{"id":9297,"date":"2021-08-31T07:56:05","date_gmt":"2021-08-31T12:56:05","guid":{"rendered":"https:\/\/blogs.pacasmayo.com\/felipe\/?p=9297"},"modified":"2021-09-02T14:34:21","modified_gmt":"2021-09-02T19:34:21","slug":"asegurando-un-api-con-mtls-parte-2","status":"publish","type":"post","link":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/","title":{"rendered":"Asegurando un API con mTLS – Parte 2"},"content":{"rendered":"\n

En la primera parte Parte 1<\/a> expusimos la necesidad de asegurar la informaci\u00f3n entre los dos \u00faltimos tramos del tr\u00e1nsito de un API, el Manejador de APIs y el Servidor de APIs. Ahora dar\u00e9 los pasos detallados de c\u00f3mo implementar esta t\u00e9cnica en un API. Aunque para simplificar el ejemplo usar\u00e9 una simple aplicaci\u00f3n “hello world” de nginx en docker, los principios son aplicables a pr\u00e1cticamente cualquier tecnolog\u00eda.<\/p>\n\n\n\n

En este ejemplo, el servidor se llamar\u00e1 server.healthserver.com y el cliente client.healthserver.com, y ambos estar\u00e1n usando un certificado autogenerado. En la vida real, el servidor del API probablemente use un certificado universalmente v\u00e1lido y el cliente uno autogenerado, pero, si el servidor est\u00e1 protegido detr\u00e1s de un Manejador de APIs, entonces no tiene motivo crear un certificado universalmente v\u00e1lido para ninguno de los dos lados, puesto que ser\u00e1 una conversaci\u00f3n netamente privada. <\/p>\n\n\n\n

Crea tu propia Autoridad de Certificados (CA)<\/h2>\n\n\n\n

Genera una clave privada<\/p>\n\n\n\n

openssl genrsa -des3 -out myCA.key 2048<\/pre>\n\n\n\n
Crea la CA<\/p>\n\n\n\n
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem<\/pre>\n\n\n\n
Crea un certificado de cliente<\/h2>\n\n\n\n
Genera una clave privada<\/p>\n\n\n\n
openssl genrsa -out client.healthserver.com.key 2048<\/pre>\n\n\n\n
Genera el csr (Certificate Request)<\/p>\n\n\n\n
openssl req -new -key client.healthserver.com.key -out client.healthserver.com.csr<\/pre>\n\n\n\n
Genera el archivo de extensi\u00f3n.  Crea un archivo con el nombre client.healthserver.com.ext y agr\u00e9gale lo siguiente:<\/p>\n\n\n\n
authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = client.healthserver.com<\/pre>\n\n\n\n
Genera el certificado<\/p>\n\n\n\n
openssl x509 -req -in client.healthserver.com.csr -CA myCA.pem -CAkey myCA.key \\\n  -CAcreateserial -out client.healthserver.com.crt -days 825 -sha256 -extfile client.healthserver.com.ext<\/pre>\n\n\n\n
Create un certificado para el servidor (si es necesario)<\/h2>\n\n\n\n

Genera una clave privada<\/p>\n\n\n\n
openssl genrsa -out server.healthserver.com.key 2048\n<\/pre>\n\n\n\n
Genera el csr (Certificate Request)<\/p>\n\n\n\n
openssl req -new -key server.healthserver.com.key -out server.healthserver.com.csr<\/pre>\n\n\n\n
Crea el archivo de extensi\u00f3n.  Crea un archivo con el nombre server.healthserver.com.ext y agr\u00e9gale lo siguiente:<\/p>\n\n\n\n
authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = server.healthserver.com<\/pre>\n\n\n\n
Genera el certificado<\/p>\n\n\n\n
openssl x509 -req -in server.healthserver.com.csr -CA myCA.pem -CAkey myCA.key \\\n  -CAcreateserial -out server.healthserver.com.crt -days 825 -sha256 -extfile server.healthserver.com.ext<\/pre>\n\n\n\n
Aseg\u00farate que puedas correr el ejemplo<\/h2>\n\n\n\n
sudo docker run --rm \\\n  -p 8080:80 \\\n  dockerbogo\/docker-nginx-hello-world:latest\n<\/pre>\n\n\n\n
y puedes inspeccionar los resultados con<\/p>\n\n\n\n
curl -v localhost:8080<\/pre>\n\n\n\n
En este ejemplo, nginx est\u00e1 configurado con el archivo \/etc\/nginx\/conf.d\/helloworld.conf de la siguiente manera:<\/p>\n\n\n\n
server {\n  listen 80;\n\n  root \/usr\/share\/nginx\/html;\n  try_files \/index.html =404;\n\n  expires -1;\n\n  sub_filter_once off;\n  sub_filter 'server_hostname' '$hostname';\n  sub_filter 'server_address' '$server_addr:$server_port';\n  sub_filter 'server_url' '$request_uri';\n  sub_filter 'server_date' '$time_local';\n  sub_filter 'request_id' '$request_id';\n}<\/code><\/pre>\n\n\n\n
Es decir, la aplicaci\u00f3n est\u00e1 totalmente abierta y disponible a trav\u00e9s de un canal HTTP no cifrado.  Hag\u00e1mosle un peque\u00f1o cambio e introduzcamos nuestro certificado del servidor para que la aplicaci\u00f3n est\u00e9 protegida por TLS.<\/p>\n\n\n\n
Modificar la aplicaci\u00f3n para usar TLS<\/h2>\n\n\n\n
Como ver\u00e1s, modificar una aplicaci\u00f3n o API que usa nginx como proxy es extremadamente f\u00e1cil.  Ver\u00e1s que s\u00f3lo tendr\u00e9 que hacer unos peque\u00f1os cambios a la configuraci\u00f3n de la aplicaci\u00f3n e inyectar los certificados correspondientes.<\/p>\n\n\n\n
Modifica la configuraci\u00f3n de la aplicaci\u00f3n. Para esto, crea tu propia versi\u00f3n del archivo helloworld.conf:<\/p>\n\n\n\n
server {\n  listen 443 ssl;\n  server_name server.healthserver.com;\n  ssl_certificate server.healthserver.com.crt;\n  ssl_certificate_key server.healthserver.com.key;<\/strong>\n\n  root \/usr\/share\/nginx\/html;\n  try_files \/index.html =404;\n\n  expires -1;\n\n  sub_filter_once off;\n  sub_filter 'server_hostname' '$hostname';\n  sub_filter 'server_address' '$server_addr:$server_port';\n  sub_filter 'server_url' '$request_uri';\n  sub_filter 'server_date' '$time_local';\n  sub_filter 'request_id' '$request_id';\n}<\/code><\/pre>\n\n\n\n
Y ahora inyecta esta configuraci\u00f3n y los certificados correspondientes:<\/p>\n\n\n\n
sudo docker run --rm \\\n -p 8443:443 \\\n -v $(pwd)\/helloworld.conf:\/etc\/nginx\/conf.d\/helloworld.conf \\\n -v $(pwd)\/myCA.pem:\/etc\/ssl\/certs\/ca-certificates.crt \\\n -v $(pwd)\/server.healthserver.com.crt:\/etc\/nginx\/server.healthserver.com.crt \\\n -v $(pwd)\/server.healthserver.com.key:\/etc\/nginx\/server.healthserver.com.key \\\n<\/strong> dockerbogo\/docker-nginx-hello-world:latest<\/pre>\n\n\n\n
Ahora, la aplicaci\u00f3n ya no se publicar\u00e1 usando HTTP abierto en el puerto 8080, sino con el protocolo HTTPS cifrado y en el puerto 8443.  Entonces si vuelves a intentar:<\/p>\n\n\n\n
curl -v localhost:8080 <\/pre>\n\n\n\n
Obtendr\u00e1s un error, pero si intentas:<\/p>\n\n\n\n
curl -vvv -k \\\n https:\/\/server.healthserver.com:8443 \\\n--resolve server.healthserver.com:8443:127.0.0.1<\/pre>\n\n\n\n
Voil\u00e1, funciona.  Para poder comunicarnos con el servidor ahora, tuvimos que usar dos trucos de curl:<\/p>\n\n\n\n
  • -k sirve para informarle a curl que no importa si el certificado del servidor no es v\u00e1lido (puesto que estamos usando un certificado autofirmado)<\/li>
  • –resolve sirve para informarle a curl que cuando vea la direcci\u00f3n server.healthserver.com:8443 en lugar de ir a DNS para tratar de resolverla, que la resuelva directamente a la direcci\u00f3n dada (127.0.0.1, que es localhost).<\/li><\/ul>\n\n\n\n
    Ahora, en lugar de usar -k, porque podr\u00edamos estar enga\u00f1\u00e1ndonos a nosotros mismos puesto que le estamos diciendo a curl que ignore los errores de certificado, es m\u00e1s adecuado proveer a curl con la autoridad correspondiente, es decir, el CA que se us\u00f3 para general el certificado.<\/p>\n\n\n\n
    curl -vvv \\\n --cacert $(pwd)\/myCA.pem \\\n https:\/\/server.healthserver.com:8443 \\\n --resolve server.healthserver.com:8443:127.0.0.1<\/pre>\n\n\n\n
    Perfecto, esto debe funcionar y darnos la seguridad que nuestro website, o API, est\u00e1 protegido por TLS.  Si quieres ver la demostraci\u00f3n en tu explorador deber\u00e1s agregar una entrada a tu archivo \/etc\/hosts con 127.0.0.1 server.healthserver.com y as\u00ed podr\u00e1s ver el mismo resultado desde tu explorador.<\/p>\n\n\n\n
    Ahora prot\u00e9gela con mTLS<\/h2>\n\n\n\n
    De TLS a mTLS es un peque\u00f1o, pero important\u00edsimo paso.  Con mTLS, tanto tu cliente como tu servidor sabr\u00e1n a ciencia cierta que su interlocutor ha sido identificado y autorizado.<\/p>\n\n\n\n
    Para lograr mTLS en esta aplicaci\u00f3n, simplemente agrega unas pocas lineas a tu configuraci\u00f3n e inyecta los certificados correspondientes.<\/p>\n\n\n\n
    Modifica la configuraci\u00f3n:<\/p>\n\n\n\n
    server {\n  listen 443 ssl;\n  server_name server.healthserver.com;\n  ssl_certificate server.healthserver.com.crt;\n  ssl_certificate_key server.healthserver.com.key;\n\n  ssl_client_certificate ca.pem;\n  ssl_verify_depth 2;\n  ssl_verify_client on;\n  ssl_protocols TLSv1.2 TLSv1.3;\n<\/strong>\n  root \/usr\/share\/nginx\/html;\n  try_files \/index.html =404;\n\n  expires -1;\n\n  sub_filter_once off;\n  sub_filter 'server_hostname' '$hostname';\n  sub_filter 'server_address' '$server_addr:$server_port';\n  sub_filter 'server_url' '$request_uri';\n  sub_filter 'server_date' '$time_local';\n  sub_filter 'request_id' '$request_id';\n}\n<\/pre>\n\n\n\n
    Inyecta el myCA.pem como el cliente confiable:<\/p>\n\n\n\n
    sudo docker run --rm \\\n -p 8443:443 \\\n -v $(pwd)\/helloworld.conf:\/etc\/nginx\/conf.d\/helloworld.conf \\\n -v $(pwd)\/myCA.pem:\/etc\/ssl\/certs\/ca-certificates.crt \\\n -v $(pwd)\/server.healthserver.com.crt:\/etc\/nginx\/server.healthserver.com.crt \\\n -v $(pwd)\/server.healthserver.com.key:\/etc\/nginx\/server.healthserver.com.key \\\n -v $(pwd)\/myCA.pem:\/etc\/nginx\/ca.pem \\<\/strong>\n dockerbogo\/docker-nginx-hello-world:latest<\/pre>\n\n\n\n
    Y ahora, cuando intentes repetir el acceso anterior:<\/p>\n\n\n\n
    curl -vvv \\\n --cacert $(pwd)\/myCA.pem \\\n https:\/\/server.healthserver.com:8443 \\\n --resolve server.healthserver.com:8443:127.0.0.1<\/pre>\n\n\n\n
    Recibir\u00e1s el error:<\/p>\n\n\n\n
    <center><h1>400 Bad Request<\/h1><\/center>\n<center>No required SSL certificate was sent<\/center><\/pre>\n\n\n\n
    O si lo intentas en el explorador ver\u00e1s:<\/p>\n\n\n\n
    400 Bad Request<\/h1><\/center>\n
    No required SSL certificate was sent<\/center>\n\n\n\n
    \u00bfQu\u00e9 pas\u00f3? Tu aplicaci\u00f3n o API ahora est\u00e1 protegida con mTLS, y por m\u00e1s que intentes no lograr\u00e1s conseguir que inicie la conversaci\u00f3n a menos que proveas el doble certificado necesario, a\u00fan -k dejar\u00e1 de funcionar porque ya no depende del cliente, sino del servidor que exige la doble verificaci\u00f3n.<\/p>\n\n\n\n
    Para demostrar que tu aplicaci\u00f3n est\u00e1 bien y que est\u00e1 realmente protegida puedes usar el curl de la siguiente manera:<\/p>\n\n\n\n
    curl -vvv \\\n --cacert $(pwd)\/myCA.pem \\\n --key $(pwd)\/client.healthserver.com.key \\\n --cert $(pwd)\/client.healthserver.com.crt  \\\n<\/strong> https:\/\/server.healthserver.com:8443 \\\n --resolve server.healthserver.com:8443:127.0.0.1\n<\/pre>\n\n\n\n
    De all\u00ed en adelante, tu aplicaci\u00f3n o API estar\u00e1 protegido y s\u00f3lamente podr\u00e1 ser accesado por los clientes a quienes les entregues la CA, el certificado y su clave.  Ahora, tu Manejador puede estar en la nube y tu servidor en tu dormitorio y puedes descansar confiado que nadie puede ver ni interferir con la informaci\u00f3n en tr\u00e1nsito entre los dos.  Buena suerte mTLSeando.<\/p>\n","protected":false},"excerpt":{"rendered":"
    En la primera parte Parte 1 expusimos la necesidad de asegurar la informaci\u00f3n entre los dos \u00faltimos tramos […]<\/p>\n","protected":false},"author":1,"featured_media":9295,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[38],"tags":[50,39],"class_list":["post-9297","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-seguridad","tag-tecnologia"],"yoast_head":"\nAsegurando un API con mTLS - Parte 2 - El blog de Felipe<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Asegurando un API con mTLS - Parte 2 - El blog de Felipe\" \/>\n<meta property=\"og:description\" content=\"En la primera parte Parte 1 expusimos la necesidad de asegurar la informaci\u00f3n entre los dos \u00faltimos tramos […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/\" \/>\n<meta property=\"og:site_name\" content=\"El blog de Felipe\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-31T12:56:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-02T19:34:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogs.pacasmayo.com\/felipe\/files\/2021\/08\/mtls.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1613\" \/>\n\t<meta property=\"og:image:height\" content=\"428\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"AI\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"AI\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/\"},\"author\":{\"name\":\"AI\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#\\\/schema\\\/person\\\/e32bfb69f0dcbed869e838474a34d240\"},\"headline\":\"Asegurando un API con mTLS – Parte 2\",\"datePublished\":\"2021-08-31T12:56:05+00:00\",\"dateModified\":\"2021-09-02T19:34:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/\"},\"wordCount\":867,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/files\\\/2021\\\/08\\\/mtls.png\",\"keywords\":[\"Seguridad\",\"Tecnolog\u00eda\"],\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/\",\"url\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/\",\"name\":\"Asegurando un API con mTLS - Parte 2 - El blog de Felipe\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/files\\\/2021\\\/08\\\/mtls.png\",\"datePublished\":\"2021-08-31T12:56:05+00:00\",\"dateModified\":\"2021-09-02T19:34:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/files\\\/2021\\\/08\\\/mtls.png\",\"contentUrl\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/files\\\/2021\\\/08\\\/mtls.png\",\"width\":1613,\"height\":428},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/2021\\\/08\\\/31\\\/asegurando-un-api-con-mtls-parte-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Asegurando un API con mTLS – Parte 2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#website\",\"url\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/\",\"name\":\"El blog de Felipe\",\"description\":\"De la abundancia del coraz\u00f3n...\",\"publisher\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#organization\",\"name\":\"El blog de Felipe\",\"url\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/files\\\/2019\\\/11\\\/cropped-caricatura_felipe.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/files\\\/2019\\\/11\\\/cropped-caricatura_felipe.jpg\",\"width\":1360,\"height\":598,\"caption\":\"El blog de Felipe\"},\"image\":{\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/#\\\/schema\\\/person\\\/e32bfb69f0dcbed869e838474a34d240\",\"name\":\"AI\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4afeebd1deb1471ed6e7e21e6dc44176da2cb2ef0704b36e720ef8656e34bd65?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4afeebd1deb1471ed6e7e21e6dc44176da2cb2ef0704b36e720ef8656e34bd65?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4afeebd1deb1471ed6e7e21e6dc44176da2cb2ef0704b36e720ef8656e34bd65?s=96&d=mm&r=g\",\"caption\":\"AI\"},\"description\":\"Este art\u00edculo ha sido seleccionado y parcialmente escrito e ilustrado por Inteligencia Artificial (AI) basado en noticias disponibles.\",\"url\":\"https:\\\/\\\/blogs.pacasmayo.com\\\/felipe\\\/author\\\/ai\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Asegurando un API con mTLS - Parte 2 - El blog de Felipe","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/","og_locale":"en_US","og_type":"article","og_title":"Asegurando un API con mTLS - Parte 2 - El blog de Felipe","og_description":"En la primera parte Parte 1 expusimos la necesidad de asegurar la informaci\u00f3n entre los dos \u00faltimos tramos […]","og_url":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/","og_site_name":"El blog de Felipe","article_published_time":"2021-08-31T12:56:05+00:00","article_modified_time":"2021-09-02T19:34:21+00:00","og_image":[{"width":1613,"height":428,"url":"https:\/\/blogs.pacasmayo.com\/felipe\/files\/2021\/08\/mtls.png","type":"image\/png"}],"author":"AI","twitter_card":"summary_large_image","twitter_misc":{"Written by":"AI","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/#article","isPartOf":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/"},"author":{"name":"AI","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#\/schema\/person\/e32bfb69f0dcbed869e838474a34d240"},"headline":"Asegurando un API con mTLS – Parte 2","datePublished":"2021-08-31T12:56:05+00:00","dateModified":"2021-09-02T19:34:21+00:00","mainEntityOfPage":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/"},"wordCount":867,"commentCount":1,"publisher":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#organization"},"image":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.pacasmayo.com\/felipe\/files\/2021\/08\/mtls.png","keywords":["Seguridad","Tecnolog\u00eda"],"articleSection":["Technology"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/","url":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/","name":"Asegurando un API con mTLS - Parte 2 - El blog de Felipe","isPartOf":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/#primaryimage"},"image":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.pacasmayo.com\/felipe\/files\/2021\/08\/mtls.png","datePublished":"2021-08-31T12:56:05+00:00","dateModified":"2021-09-02T19:34:21+00:00","breadcrumb":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/#primaryimage","url":"https:\/\/blogs.pacasmayo.com\/felipe\/files\/2021\/08\/mtls.png","contentUrl":"https:\/\/blogs.pacasmayo.com\/felipe\/files\/2021\/08\/mtls.png","width":1613,"height":428},{"@type":"BreadcrumbList","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/2021\/08\/31\/asegurando-un-api-con-mtls-parte-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/blogs.pacasmayo.com\/felipe\/"},{"@type":"ListItem","position":2,"name":"Asegurando un API con mTLS – Parte 2"}]},{"@type":"WebSite","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#website","url":"https:\/\/blogs.pacasmayo.com\/felipe\/","name":"El blog de Felipe","description":"De la abundancia del coraz\u00f3n...","publisher":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.pacasmayo.com\/felipe\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#organization","name":"El blog de Felipe","url":"https:\/\/blogs.pacasmayo.com\/felipe\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#\/schema\/logo\/image\/","url":"https:\/\/blogs.pacasmayo.com\/felipe\/files\/2019\/11\/cropped-caricatura_felipe.jpg","contentUrl":"https:\/\/blogs.pacasmayo.com\/felipe\/files\/2019\/11\/cropped-caricatura_felipe.jpg","width":1360,"height":598,"caption":"El blog de Felipe"},"image":{"@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/blogs.pacasmayo.com\/felipe\/#\/schema\/person\/e32bfb69f0dcbed869e838474a34d240","name":"AI","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4afeebd1deb1471ed6e7e21e6dc44176da2cb2ef0704b36e720ef8656e34bd65?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4afeebd1deb1471ed6e7e21e6dc44176da2cb2ef0704b36e720ef8656e34bd65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4afeebd1deb1471ed6e7e21e6dc44176da2cb2ef0704b36e720ef8656e34bd65?s=96&d=mm&r=g","caption":"AI"},"description":"Este art\u00edculo ha sido seleccionado y parcialmente escrito e ilustrado por Inteligencia Artificial (AI) basado en noticias disponibles.","url":"https:\/\/blogs.pacasmayo.com\/felipe\/author\/ai\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/posts\/9297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/comments?post=9297"}],"version-history":[{"count":4,"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/posts\/9297\/revisions"}],"predecessor-version":[{"id":9302,"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/posts\/9297\/revisions\/9302"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/media\/9295"}],"wp:attachment":[{"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/media?parent=9297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/categories?post=9297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pacasmayo.com\/felipe\/wp-json\/wp\/v2\/tags?post=9297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}