undefined | Better HN

0 pointspcpuser2y ago0 comments

The HTTP header comparison at the end is so close but so far. The auth in the server is basically your tsv file.

You can't fake the UUID in mTLS because you need the actual private key to be present with the client when it makes a connection to the server. There's no way to fake this in TLS.

0 comments

3 comments · 1 top-level

Grimeton2y ago· 2 in thread

When I have the UUID, then I can get a CSR signed on the server because that's all that's needed. Creating a CSR creats my private key for the CSR and once the CSR is signed and the certificate is returned I have a valid keypair.

pcpuserOP2y ago

Again, completely off the mark here. To create any CSR, bifrost or not, you need the private key that the CSR represents.

> Creating a CSR creats my private key for the CSR...

Not really sure what's going on here tbh.

Grimeton2y ago

> Again, completely off the mark here. To create any CSR, bifrost or not, you need the private key that the CSR represents.

Yeah... No. You create a public/private key pair and the CSR CONTAINS that public key together with additional information.

>Not really sure what's going on here tbh.

I'm not surprised. Go read up on this stuff.

1 more reply

j / k navigate · click thread line to collapse