/hello-mtls

:wave: Docs demonstrating mutual TLS configurations in various technologies

Primary LanguageJavaScriptApache License 2.0Apache-2.0

Hello mTLS

This package contains documentation on how to configure a broad array of technologies to perform mutual TLS. It is part of the Hello mTLS project, designed to raise developer awareness about public key infrastructure as a potential solution to common security problems.

If you notice any outdated, missing, or errant docs, pull requests are strongly encouraged!

Contributing

Documentation for each technology lives in its corresponding directory in the docs/ folder.

To get rolling on local development, clone this repository and start the local dev server:

$ yarn install
$ yarn start

You will be able to preview all changes at http://localhost:3000.

Adding new technologies

If you are adding a new technology, your best bet is to refer to existing configurations in this repository, but here is a high-level breakdown of each directory's contents.

config.yaml

This file configures basic information like the technology name and external links to documentation.

logo.png

This is a 256 x 256px transparent PNG of the technology's logo. If missing, a standard placeholder will be used.

topics/

Several optional markdown files provide prose describing how to perform different aspects of mTLS using the technology:

  • server_auth.md — Server TLS authentication
  • client_auth.md — Client TLS authentication
  • client.md — Client requests using TLS
  • renewal.md — TLS cetificate renewal

Properties with corresponding names in the topics object in config.yaml also accept a links array for any relevant external resources.

If your documentation makes use of the name of a certificate's identity, its certificate filename, its private key filename, or the root certificate filename, please use these template tokens. They will be interpolated with the appropriate values at build time in different contexts:

  • {{ server_name }} — Name of the identity like server.internal.net
  • {{ server_cert }} — Filename of the server's certificate like server.crt
  • {{ server_key }} — Filename of the server's private key like server.key
  • {{ server_port }} — Port number that that the server binds in the server auth docs
  • {{ client_name }} — Name of the identity like clientuser
  • {{ client_cert }} — Filename of the client's certificate like client.crt
  • {{ client_key }} — Filename of the client's private key like client.key
  • {{ ca_cert }} — Filename of the root CA certificate like ca.crt

Do not use markdown headlines.

Testing changes

Run yarn test locally to test that your changes are valid before opening a pull request.

License

Code in this repository is licensed under Apache License, Version 2.0.

All documentation content is licensed under Creative Commons Attribution 4.0 International License.

Creative Commons License

Support

Please don't hesitate to reach out on our Discord with any questions.