Mastering Two-Way TLS

This tutorial will walk you through the process of protecting your application with TLS authentication, only allowing access for certain users based on their certificates. This means that you can choose which users are allowed to call your application.

Table of Contents

  1. Introduction
  2. Tutorial
    • Starting the server
    • Saying hello to the server (without encryption)
    • Enabling HTTPS on the server (one-way TLS)
    • Require the client to identify itself (two way TLS)
    • Two way TLS based on trusting the Certificate Authority
  3. Automated scripts
  4. Tested HTTP Clients
  5. Demo and walk-through video


This sample project demonstrates a basic setup of a server and a client. The communication between the server and client happens through HTTP, so there is no encryption at all yet. The goal is to ensure that all communication will be encrypted.

Source: DZone