HTTPS and especially client certificates holds the promise to zero-trust architectures of the future and gives a good way to harden your internal communication paths.

Have you ever gotten the feared error message "PKIX Path Building Failed" or just the simple and unhelpful "SSL error" in your browser?

You have learned about and thought you understood the theory of public-private key encryption. Even so, setting up a server to demand client certificates, issuing certificates and making sure each part knows to trust each other is tricky business.

In this workshop we will explore the necessary code to create certificates, start an app server with https instead of http, making the client trust a self-signed server certificate and make the server request a certificate from the client.