--cert client.crt \
--key client.key \
--cacert server-ca.crt \
https://admin-api.example.com/healthz
Study Cards
Question
Why use SNI with openssl s_client?
Answer
Many TLS endpoints choose the certificate based on the requested server name.
Question
Why compare client certificate and key modulus hashes?
Answer
It verifies that the certificate and private key belong together before attempting mTLS.
Question
What does --cacert validate in an mTLS curl request?
Answer
It pins the server trust root so the client validates the endpoint certificate chain.