Now adding localhost also in server-tom as a Subject alternative name to the certificate, so it also support localhost (as a multi-domain certificate). Therefore we´are able to reactive the Tests. Also Travis activated.

Author: jonashackt

README.md

@@ -1,6 +1,6 @@
 REST Client uses clientcertificate to authenticate to Spring Boot Server
 =============================
-[![Build Status](https://travis-ci.org/jonashackt/spring-boot-rest-clientcertificate.svg?branch=master)](https://travis-ci.org/jonashackt/spring-boot-rest-clientcertificate)
+[![Build Status](https://travis-ci.org/jonashackt/spring-boot-rest-clientcertificates-docker-compose.svg?branch=master)](https://travis-ci.org/jonashackt/spring-boot-rest-clientcertificates-docker-compose)
 
 This repository basically forks all the ground work that was done in https://github.com/jonashackt/spring-boot-rest-clientcertificate. This is a basic example, where the client certificate secured server is a Spring Boot Application and the client is just a Testcase that uses Spring´s RestTemplate which is configured to use the client certificate.
 
@@ -98,7 +98,7 @@ openssl genrsa -des3 -out tomprivate.key 1024
 #### 2. Certificate Signing Request (CSR): tom.csr
 
 ```
-openssl req -new -key tomprivate.key -out tom.csr
+openssl req -new -key tomprivate.key -out tom.csr -config tom-csr.conf
 ```
 
 __Common Name__: `server-tom`, which will later be a DNS alias inside the Docker network 
@@ -107,7 +107,7 @@ __Common Name__: `server-tom`, which will later be a DNS alias inside the Docker
 #### 3. self-signed Certificate: tom.crt
 
 ```
-openssl x509 -req -days 3650 -in tom.csr -signkey tomprivate.key -out tom.crt
+openssl x509 -req -days 3650 -in tom.csr -signkey tomprivate.key -out tom.crt -extfile tom-csr.conf -extensions v3_req
 ```
 
 
@@ -186,4 +186,6 @@ https://stackoverflow.com/questions/30977264/subject-alternative-name-not-presen
 
 https://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl
 
+--> this is not the only solution, see `-extfile` and `-extensions` CLI paramters!
+
 https://serverfault.com/questions/779475/openssl-add-subject-alternate-name-san-when-signing-with-ca

server-tom/src/main/resources/tom-csr.conf

@@ -0,0 +1,20 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = DE
+ST = Thuringia
+L = Weimar
+O = Tom Inc.
+OU = Team Bar
+CN = server-tom
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = server-tom
+DNS.2 = localhost

server-tom/src/main/resources/tom-keystore.p12

@@ -1,16 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIICcTCCAdoCCQD0Wi++70uj5TANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJE
-RTESMBAGA1UECAwJVGh1cmluZ2lhMQ8wDQYDVQQHDAZXZWltYXIxFjAUBgNVBAoM
-DVRvbcOCwrRzIEluYy4xEzARBgNVBAMMCnNlcnZlci10b20xHDAaBgkqhkiG9w0B
-CQEWDXRvbUBlbWFpbC5jb20wHhcNMTcxMjEyMTAyNTM2WhcNMjcxMjEwMTAyNTM2
-WjB9MQswCQYDVQQGEwJERTESMBAGA1UECAwJVGh1cmluZ2lhMQ8wDQYDVQQHDAZX
-ZWltYXIxFjAUBgNVBAoMDVRvbcOCwrRzIEluYy4xEzARBgNVBAMMCnNlcnZlci10
-b20xHDAaBgkqhkiG9w0BCQEWDXRvbUBlbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAMdyqaiG7hggBSUcJD2lSjR9V4KdNG5G2iH3nBM6hq8E9BwY
-9oJMg9rwru4AX9G27owdbhv2hbFxnUDotECLUuW+M6QYSMSAgNmRRgYxrXf4VvYm
-2/cEPgCKf/FizeiVQdRmjcEueOmxwb8hdoWybwFXtluXbclgHQH481mFmdF3AgMB
-AAEwDQYJKoZIhvcNAQEFBQADgYEAck+XjuEeKb0uq6N+d70lHCi+dsFBthWI9/ht
-seXrr+neqhOf/AvvVcwf0/jz5XtNGQotpg5k8c2M0UCYa8cepf6d08UBIPfZMTYm
-M8Yfexf9vJW3+Jj+2AL6uDlearhKb9wPNCS+BHOCuUAisBpL84PmIEE0VYyMBzcB
-89MVXKA=
+MIICnjCCAgegAwIBAgIJAK5ZWgGKmkZ4MA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
+BAYTAkRFMRIwEAYDVQQIDAlUaHVyaW5naWExDzANBgNVBAcMBldlaW1hcjERMA8G
+A1UECgwIVG9tIEluYy4xETAPBgNVBAsMCFRlYW0gQmFyMRMwEQYDVQQDDApzZXJ2
+ZXItdG9tMB4XDTE3MTIxMjE5MDcxNloXDTI3MTIxMDE5MDcxNlowbTELMAkGA1UE
+BhMCREUxEjAQBgNVBAgMCVRodXJpbmdpYTEPMA0GA1UEBwwGV2VpbWFyMREwDwYD
+VQQKDAhUb20gSW5jLjERMA8GA1UECwwIVGVhbSBCYXIxEzARBgNVBAMMCnNlcnZl
+ci10b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMdyqaiG7hggBSUcJD2l
+SjR9V4KdNG5G2iH3nBM6hq8E9BwY9oJMg9rwru4AX9G27owdbhv2hbFxnUDotECL
+UuW+M6QYSMSAgNmRRgYxrXf4VvYm2/cEPgCKf/FizeiVQdRmjcEueOmxwb8hdoWy
+bwFXtluXbclgHQH481mFmdF3AgMBAAGjRjBEMAsGA1UdDwQEAwIEMDATBgNVHSUE
+DDAKBggrBgEFBQcDATAgBgNVHREEGTAXggpzZXJ2ZXItdG9tgglsb2NhbGhvc3Qw
+DQYJKoZIhvcNAQEFBQADgYEAEviefsSN+QuvIw6SXMGJqM+Q9KD6TwEobQCGuTlA
+LYfjbhatT6JbArOWdXQVGNsuSYSjz0OMIBwj5ldGqqSCxj9XSlsHypQRJusYsNh6
+xGcsdwTqHqA7XwncfoWG+nIiZ1n0wSA5LgVNl+0My39/UKtXo4NNeUrKrwKM8si8
+lT8=
 -----END CERTIFICATE-----

server-tom/src/main/resources/tom-truststore.jks

@@ -1,12 +1,13 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIIBvTCCASYCAQAwfTELMAkGA1UEBhMCREUxEjAQBgNVBAgMCVRodXJpbmdpYTEP
-MA0GA1UEBwwGV2VpbWFyMRYwFAYDVQQKDA1Ub23DgsK0cyBJbmMuMRMwEQYDVQQD
-DApzZXJ2ZXItdG9tMRwwGgYJKoZIhvcNAQkBFg10b21AZW1haWwuY29tMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHcqmohu4YIAUlHCQ9pUo0fVeCnTRuRtoh
-95wTOoavBPQcGPaCTIPa8K7uAF/Rtu6MHW4b9oWxcZ1A6LRAi1LlvjOkGEjEgIDZ
-kUYGMa13+Fb2Jtv3BD4Ain/xYs3olUHUZo3BLnjpscG/IXaFsm8BV7Zbl23JYB0B
-+PNZhZnRdwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAsYLgSkOuqFAt6szE4hFL
-YFdy/MXXf3yA8THkhYFdg3wbGUEiMNRr+FwrNxNvSD4Zoq0EvLpu3yUDY/D7QFoI
-P8dQeNR6vv59npjOtTZ7kROZarjq9ZRODdIw8IWMSD42J1zyQqlkOm45TTUJDism
-EOHwO594MzYzFlXWK1tIDYQ=
+MIICAjCCAWsCAQAwbTELMAkGA1UEBhMCREUxEjAQBgNVBAgMCVRodXJpbmdpYTEP
+MA0GA1UEBwwGV2VpbWFyMREwDwYDVQQKDAhUb20gSW5jLjERMA8GA1UECwwIVGVh
+bSBCYXIxEzARBgNVBAMMCnNlcnZlci10b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAMdyqaiG7hggBSUcJD2lSjR9V4KdNG5G2iH3nBM6hq8E9BwY9oJMg9rw
+ru4AX9G27owdbhv2hbFxnUDotECLUuW+M6QYSMSAgNmRRgYxrXf4VvYm2/cEPgCK
+f/FizeiVQdRmjcEueOmxwb8hdoWybwFXtluXbclgHQH481mFmdF3AgMBAAGgVTBT
+BgkqhkiG9w0BCQ4xRjBEMAsGA1UdDwQEAwIEMDATBgNVHSUEDDAKBggrBgEFBQcD
+ATAgBgNVHREEGTAXggpzZXJ2ZXItdG9tgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL
+BQADgYEAcH5ASI8FNrOSdvAwuWeqt2BmAycBHSLGLkj46AuynoUl7ppxhSGAS5Id
+2hs7lf3heqBXoxFMfBxQeaxZFGBKkrZSUf4sROQzlY+IiplgiJIZ23xULXRmpzeZ
+X5dvv3JhBhj7TeBEn84K+ETQVs/k79ONfqNtwf1MvkaJf4AYKaE=
 -----END CERTIFICATE REQUEST-----

server-tom/src/main/resources/tom.crt

@@ -25,7 +25,6 @@ public class RestClientCertTest {
 	@Autowired
     private RestTemplate restTemplate;
 
-	@Ignore("currently not running, because the certificate isn´t issued for 'localhost'")
 	@Test
 	public void is_hello_resource_callable_with_client_cert() {
 		String response = restTemplate.getForObject("https://localhost:" + port + "/hello", String.class);