Skill

implementing-mtls-for-zero-trust-services

Generates CA certificates using Python cryptography library and configures mTLS with ssl module for zero-trust microservices authentication. Verifies chains, checks expiration, audits deployments.

Python

security

authentication

npx claudepluginhub killvxk/cybersecurity-skills-zh

Tool Access

This skill uses the workspace's default tool permissions.

Preview

生成 CA 证书、颁发服务证书，并配置用于服务间身份验证的双向 TLS 验证。

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

implementing-mtls-for-zero-trust-services

5.9k

Configures mTLS authentication for microservices using Python cryptography for cert generation and ssl for verification. Validates chains, checks expiration, audits status for zero-trust service auth.

3 files

cybersecurity-skills

implementing-mtls-for-zero-trust-services

Configures mTLS authentication between microservices using Python cryptography library for cert generation and ssl module for TLS verification. Validates chains, checks expiration, audits deployment for zero-trust service auth.

asi

mtls-configuration

36.4k

Configures mutual TLS (mTLS) for zero-trust service-to-service communication using Istio templates and certificate hierarchies. Use for securing internal services, certificate management, TLS debugging, and compliance.

antigravity-awesome-skills

Stats

Stars10

Forks1

Last CommitMar 17, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

为零信任服务实现 mTLS

说明

生成 CA 证书、颁发服务证书，并配置用于服务间身份验证的双向 TLS 验证。

from cryptography import x509 from cryptography.x509.oid import NameOID from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import rsa import datetime # 生成 CA 密钥和证书 ca_key = rsa.generate_private_key(public_exponent=65537, key_size=4096) ca_cert = (x509.CertificateBuilder() .subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "Internal CA")])) .issuer_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "Internal CA")])) .public_key(ca_key.public_key()) .serial_number(x509.random_serial_number()) .not_valid_before(datetime.datetime.utcnow()) .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=3650)) .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .sign(ca_key, hashes.SHA256()))

示例

import ssl context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.load_cert_chain("client.pem", "client-key.pem") context.load_verify_locations("ca.pem") context.verify_mode = ssl.CERT_REQUIRED

为零信任服务实现 mTLS

说明

生成 CA 证书、颁发服务证书，并配置用于服务间身份验证的双向 TLS 验证。

from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa
import datetime

# 生成 CA 密钥和证书
ca_key = rsa.generate_private_key(public_exponent=65537, key_size=4096)
ca_cert = (x509.CertificateBuilder()
    .subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "Internal CA")]))
    .issuer_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "Internal CA")]))
    .public_key(ca_key.public_key())
    .serial_number(x509.random_serial_number())
    .not_valid_before(datetime.datetime.utcnow())
    .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=3650))
    .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
    .sign(ca_key, hashes.SHA256()))

示例

import ssl
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_cert_chain("client.pem", "client-key.pem")
context.load_verify_locations("ca.pem")
context.verify_mode = ssl.CERT_REQUIRED