mTLS on bmcweb

Zhenfei Tai ztai at google.com
Thu Apr 23 07:58:06 AEST 2020


Hi,

I'm trying out bmcweb mTLS which should be enabled by default by
https://github.com/openbmc/bmcweb/blob/master/CMakeLists.txt#L89

In my test, I created a self signed key and certificate pair, stacked them
up into server.pem in /etc/ssl/certs/https that bmcweb uses.

However when I tried to curl bmcweb service, I was able to get response by
only supplying the cert.

curl --cacert cert.pem  https://${bmc}/redfish/v1

With the mTLS enabled, I expected it should error out since no client
certificate is provided.

Could someone with relevant knowledge help with my question?

Thanks,
Zhenfei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200422/252be5d2/attachment.htm>


More information about the openbmc mailing list