TLS & SSL & mTLS In A Nutshell — For Developers


What is RSA and what has TLS/SSL got to do with it?

So what is SSL exactly…?

Pre-requisites to understanding how TLS works:

What is a Certificate?

What is a Certificate Authority?

# Create CA Key
openssl genrsa -aes256 -out ./myRootCAKey.key 4096
# Create CA Cert
openssl req -new -config ./myRootCACertMetaInformation.cnf -x509 -sha256 -days 730 -key ./myRootCAKey.key -out ./myRootCACert.crt
# the fully qualified server (or service) name
# the name of your organization
# (see also
ORGNAME = My Company ROCKS ltd.
# subjectAltName entries: to add DNS aliases to the CSR, delete
# the '#' character in the ALTNAMES line, and change the subsequent
# 'DNS:' entries accordingly. Please note: all DNS names must
# resolve to the same IP address as the FQDN.
ALTNAMES = # , ,
# --- no modifications required below ---
[ req ]
default_bits = 2048 # Read below
default_md = sha256 # We can override these in the command as you see above, or alternatively let it default here
prompt = no
encrypt_key = no
distinguished_name = dn # A DN is basically an identifier string of key/values for who the certificate belongs to, in this case we're using a variable to place it below so things look a bit prettier :)
req_extensions = req_ext # Extensions are
[ dn ]
C = Country Code (USA, UK, whatever)
ST = Some State
OU = Organisational Unit
[ req_ext ]
subjectAltName = $ALTNAMES

What is the purpose of a Certificate Authority?

How do I get a Server Certificate?

# Create "Server Application" Key
openssl genrsa -out myServerRSAKey.key 4096
# Create CSR (Certificate Signing Request)
openssl req -new -config ./myServer.cnf -key myServerRSAKey.key -sha256 -out myServer.csr
# Create "Server Application" Cert [signed with our CA]
openssl x509 -req -days 365 -sha256
-in myServer.csr
-CA ./myRootCACert.crt
-CAkey ./myRootCAKey.key
-set_serial 1
-out ./myServer.crt

Pre-requisite final

How does TLS work then?

What to take away from understanding the TLS Handshake process

KeyStore VS TrustStore



Mutual TLS (mTLS)




I'm just a self taught developer from England, honestly, that's it lol.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

I'm just a self taught developer from England, honestly, that's it lol.