Amina Bešlija
Amina Bešlija

Securing Node Services using Client Authenticated TLS with CATKeys

Some services are public and should be accessible to everyone. Some services are private and should only be accessible by a select group of clients. This guide walks through steps to secure a Node based web service with Client Authenticated TLS using CATKeys, so that only authorised clients can access a private web service. Client Authenticated TLS ‘Client Authenticated TLS’ is a version of the TLS handshake that provides mutual authentication (also known as 2-way authentication) between clients and servers using client certificates. Mutual authentication means that a client will only connect to a valid server (as is the case with normal TLS), but also that a server will only allow valid clients to connect. This makes it useful in situations where only privileged clients should be able to access a web service or RPC endpoint. For example, you might have a public web service that consumes a private web service. I am going to demonstrate a simple way to protect a Node server with Client Authenticated TLS using a library called CATKeys (of which I am the author).


Securing Node Services using Client Authenticated TLS with CATKeys #javascriptba #javascript #nodejs #reactjs #angularjs #vuejs #meteorjs #typescript #jquery #emberjs #denojs #bosnia