Enabling mtls create issue with https web service

[lorepas]

What happened
Hello, I tried to enable mtls on immudb but I encountered some issue. In particular, I've executed the script ./generate.sh example.com testpsw present in immudb repo. In immudb.toml I've set:

certificate = '/etc/immudb/certs/example.com.cert.pem'
clientcas = '/etc/immudb/certs/ca-chain.cert.pem'
pkey = '/etc/immudb/certs/example.com.key.pem'
mtls = true

In particular the certificate and the key are the one present in folder /mtls/3_application.

Then, by checking the connection with immuadmin with the complete string as the following:

./immuadmin login immudb --certificate /etc/immudb/client_cert/example.com.cert.pem --clientcas /etc/immudb/certs/ca-chain.cert.pem --mtls --pkey /etc/immudb/client_cert/example.com.key.pem --servername example.com

I'm able to connect correctly. The certificate and key used now, are the one in /mtls/4_clients.
I tried also the following curl from my shell:

 curl -v https://example.com:8080 --cert client-cert.pem --key client-key.pem --cacert ca-cert-immudb.pem

And the response has been positive.

At this point, I've to connect against web server in HTTPS. I've imported the certificate in my browser in p12 format by executing the following command in /mtls/4_clients:

openssl pkcs12 -export -out immudb-client-localhost.p12 -in certs/example.com.cert.pem -inkey private/example.com.key.pem

I've also imported the CA chain certificate. However, if I try to login in HTTPS (https://example.com:8080) I encoutered the following error:

And from the logs I've checked the following error:

2023/08/17 16:37:40 http: TLS handshake error from 10.0.110.2:58789: EOF
2023/08/17 16:37:40 http: TLS handshake error from 10.0.110.2:58785: EOF
2023/08/17 16:37:40 http: TLS handshake error from 10.0.110.2:58786: EOF

The IP showed is the one of my client, so it is exactly the https connection.

What you expected to happen
I expect that HTTPS works fine after I've imported the client certificate.

How to reproduce it (as minimally and precisely as possible)
Some steps to follow are present in the description of the issue.
Environment

• OS: Ubuntu 20.04
• ImmuDB: v1.5.0

Additional info (any other context about the problem)

[lorepas]

Hello @jeroiraz ! Any news about this issue?

[jeroiraz]

Hello @jeroiraz ! Any news about this issue?

Hello @lorepas, we didn't have the time to work on it yet.

Because either we need to enable mtls for certain users or provide a way to provision certificates to the webconsole...

[lorepas]

Hello @jeroiraz ! Any news about this issue?

Hello @lorepas, we didn't have the time to work on it yet.

Because either we need to enable mtls for certain users or provide a way to provision certificates to the webconsole...

Thank you for the reply @jeroiraz ! FYI as a workaround I exposed the UI under an NGINX (in this way I'm able to access with HTTPS) and the connection with the postgres protocol under the pgbouncer (in this way I'm able to connect with postgres in TLS).

[lorepas]

Hi @jeroiraz do you think in version 2.x will be the possibility to access in mTLS both the Web UI and the ImmuDB database with the immuadmin and immuclient command line clients?