Add script for create certificate for server and client and add test test tls connection

2026-02-13 11:06:25 +05:00 · 2018-06-04 09:07:00 -04:00
parent 43a979eb12
commit f0cace6fc0
19 changed files with 474 additions and 195 deletions
--- a/cmd/cgr-console/cgr-console.go
+++ b/cmd/cgr-console/cgr-console.go
@@ -40,7 +40,7 @@ var (
 	version          = flag.Bool("version", false, "Prints the application version.")
 	verbose          = flag.Bool("verbose", false, "Show extra info about command execution.")
 	server           = flag.String("server", "127.0.0.1:2012", "server address host:port")
-	rpc_encoding     = flag.String("rpc_encoding", "json", "RPC encoding used <gob|json|json_tls|gob_tls>")
+	rpc_encoding     = flag.String("rpc_encoding", "json", "RPC encoding used <gob|json>")
 	certificate_path = flag.String("crt_path", "", "path to certificate for tls connection")
 	key_path         = flag.String("key_path", "", "path to key for tls connection")
 	client           *rpcclient.RpcClient
--- a/cmd/cgr-engine/cgr-engine.go
+++ b/cmd/cgr-engine/cgr-engine.go
@@ -111,7 +111,8 @@ func startCdrc(internalCdrSChan, internalRaterChan chan rpcclient.RpcClientConne
 	for _, cdrcCfg = range cdrcCfgs { // Take the first config out, does not matter which one
 		break
 	}
-	cdrsConn, err := engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+	cdrsConn, err := engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+		cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 		cdrcCfg.CdrsConns, internalCdrSChan, cfg.InternalTtl)
 	if err != nil {
 		utils.Logger.Crit(fmt.Sprintf("<CDRC> Could not connect to CDRS via RPC: %s", err.Error()))
@@ -138,7 +139,7 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in
 	var err error
 	var ralsConns, resSConns, threshSConns, statSConns, suplSConns, attrSConns, cdrsConn *rpcclient.RpcClientPool
 	if len(cfg.SessionSCfg().RALsConns) != 0 {
-		ralsConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST,
+		ralsConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
 			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.SessionSCfg().RALsConns, internalRaterChan, cfg.InternalTtl)
 		if err != nil {
@@ -148,7 +149,7 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in
 		}
 	}
 	if len(cfg.SessionSCfg().ResSConns) != 0 {
-		resSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST,
+		resSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
 			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.SessionSCfg().ResSConns, internalResourceSChan, cfg.InternalTtl)
 		if err != nil {
@@ -158,7 +159,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in
 		}
 	}
 	if len(cfg.SessionSCfg().ThreshSConns) != 0 {
-		threshSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		threshSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.SessionSCfg().ThreshSConns, internalThresholdSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to ThresholdS: %s", utils.SessionS, err.Error()))
@@ -167,7 +169,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in
 		}
 	}
 	if len(cfg.SessionSCfg().StatSConns) != 0 {
-		statSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		statSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.SessionSCfg().StatSConns, internalStatSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to StatS: %s", utils.SessionS, err.Error()))
@@ -176,7 +179,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in
 		}
 	}
 	if len(cfg.SessionSCfg().SupplSConns) != 0 {
-		suplSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		suplSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.SessionSCfg().SupplSConns, internalSupplierSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to SupplierS: %s", utils.SessionS, err.Error()))
@@ -185,7 +189,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in
 		}
 	}
 	if len(cfg.SessionSCfg().AttrSConns) != 0 {
-		attrSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		attrSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.SessionSCfg().AttrSConns, internalAttrSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to AttributeS: %s", utils.SessionS, err.Error()))
@@ -194,7 +199,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in
 		}
 	}
 	if len(cfg.SessionSCfg().CDRsConns) != 0 {
-		cdrsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		cdrsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.SessionSCfg().CDRsConns, internalCDRSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to RALs: %s", utils.SessionS, err.Error()))
@@ -259,7 +265,8 @@ func startDiameterAgent(internalSMGChan, internalPubSubSChan chan rpcclient.RpcC
 	utils.Logger.Info("Starting CGRateS DiameterAgent service")
 	var smgConn, pubsubConn *rpcclient.RpcClientPool
 	if len(cfg.DiameterAgentCfg().SessionSConns) != 0 {
-		smgConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		smgConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.DiameterAgentCfg().SessionSConns, internalSMGChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<DiameterAgent> Could not connect to SMG: %s", err.Error()))
@@ -268,7 +275,8 @@ func startDiameterAgent(internalSMGChan, internalPubSubSChan chan rpcclient.RpcC
 		}
 	}
 	if len(cfg.DiameterAgentCfg().PubSubConns) != 0 {
-		pubsubConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		pubsubConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.DiameterAgentCfg().PubSubConns, internalPubSubSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<DiameterAgent> Could not connect to PubSubS: %s", err.Error()))
@@ -293,8 +301,8 @@ func startRadiusAgent(internalSMGChan chan rpcclient.RpcClientConnection, exitCh
 	utils.Logger.Info("Starting CGRateS RadiusAgent service")
 	var smgConn *rpcclient.RpcClientPool
 	if len(cfg.RadiusAgentCfg().SessionSConns) != 0 {
-		smgConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts,
-			cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		smgConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.RadiusAgentCfg().SessionSConns, internalSMGChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<RadiusAgent> Could not connect to SMG: %s", err.Error()))
@@ -351,7 +359,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection,
 	utils.Logger.Info("Starting CGRateS CDRS service.")
 	var ralConn, pubSubConn, usersConn, attrSConn, aliasesConn, cdrstatsConn, thresholdSConn, statsConn *rpcclient.RpcClientPool
 	if len(cfg.CDRSRaterConns) != 0 { // Conn pool towards RAL
-		ralConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		ralConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.CDRSRaterConns, internalRaterChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<CDRS> Could not connect to RAL: %s", err.Error()))
@@ -360,7 +369,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection,
 		}
 	}
 	if len(cfg.CDRSPubSubSConns) != 0 { // Pubsub connection init
-		pubSubConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		pubSubConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.CDRSPubSubSConns, internalPubSubSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<CDRS> Could not connect to PubSubSystem: %s", err.Error()))
@@ -369,7 +379,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection,
 		}
 	}
 	if len(cfg.CDRSAttributeSConns) != 0 { // Users connection init
-		attrSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		attrSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.CDRSAttributeSConns, internalAttributeSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<CDRS> Could not connect to %s: %s",
@@ -379,7 +390,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection,
 		}
 	}
 	if len(cfg.CDRSUserSConns) != 0 { // Users connection init
-		usersConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		usersConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.CDRSUserSConns, internalUserSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<CDRS> Could not connect to UserS: %s", err.Error()))
@@ -388,7 +400,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection,
 		}
 	}
 	if len(cfg.CDRSAliaseSConns) != 0 { // Aliases connection init
-		aliasesConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		aliasesConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.CDRSAliaseSConns, internalAliaseSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<CDRS> Could not connect to AliaseS: %s", err.Error()))
@@ -397,7 +410,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection,
 		}
 	}
 	if len(cfg.CDRSCDRStatSConns) != 0 { // Stats connection init
-		cdrstatsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		cdrstatsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.CDRSCDRStatSConns, internalCdrStatSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<CDRS> Could not connect to CDRStatS: %s", err.Error()))
@@ -406,7 +420,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection,
 		}
 	}
 	if len(cfg.CDRSThresholdSConns) != 0 { // Stats connection init
-		thresholdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		thresholdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.CDRSThresholdSConns, internalThresholdSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<CDRS> Could not connect to ThresholdS: %s", err.Error()))
@@ -415,7 +430,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection,
 		}
 	}
 	if len(cfg.CDRSStatSConns) != 0 { // Stats connection init
-		statsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		statsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.CDRSStatSConns, internalStatSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<CDRS> Could not connect to StatS: %s", err.Error()))
@@ -530,7 +546,8 @@ func startResourceService(internalRsChan chan rpcclient.RpcClientConnection, cac
 	filterS := <-filterSChan
 	filterSChan <- filterS
 	if len(cfg.ResourceSCfg().ThresholdSConns) != 0 { // Stats connection init
-		thdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		thdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.ResourceSCfg().ThresholdSConns, internalThresholdSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<ResourceS> Could not connect to ThresholdS: %s", err.Error()))
@@ -572,7 +589,8 @@ func startStatService(internalStatSChan chan rpcclient.RpcClientConnection, cach
 	filterS := <-filterSChan
 	filterSChan <- filterS
 	if len(cfg.StatSCfg().ThresholdSConns) != 0 { // Stats connection init
-		thdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+		thdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.StatSCfg().ThresholdSConns, internalThresholdSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<StatS> Could not connect to ThresholdS: %s", err.Error()))
@@ -644,10 +662,9 @@ func startSupplierService(internalSupplierSChan chan rpcclient.RpcClientConnecti
 	filterSChan <- filterS
 	var resourceSConn, statSConn *rpcclient.RpcClientPool
 	if len(cfg.SupplierSCfg().ResourceSConns) != 0 {
-		resourceSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST,
-			cfg.ConnectAttempts, cfg.Reconnects,
-			cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SupplierSCfg().ResourceSConns,
-			internalRsChan, cfg.InternalTtl)
+		resourceSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+			cfg.SupplierSCfg().ResourceSConns, internalRsChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to ResourceS: %s",
 				utils.SupplierS, err.Error()))
@@ -656,10 +673,9 @@ func startSupplierService(internalSupplierSChan chan rpcclient.RpcClientConnecti
 		}
 	}
 	if len(cfg.SupplierSCfg().StatSConns) != 0 {
-		statSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST,
-			cfg.ConnectAttempts, cfg.Reconnects,
-			cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SupplierSCfg().StatSConns,
-			internalStatSChan, cfg.InternalTtl)
+		statSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout,
+			cfg.ReplyTimeout, cfg.SupplierSCfg().StatSConns, internalStatSChan, cfg.InternalTtl)
 		if err != nil {
 			utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to StatS: %s",
 				utils.SupplierS, err.Error()))
@@ -718,7 +734,7 @@ func startDispatcherService(internalDispatcherSChan, internalRaterChan chan rpcc
 	var err error
 	var ralsConns, resSConns, threshSConns, statSConns, suplSConns, attrSConns, sessionsSConns *rpcclient.RpcClientPool
 	if len(cfg.DispatcherSCfg().RALsConns) != 0 {
-		ralsConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST,
+		ralsConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
 			cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 			cfg.DispatcherSCfg().RALsConns, internalRaterChan, cfg.InternalTtl)
 		if err != nil {
--- a/cmd/cgr-engine/rater.go
+++ b/cmd/cgr-engine/rater.go
@@ -62,7 +62,8 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en
 		go func() {
 			defer close(thdsTaskChan)
 			var err error
-			thdS, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+			thdS, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+				cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 				cfg.RALsThresholdSConns, internalThdSChan, cfg.InternalTtl)
 			if err != nil {
 				utils.Logger.Crit(fmt.Sprintf("<RALs> Could not connect to ThresholdS, error: %s", err.Error()))
@@ -79,7 +80,8 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en
 		go func() {
 			defer close(cdrstatTaskChan)
 			var err error
-			cdrStats, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+			cdrStats, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+				cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 				cfg.RALsCDRStatSConns, internalCdrStatSChan, cfg.InternalTtl)
 			if err != nil {
 				utils.Logger.Crit(fmt.Sprintf("<RALs> Could not connect to CDRStatS, error: %s", err.Error()))
@@ -96,7 +98,8 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en
 		go func() {
 			defer close(statsTaskChan)
 			var err error
-			stats, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
+			stats, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
+				cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 				cfg.RALsStatSConns, internalStatSChan, cfg.InternalTtl)
 			if err != nil {
 				utils.Logger.Crit(fmt.Sprintf("<RALs> Could not connect to StatS, error: %s", err.Error()))
@@ -111,7 +114,7 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en
 		waitTasks = append(waitTasks, pubsubTaskChan)
 		go func() {
 			defer close(pubsubTaskChan)
-			if pubSubSConns, err := engine.NewRPCPool(rpcclient.POOL_FIRST,
+			if pubSubSConns, err := engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
 				cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 				cfg.RALsPubSubSConns, internalPubSubSChan, cfg.InternalTtl); err != nil {
 				utils.Logger.Crit(fmt.Sprintf("<RALs> Could not connect to PubSubS: %s", err.Error()))
@@ -130,7 +133,7 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en
 		go func() {
 			defer close(attrsTaskChan)
 			var err error
-			attrS, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts,
+			attrS, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, cfg.ConnectAttempts,
 				cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 				cfg.RALsAttributeSConns, internalAttributeSChan, cfg.InternalTtl)
 			if err != nil {
@@ -147,7 +150,7 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en
 		waitTasks = append(waitTasks, aliasesTaskChan)
 		go func() {
 			defer close(aliasesTaskChan)
-			if aliaseSCons, err := engine.NewRPCPool(rpcclient.POOL_FIRST,
+			if aliaseSCons, err := engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
 				cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 				cfg.RALsAliasSConns, internalAliaseSChan, cfg.InternalTtl); err != nil {
 				utils.Logger.Crit(fmt.Sprintf("<RALs> Could not connect to AliaseS, error: %s", err.Error()))
@@ -166,7 +169,7 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en
 		go func() {
 			defer close(usersTaskChan)
 			var err error
-			if usersConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST,
+			if usersConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate,
 				cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout,
 				cfg.RALsUserSConns, internalUserSChan, cfg.InternalTtl); err != nil {
 				utils.Logger.Crit(fmt.Sprintf("<RALs> Could not connect UserS, error: %s", err.Error()))
--- a/cmd/cgr-loader/cgr-loader.go
+++ b/cmd/cgr-loader/cgr-loader.go
@@ -49,6 +49,8 @@ var (
 		"The DataDb user to sign in as.")
 	dataDBPasswd = flag.String("datadb_passwd", dfltCfg.DataDbPass,
 		"The DataDb user's password.")
+	dbDataEncoding = flag.String("dbdata_encoding", dfltCfg.DBDataEncoding,
+		"The encoding used to store object data in strings")

 	storDBType = flag.String("stordb_type", dfltCfg.StorDBType,
 		"The type of the storDb database <*mysql|*postgres|*mongo>")
@@ -63,9 +65,6 @@ var (
 	storDBPasswd = flag.String("stordb_passwd", dfltCfg.StorDBPass,
 		"The storDb user's password.")

-	dbDataEncoding = flag.String("dbdata_encoding", dfltCfg.DBDataEncoding,
-		"The encoding used to store object data in strings")
-
 	flush = flag.Bool("flushdb", false,
 		"Flush the database before importing")
 	tpid = flag.String("tpid", dfltCfg.LoaderCgrConfig.TpID,
@@ -78,8 +77,6 @@ var (
 		"Enable detailed verbose logging output")
 	dryRun = flag.Bool("dry_run", false,
 		"When true will not save loaded data to dataDb but just parse it for consistency and errors.")
-	//validate = flag.Bool("validate", false,
-	//	"When true will run various check on the loaded data to check for structural errors")

 	fromStorDB    = flag.Bool("from_stordb", false, "Load the tariff plan from storDb to dataDb")
 	toStorDB      = flag.Bool("to_stordb", false, "Import the tariff plan from files to storDb")
@@ -298,7 +295,8 @@ func main() {
 	}
 	if len(ldrCfg.LoaderCgrConfig.CachesConns) != 0 { // Init connection to CacheS so we can reload it's data
 		if cacheS, err = rpcclient.NewRpcClient("tcp",
-			ldrCfg.LoaderCgrConfig.CachesConns[0].Address, "", "", 3, 3,
+			ldrCfg.LoaderCgrConfig.CachesConns[0].Address,
+			ldrCfg.TLSClientKey, ldrCfg.TLSClientCerificate, 3, 3,
 			time.Duration(1*time.Second), time.Duration(5*time.Minute),
 			strings.TrimPrefix(ldrCfg.LoaderCgrConfig.CachesConns[0].Transport, utils.Meta),
 			nil, false); err != nil {
@@ -315,7 +313,8 @@ func main() {
 			*usersAddress == ldrCfg.LoaderCgrConfig.CachesConns[0].Address {
 			userS = cacheS
 		} else {
-			if userS, err = rpcclient.NewRpcClient("tcp", *usersAddress, "", "", 3, 3,
+			if userS, err = rpcclient.NewRpcClient("tcp", *usersAddress,
+				ldrCfg.TLSClientKey, ldrCfg.TLSClientCerificate, 3, 3,
 				time.Duration(1*time.Second), time.Duration(5*time.Minute),
 				strings.TrimPrefix(*rpcEncoding, utils.Meta), nil, false); err != nil {
 				log.Fatalf("Could not connect to UserS API: %s", err.Error())
--- a/config/config.go
+++ b/config/config.go
@@ -280,6 +280,8 @@ type CGRConfig struct {
 	HTTPTLSListen            string            // HTTP TLS listening address
 	TLSServerCerificate      string            // path to server certificate
 	TLSServerKey             string            // path to server key
+	TLSClientCerificate      string            // path to client certificate
+	TLSClientKey             string            // path to client key
 	HTTPJsonRPCURL           string            // JSON RPC relative URL ("" to disable)
 	HTTPFreeswitchCDRsURL    string            // Freeswitch CDRS relative URL ("" to disable)
 	HTTPCDRsURL              string            // CDRS relative URL ("" to disable)
@@ -1027,6 +1029,12 @@ func (self *CGRConfig) loadFromJsonCfg(jsnCfg *CgrJsonCfg) (err error) {
 		if jsnListenCfg.Tls_server_key != nil && *jsnListenCfg.Tls_server_key != "" {
 			self.TLSServerKey = *jsnListenCfg.Tls_server_key
 		}
+		if jsnListenCfg.Tls_client_certificate != nil && *jsnListenCfg.Tls_client_certificate != "" {
+			self.TLSClientCerificate = *jsnListenCfg.Tls_client_certificate
+		}
+		if jsnListenCfg.Tls_client_key != nil && *jsnListenCfg.Tls_client_key != "" {
+			self.TLSClientKey = *jsnListenCfg.Tls_client_key
+		}
 	}

 	if jsnHttpCfg != nil {
--- a/config/config_defaults.go
+++ b/config/config_defaults.go
@@ -87,6 +87,8 @@ const CGRATES_CFG_JSON = `
 	"http_tls": "127.0.0.1:2280",			// HTTP TLS listening address
 	"tls_server_certificate" : "",			// path to server certificate(must conatin server.crt + ca.crt)
 	"tls_server_key":"",					// path to server key
+	"tls_client_certificate" : "",			// path to client certificate(must conatin client.crt + ca.crt)
+	"tls_client_key":"",					// path to client key
 },


--- a/config/config_json_test.go
+++ b/config/config_json_test.go
@@ -183,6 +183,8 @@ func TestDfListenJsonCfg(t *testing.T) {
 		Http_tls:               utils.StringPointer("127.0.0.1:2280"),
 		Tls_server_certificate: utils.StringPointer(""),
 		Tls_server_key:         utils.StringPointer(""),
+		Tls_client_certificate: utils.StringPointer(""),
+		Tls_client_key:         utils.StringPointer(""),
 	}
 	if cfg, err := dfCgrJsonCfg.ListenJsonCfg(); err != nil {
 		t.Error(err)
--- a/config/libconfig_json.go
+++ b/config/libconfig_json.go
@@ -54,6 +54,8 @@ type ListenJsonCfg struct {
 	Http_tls               *string
 	Tls_server_certificate *string
 	Tls_server_key         *string
+	Tls_client_certificate *string
+	Tls_client_key         *string
 }

 // HTTP config section
--- a/data/conf/samples/tls/cgrates.json
+++ b/data/conf/samples/tls/cgrates.json
@@ -0,0 +1,101 @@
+{
+// CGRateS Configuration file
+//
+
+
+"general": {
+	"log_level": 7,
+},
+
+
+"listen": {
+	"rpc_json": ":2012",
+	"rpc_gob": ":2013",
+	"http": ":2080",
+	"rpc_json_tls":":2022",
+	"rpc_gob_tls":":2023",
+	"tls_server_certificate" : "/usr/share/cgrates/tls/serverCA.crt",			// path to server certificate(must conatin server.crt + ca.crt)
+	"tls_server_key":"/usr/share/cgrates/tls/server.key",					// path to server key
+	"tls_client_certificate" : "/usr/share/cgrates/tls/clientCA.crt",			// path to client certificate(must conatin client.crt + ca.crt)
+	"tls_client_key":"/usr/share/cgrates/tls/client.key",					// path to client key
+},
+
+"data_db": {								// database used to store runtime data (eg: accounts, cdr stats)
+	"db_type": "redis",						// data_db type: <redis|mongo>
+	"db_port": 6379, 						// data_db port to reach the database
+	"db_name": "10", 						// data_db database name to connect to
+	
+},
+
+
+"stor_db": {
+	"db_password": "CGRateS.org",
+},
+
+
+"cache":{
+	"destinations": {"limit": 10000, "ttl":"0s", "precache": true},
+	"reverse_destinations": {"limit": 10000, "ttl":"0s", "precache": true},
+	"rating_plans": {"limit": 10000, "ttl":"0s","precache": true},
+	"rating_profiles": {"limit": 10000, "ttl":"0s", "precache": true},
+	"lcr_rules": {"limit": 10000, "ttl":"0s", "precache": true},
+	"cdr_stats": {"limit": 10000, "ttl":"0s", "precache": true},
+	"actions": {"limit": 10000, "ttl":"0s", "precache": true},
+	"action_plans": {"limit": 10000, "ttl":"0s", "precache": true},
+	"account_action_plans": {"limit": 10000, "ttl":"0s", "precache": true},
+	"action_triggers": {"limit": 10000, "ttl":"0s", "precache": true},
+	"shared_groups": {"limit": 10000, "ttl":"0s", "precache": true},
+	"aliases": {"limit": 10000, "ttl":"0s", "precache": true},
+	"reverse_aliases": {"limit": 10000, "ttl":"0s", "precache": true},
+	"derived_chargers": {"limit": 10000, "ttl":"0s", "precache": true},
+	"resource_profiles": {"limit": 10000, "ttl":"0s", "precache": true},
+	"resources": {"limit": 10000, "ttl":"0s", "precache": true},
+	"statqueues": {"limit": 10000, "ttl":"0s", "precache": true},
+	"statqueue_profiles": {"limit": 10000, "ttl":"0s", "precache": true},
+	"thresholds": {"limit": 10000, "ttl":"0s", "precache": true},
+	"threshold_profiles": {"limit": 10000, "ttl":"0s", "precache": true},
+	"filters": {"limit": 10000, "ttl":"0s", "precache": true},
+	"supplier_profiles": {"limit": 10000, "ttl":"0s", "precache": true},
+	"attribute_profiles": {"limit": 10000, "ttl":"0s", "precache": true},
+	"resource_filter_indexes" :{"limit": 10000, "ttl":"0s"},
+	"resource_filter_revindexes" : {"limit": 10000, "ttl":"0s"},
+	"stat_filter_indexes" : {"limit": 10000, "ttl":"0s"},
+	"stat_filter_revindexes" : {"limit": 10000, "ttl":"0s"},
+	"threshold_filter_indexes" : {"limit": 10000, "ttl":"0s"},
+	"threshold_filter_revindexes" : {"limit": 10000, "ttl":"0s"},
+	"supplier_filter_indexes" : {"limit": 10000, "ttl":"0s"},
+	"supplier_filter_revindexes" :{"limit": 10000, "ttl":"0s"},
+	"attribute_filter_indexes" : {"limit": 10000, "ttl":"0s"},
+	"attribute_filter_revindexes" : {"limit": 10000, "ttl":"0s"},
+},
+
+
+"rals": {
+	"enabled": true,
+},
+
+
+"resources": {
+	"enabled": true,
+	"store_interval": "1s",
+	"thresholds_conns": [
+		{"address": "*internal"}
+	],
+},
+
+
+"stats": {
+	"enabled": true,
+	"store_interval": "1s",
+	"thresholds_conns": [
+		{"address": "*internal"}
+	],
+},
+
+"thresholds": {
+	"enabled": true,
+	"store_interval": "1s",
+},
+
+
+}
--- a/data/tls/client.crt
+++ b/data/tls/client.crt
@@ -1,46 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDqDCCApACCQD7WK5oHdesRjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC
-REUxEDAOBgNVBAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDER
-MA8GA1UECgwISVRzeXNDT00xDTALBgNVBAsMBHJvb3QxEjAQBgNVBAMMCWxvY2Fs
-aG9zdDEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBpdHN5c2NvbS5jb20wHhcNMTgw
-NjA0MDkyMjM3WhcNMTgwNzA0MDkyMjM3WjCBljELMAkGA1UEBhMCREUxEDAOBgNV
-BAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDERMA8GA1UECgwI
-SVRzeXNDT00xDzANBgNVBAsMBmNsaWVudDESMBAGA1UEAwwJbG9jYWxob3N0MSMw
-IQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAM72mFt56EnKXNPknsHkC1ObLbic6dJksBfMgPz3
-zpGdS16v/K7diHMKR/og6xFOQay30rffQAdTRcCxb9Xg0K+JNS2bxKttcCm8zLfI
-O02JuBNJ2IN9S3TRpetoBW1xgprvpeYu4MFM9Ng7qqzexSwlMvJ5cxGmrLf22VYt
-BbksPTJuAp5QDUbxjHqJGie0jpZY2jk8c/gr51Jdty+B7idxiSMOAhv6zKadYi3D
-Rqz/0g6jwBN0K3xJosmeg0vFrtDRe4unblfrXHT/DeqmqOLqPgd1bpZqt9ACsJIC
-d2Qr64uStFon2kcXA4niCEVVKqgoSN8mhGzEFqfVz9dzHYcCAwEAATANBgkqhkiG
-9w0BAQsFAAOCAQEAQYr+SccZL/MC0cNBwFcZ6Ieve0vlIzhXsZJYxdAiMzvJgmsy
-44Sis0SDpKA0nQ4YCCAGksCSlRJ/EQfhBHyLIIM14yzlPxmhaxZMpNppR9fGpRSq
-sd3FFPcnJLi/7bf6ukr7P96dO1RqnS7BzoEKKfr1uxpgLTO1J39/R2g3111M5TSb
-VycaPJIAlhHTrne4iJYJrMcWLbPQ6Vm2+PSbdTxT2b5LK+/9Unj1hg78LZ0Nri6V
-RK0RkVm+hlvOaWyq63/5NGJIRAJs+SNqJp/yj/TOfWRydKMMCXTKiw7hXi5hvRx5
-ttQAJYuj0BFq/qqg7JppKxvJNCz/fxLdhXO+RA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIID/TCCAuWgAwIBAgIJAKDyy6mFEOjvMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
-VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o
-YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJ
-bG9jYWxob3N0MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTAe
-Fw0xODA2MDQwOTIyMzZaFw0xODA3MDQwOTIyMzZaMIGUMQswCQYDVQQGEwJERTEQ
-MA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxsMREwDwYD
-VQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJbG9jYWxob3N0
-MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBALWp25CMGfnJoXwRkWa2M229seqsQtxl81LX
-CSgiz4YixDW9uyVolY3hmnuiQsnCPtykdqpbS+/spGeY+0v+h0Bjii8aqSVwVP5z
-eqXlTEGG6ZwA4FTM6S++yY591Z9f8N3CrVp+w+lfuI8cndycD5ylRNMGMQhVTBwL
-qBu1Sxw+9QIdj/aB/R9x24l/pbsiknxaFSU0vEjAvN6PJ0RbZPQZqK2+tqEuN5jk
-zcUNr1LDz9HVdvDDjgwLO/yGZ+ZksxViMwbDoHRqZnsGDfLcdBtYJ/heiVz++tSY
-cHiXEMWfckoHGwixXv7jR9xd8yzB68rQjc3ZCFeq9t7SIvVu0fECAwEAAaNQME4w
-HQYDVR0OBBYEFDxuN0Za0g9WVTbVwFdXELA2MTU+MB8GA1UdIwQYMBaAFDxuN0Za
-0g9WVTbVwFdXELA2MTU+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
-ADnDCdL3XoXCo7Ns52kt2IZ413fAESvFjlyCjDG7PgfRlXUvLBWSF5puIecQbOHE
-iWuuvDM1mXQGNAL7XxYCPjkXAXvtwEsTsD374SIc8ryrNgjVWPP9ozc6D/mxKAyt
-Tr6t1+dKghQnQOd+sYH6J8w1XVyrribymFX4HoN3bPD36Pz8KtJtwmU/SRdDQa3L
-9D4rNQla/kHc30E6xWgfeUpk170bvEtvZNfKSm6Q3UavJpsiV5Tb4ewui4c0Tqf2
-V04HgBbxb393sA5bpr8M+2bqTRu3DU9vfeDSBUQ183XyDP7UzukEUOpSCCyPLWqD
-ubaRobwNlwbyYpzLTd/SApE=
-----END CERTIFICATE-----
--- a/data/tls/client.key
+++ b/data/tls/client.key
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDO9phbeehJylzT
-5J7B5AtTmy24nOnSZLAXzID8986RnUter/yu3YhzCkf6IOsRTkGst9K330AHU0XA
-sW/V4NCviTUtm8SrbXApvMy3yDtNibgTSdiDfUt00aXraAVtcYKa76XmLuDBTPTY
-O6qs3sUsJTLyeXMRpqy39tlWLQW5LD0ybgKeUA1G8Yx6iRontI6WWNo5PHP4K+dS
-Xbcvge4ncYkjDgIb+symnWItw0as/9IOo8ATdCt8SaLJnoNLxa7Q0XuLp25X61x0
-/w3qpqji6j4HdW6WarfQArCSAndkK+uLkrRaJ9pHFwOJ4ghFVSqoKEjfJoRsxBan
-1c/Xcx2HAgMBAAECggEBAI9Xzhh1a8RH61k7HBXwa0Ph053s2CnHYQtqseADhkfm
-aMBRJbK7bvk2ormEOStIR0ZoHwMJFiC8tTAL9QhuaDtbzcAkBegxqSDPSf70KNbA
-TwTU/ae8jRmA5ukPp8qwdqP23bF6wGJBeceWM9T9ihTUQuAb6+3Kwg+8YbVFA5TG
-5vXThEGEhJX74Y8Z5epQp5Q4Nex1LJVJBKc7M+gONJwheoRigoaPTVNdk5oiSfGU
-90X/XjWdBqggZHOw/ZgzRS1oyOozhws8oduastcNCl76B3XfaNXswDnI/977iyJC
-z/DelKKg7VlfE3FRutdxFq6lKMMD9EvvD9eJaZcUXzECgYEA8aSQgHtlJNojBveF
-zwt+Mk+u91pS3iChUKA/04ii/MqXrOHFcVyJXTheEWr2Lt9nTpFUXG6bfgAR9xt0
-44dYFLkjNvzFoTXJOL3TN9Hociccn3n+XeK1bzVnsKIEmEORAHYs31kIbMZ4JWDK
-D+dhiMcT+8P1bQx2KM2rrjjU/JkCgYEA20KMLNPKkukHN1q2m5iGAeuO4EF2lnzq
-kv6d8StPyClUhjJgiRJRCOeyeIeGzXs/kV0i9+Tf6vKku0Bm/XS7T8+3TRMOTeM4
-5sw7qjsloUbNMaK9TlahO6P0gyZEgT3GYj09mZNj1vSOqlyRYQrTaTYObBF1fAPR
-zsuuDwziHx8CgYBIlp3N6sN0cY7KHfr1Okebh3JQ3bI9BeJPnQPvYIFNnPI5Pc0Z
-A6pD9ZXUd6QianvXDzMfXR6amBzNdVMEsniUKRVaBE694bFjuSpE/2prODKR+Yye
-2WaVVJ6kYdctgkaBs/5AzbcJLgmTeOLaKjCTbPIk1DXanz6zfS0QdgQNKQKBgDIC
-h75hwD6p7/9sLWJn84jUlY4I4GeKrmZAtP2hB118L888BlC9YMZLMqXTI6gSiHk7
-aRJpnbkVBwW+tr7wtRiLJB/sTMLvJLdftewp+XdDkuHTYKJRmAzmZIrVW6Ku2GTn
-2vkAaTFKLpAk9PPRaE8DCV8UzFsw89XbFyRPp/O5AoGBAJ9CKMsLj+p1TqV2m07T
-e11keazqQM5Zgg1te+jXMV90V5kbE5g2FsEdl3yxM/AJbDRe2t9qM4HKqmY7Nx27
-ug++gaYfAPTlY4xSMLV0U4rU0LsNdpyrZdZ8W7HX/XIJZPZ0cP7FUFul3/SgXobB
-2aog/eQf+VtiMVPGpUP3XcOp
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDnuCCAiHTpUIaf
+Lmzbu2ODPawjSdKsMaaZ/G9uP+pGAJ4/3np04j5mXjne3OtbN2iAClpYdhzbPCoL
+uFqfSTlE1JCg5s/6JoCvJQip4T+hTyx4xFVC01lwyL8BRrgPg/ucAA5l4w4VqxpX
+7zYz3TSpy9xZt9rII2iIR6GURfZjszK5KzBO/luEfJ9tefiRntwHfposdQY6iIKg
+4ahlKE/S9hgpby8NZa4QwNGrg6KmQtevsPgf46GDD5MRimmCqXo3zFIpjF6m3VKX
+nMpepFuFADJcijT6aqAkOQ60pta80jPugghHji7FB9KmT01rJloWtuN680orRe/q
+e3sxCr21AgMBAAECggEBANd8oa0mOSLoIelScSV+hDJ+XeCLPIGpwrcczDuI8MKc
+vI3ExbiA1Wq5YbPhWnX/dwzrk80EOh2fO7KehJfwrnNWAhG/09VbjPxTwlTJBjVq
+vX6phmiYx2pdJVN4gp7bLFeMrdcOagC4l80CxjNBGUJ2NLqygaDxXLqvcpHC5jkb
+naSkJ5EHCE/PHW3zmiEgmfyAWhrR+s1f2iFCHnw01zuMT8iimLmPsrK8xCEl57np
+X3G1R3q4fKcAmaX5Q1uork6qPhX5SAsF2m0yHZZjeBbNKuMJPSwrM4A5iXiR27s
+qjGVn3w1JzDz1759WcP/nOUTWpuzY2AZ2MfKg+OIGJkCgYEA9PqZ3YNks7A1zQ03
+Kr7XrM6mnBGzSppyv1XnCZHhJMXuck1Zg01G7Xjtz761a1wYMze3hDj6Ekhs2z6e
+wMtMwWg2WLjkMe/GT1j1g5CbiNzlkDfnswL5ntT+1JcwVDqGCLIY1Awqz4485LDg
+J9ucFdrI0uTvzHl6ipYgagU3BusCgYEA8iTQzLIM9d6t6YQWHGkXiMEFQyvvq6ZK
+XwpgC5k47DGiaWUEc6g562+LVgKBPlJvLeh4IDe6ku10+JVxEQY/bWne3jNAU0IV
+8o+6v8XRfmVuG80tn8cc2wpmeUt5Bke1moef8rSxtnCeuJ7B+Eyr9W5TZcQ37uPd
+9UNn3OrjZd8CgYEA7BrWzmpDVPdAcxcIk1cJUJB+fS6GCSHf885b9Jo3TpTBIkKw
+Qd7pvBfvw2g/O3CwFjTd1z5+rb5Fw+yPXqrRmBnTPyE7NXGtRG4teZaWgIq9aYin
+85yrbkxEKipottUMtzbGvR/Y5t9kith5wZBj16BcKv3gq8Zst0LHjMbn6O8CgYEA
+yTxBbqxWSwt52wST356TGWrYdb+Q2kVDr4KO2XTIMrr5L7/tGDVplTlJQfyo7mNR
+1IRLOPM3kh3XxTNlGPHpSoPe3SkYv1i/pqs+V1wOQ44GGQLGdO/kEkGtcgaAGPEF
+gtxN2EXFH0qvDd2adEE786dxlbShi15COy9+pMFspF8CgYEAmxxOWc7Z4gEYwS9n
+2QrhSf2JCbInaZUnv+lr2x4pHUzZlKnY9QD0ta13Ub/uFScPvWQiAATsQTPgzysA
+w/uICbjDlF7hXk1+V4F2pxBwMcXEvl95PJ/Vedc1MSldUPH3TbKZpGr+NOXLp5th
+Cmg3FMWRvgp8nZ1bsPpm0mXzkSM=
 -----END PRIVATE KEY-----
--- a/data/tls/clientCA.crt
+++ b/data/tls/clientCA.crt
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApACCQDN74icxWmu/DANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDER
+MA8GA1UECgwISVRzeXNDT00xDTALBgNVBAsMBHJvb3QxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBpdHN5c2NvbS5jb20wHhcNMTgw
+NjA0MTMwNDUzWhcNMTgwNzA0MTMwNDUzWjCBljELMAkGA1UEBhMCREUxEDAOBgNV
+BAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDERMA8GA1UECgwI
+SVRzeXNDT00xDzANBgNVBAsMBmNsaWVudDESMBAGA1UEAwwJbG9jYWxob3N0MSMw
+IQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOe4IICIdOlQhp8ubNu7Y4M9rCNJ0qwxppn8b24/
+6kYAnj/eenTiPmZeOd7c61s3aIAKWlh2HNs8Kgu4Wp9JOUTUkKDmz/omgK8lCKnh
+P6FPLHjEVULTWXDIvwFGuA+D+5wADmXjDhWrGlfvNjPdNKnL3Fm32sgjaIhHoZRF
+9mOzMrkrME7+W4R8n215+JGe3Ad+mix1BjqIgqDhqGUoT9L2GClvLw1lrhDA0auD
+oqZC16+w+B/joYMPkxGKaYKpejfMUimMXqbdUpecyl6kW4UAMlyKNPpqoCQ5DrSm
+1rzSM+6CCEeOLsUH0qZPTWsmWha243rzSitF7+p7ezEKvbUCAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAyaAOowvVT7itzCRIC107I13JxFvj4rP4Thgsw2iRNkHvMkDV
+Nui0Wh47TVkZFEFmBPXvDF6g0/5nzqMsBZqNUeN0pkLbd+FOgtKoPg+4SZK0HM+6
+4FjiwdHMopOb13oQ0Z7RubWhbyt5h/e/VIjyomnmf6HoQMLEHXcJyKA7OtH0qwZq
+WxAjZvjCUo+Q9D6hgPsguXsgUnwDRl1ofbhDeESRZ+s01tl5znJa/JEjDR6TcAFi
+PETPiHaqRZGoPyA021bbnlG4qhYRDRgOsjQN1FC8LFi+Y4LmYhZKLDFjM4tpkdvS
+brXjOJ8406k/H+a2Wck4KuFbQvzozkl5GgSqeg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID/TCCAuWgAwIBAgIJAPtQI9LtiBDeMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o
+YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJ
+bG9jYWxob3N0MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTAe
+Fw0xODA2MDQxMzA0NTNaFw0xODA3MDQxMzA0NTNaMIGUMQswCQYDVQQGEwJERTEQ
+MA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxsMREwDwYD
+VQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJbG9jYWxob3N0
+MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAN+V47Xtx0Yn0/pphvK44SII9cjNN5o2pncI
+Dp4c2kyOSfS/LYbU4W4S4u5B7BEvmeQ76C98L9nSy0pCDwFI1HdQ56hY46jNX0I8
+633W+zLqFHWokkNo/HxnCBbdixCsxTLlymrwGwMA5zF9f4cuySi78o6lRyN97RC3
+50hFjAXiTmNe9hgzf2imyag2FFVPhXPiMJyOJea+7AKUYsG+nO/lG992Gw9ShyXH
+FpcN7Avp+wuTgW4BFyUuQ94oiFthCcH1HtxXsPKse+6DEs7uFezL8xfMLeNbirAO
+Iq0ulEQPoF+eGq7Ne04lykdJ41RsWovthNlYifqsrWd/HtYErz8CAwEAAaNQME4w
+HQYDVR0OBBYEFCQBBGNhYiWifVlF8q1XYgXFUdLKMB8GA1UdIwQYMBaAFCQBBGNh
+YiWifVlF8q1XYgXFUdLKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+AHQRGykgGXU3Mfwi965GJBFx+pmYsEou4o37K/mLRfqCgxkc1NhEjRWtcu0BM4K7
+gPNzZmbvkAgypyb3YByIECQ5ieg3u4vWipq5xW3o/MrCNKIfMOBqDu3/mSiaEwHG
+civUcY4NBfbjnDCziKz0cCwfLeljV/Xqa4WPMf9lITbtNTvCKTTPlYgxycT1skXI
+XjmnJl1jBLsIke/O2TYHlQyaBz3owKrj2DZypy0ZX6UNb1BOddsjy01R0JgL/RDf
+TJLUwRG32prs1mPDe8RbSlM42eZ53cpq0oEOVlxOYJgovn+wC02Dsu/g9UDJ20Uw
+hWYtflU5IkMWOIn+YnKCpcs=
+-----END CERTIFICATE-----
--- a/data/tls/script.sh
+++ b/data/tls/script.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Generate self signed root CA cert
+openssl req -nodes -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=DE/ST=Bavaria/L=Bad Reichenhall/O=ITsysCOM/OU=root/CN=localhost/emailAddress=contact@itsyscom.com"
+
+# Generate server cert to be signed
+openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=DE/ST=Bavaria/L=Bad Reichenhall/O=ITsysCOM/OU=server/CN=localhost/emailAddress=contact@itsyscom.com"
+
+# Sign the server cert
+openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
+
+# Combine server.crt + ca.crt
+cat server.crt ca.crt > serverCA.crt
+
+# Generate client cert to be signed
+openssl req -nodes -newkey rsa:2048 -keyout client.key -out client.csr -subj "/C=DE/ST=Bavaria/L=Bad Reichenhall/O=ITsysCOM/OU=client/CN=localhost/emailAddress=contact@itsyscom.com"
+
+# Sign the client cert
+openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAserial ca.srl -out client.crt
+
+# Combine client.crt + ca.crt
+cat client.crt ca.crt > clientCA.crt
--- a/data/tls/server.crt
+++ b/data/tls/server.crt
@@ -1,46 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDqDCCApACCQD7WK5oHdesRTANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC
-REUxEDAOBgNVBAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDER
-MA8GA1UECgwISVRzeXNDT00xDTALBgNVBAsMBHJvb3QxEjAQBgNVBAMMCWxvY2Fs
-aG9zdDEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBpdHN5c2NvbS5jb20wHhcNMTgw
-NjA0MDkyMjM2WhcNMTgwNzA0MDkyMjM2WjCBljELMAkGA1UEBhMCREUxEDAOBgNV
-BAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDERMA8GA1UECgwI
-SVRzeXNDT00xDzANBgNVBAsMBnNlcnZlcjESMBAGA1UEAwwJbG9jYWxob3N0MSMw
-IQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKqwWEsKp7fHGJkJLBkgAgyoYu7w0zAW4XhDFBsp
-Uly3g0IA2ogW8m3lwBwll/uGBrXXnBUw/OQcLlvQc7oq/c849I3fu32lYv/2ipMh
-lN358AGW58zA0/FmCOPvJCqtNVA1+DteERZC1QKV4qGonfBaBUqwqWrG9cNVwtl5
-iR6C9ad3d4IYXLERfyk3AL2z6qUNA7GFHQemiY18ZGOzA4KMWmQGqoubiEywb+zC
-3i40vuQV19YhBxpdtk4Yo7bNgM5s3gBC531jYCdA3xCD/iVARCVxmATVNaC2hKsX
-1LMuqS4BQ54AOnt4SIuZh7fREZXzTARwAnzVsnGvth5TQ2sCAwEAATANBgkqhkiG
-9w0BAQsFAAOCAQEALRxkN/8b4ohKdPtMqOgIKqSXmsHNPb8+3oGg2VWSPitAeoNK
-cnV8w6psslLIZp8myADYJegHR3fEnrh9ucVZwlYN7XuNvwEFS90IxJLjEeZgQOQD
-HTLVFeq1lCEpftLbzR5oKSqKbMjp2yTs30/kYW6vWFkUdInFLGOmY9PObFcofXjG
-nrE1OlOc4IB9mnAA3Oy7vZjk1xkvbGnXheEe7BGtxRV3+8rJq7ORhEFP/MZN2LWU
-XGBol4o9onBKJf+zR3bPxJOPzI8aQUfdh8cBjtHQNpn2KiL4d5aKDAU8k/lKfOPa
-XZNdZheeNEtL7zTH2+NaZQJvaN54h7nMcZetGQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIID/TCCAuWgAwIBAgIJAKDyy6mFEOjvMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
-VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o
-YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJ
-bG9jYWxob3N0MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTAe
-Fw0xODA2MDQwOTIyMzZaFw0xODA3MDQwOTIyMzZaMIGUMQswCQYDVQQGEwJERTEQ
-MA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxsMREwDwYD
-VQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJbG9jYWxob3N0
-MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBALWp25CMGfnJoXwRkWa2M229seqsQtxl81LX
-CSgiz4YixDW9uyVolY3hmnuiQsnCPtykdqpbS+/spGeY+0v+h0Bjii8aqSVwVP5z
-eqXlTEGG6ZwA4FTM6S++yY591Z9f8N3CrVp+w+lfuI8cndycD5ylRNMGMQhVTBwL
-qBu1Sxw+9QIdj/aB/R9x24l/pbsiknxaFSU0vEjAvN6PJ0RbZPQZqK2+tqEuN5jk
-zcUNr1LDz9HVdvDDjgwLO/yGZ+ZksxViMwbDoHRqZnsGDfLcdBtYJ/heiVz++tSY
-cHiXEMWfckoHGwixXv7jR9xd8yzB68rQjc3ZCFeq9t7SIvVu0fECAwEAAaNQME4w
-HQYDVR0OBBYEFDxuN0Za0g9WVTbVwFdXELA2MTU+MB8GA1UdIwQYMBaAFDxuN0Za
-0g9WVTbVwFdXELA2MTU+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
-ADnDCdL3XoXCo7Ns52kt2IZ413fAESvFjlyCjDG7PgfRlXUvLBWSF5puIecQbOHE
-iWuuvDM1mXQGNAL7XxYCPjkXAXvtwEsTsD374SIc8ryrNgjVWPP9ozc6D/mxKAyt
-Tr6t1+dKghQnQOd+sYH6J8w1XVyrribymFX4HoN3bPD36Pz8KtJtwmU/SRdDQa3L
-9D4rNQla/kHc30E6xWgfeUpk170bvEtvZNfKSm6Q3UavJpsiV5Tb4ewui4c0Tqf2
-V04HgBbxb393sA5bpr8M+2bqTRu3DU9vfeDSBUQ183XyDP7UzukEUOpSCCyPLWqD
-ubaRobwNlwbyYpzLTd/SApE=
-----END CERTIFICATE-----
--- a/data/tls/server.key
+++ b/data/tls/server.key
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCqsFhLCqe3xxiZ
-CSwZIAIMqGLu8NMwFuF4QxQbKVJct4NCANqIFvJt5cAcJZf7hga115wVMPzkHC5b
-0HO6Kv3POPSN37t9pWL/9oqTIZTd+fABlufMwNPxZgjj7yQqrTVQNfg7XhEWQtUC
-leKhqJ3wWgVKsKlqxvXDVcLZeYkegvWnd3eCGFyxEX8pNwC9s+qlDQOxhR0HpomN
-fGRjswOCjFpkBqqLm4hMsG/swt4uNL7kFdfWIQcaXbZOGKO2zYDObN4AQud9Y2An
-QN8Qg/4lQEQlcZgE1TWgtoSrF9SzLqkuAUOeADp7eEiLmYe30RGV80wEcAJ81bJx
-r7YeU0NrAgMBAAECggEAG+4nRIBF2Yi2ubQKh0H5k+Cp77dwl1nnIyq2y4sDczCE
-RfSlzccTfHAv82sjZ4ES8AaL/9u4RgtmepetmDUYuyPywJRvtauue3v4SQMhvQD9
-CQWMgLC8/a9YnROws1sMckeiivRlj2L4QCgOoa1Zys6wNvyZfGN6K7CI5dVBXsCC
-t5lmdWE81Elk9dO2/GhgmTTiF6zm52yfajqldEwfg/pNxkgPeS+dHllggAcY0+aA
-jpVNnvw77fTXu7DiTRHeFuw+JmuSBBOWZbf3m39HlCPNw4YaH9MnfE04bCUndfQy
-UUbi11CXUK8FhBzNMQdJbzC3r2w0JZ1BlX71xmvQ4QKBgQDcipDtlGgPENTNtc4t
-MrZDSBErRknbSFBXipji59ayeiM1KnzIwSM+7HqQ8dZmyCRVH/DpykzroSyreSbB
-dm03mnC8tleXakfDlmX2TQ9mm9ugLahAdTwBQJXkwLJVMClXyKrs0/70L793ZB3k
-kby1ck6DKx/cv9xr3mQBf0jWpQKBgQDGIdzw5G8IdQYj9UFe81+A8JIohNiOs7LY
-YGqgitB7C2xBMDuKfHqeaFzbaeOQ0nUkCPIgQ+4ze9jFr8korI7/wT/mZ8P2OuM3
-ILJ8lvw0h+FM/tsQL7MAonlQiJSVHPQftSKtiLShpWx4d7tkLeXlAhOTd+tS3CoW
-q7ozfXykzwKBgQCtF8BqB3mooXA0SEYa6Vtt8Skwisk650XPf4NBS+8RQ5VQjBlG
-Q3gTUe1cx8KcBuelPB2MkO/QXD7AEqVdYEKWSovDQWX7/Dl5BBjguFinExrMXCla
-9ehznypGUQtmmxdHw8KLgFPxeWxQG27uz4eJ7b47auRmENvCediJ6EnV1QKBgQCG
-K5BOoKJ/+5844nBuOCjITCDtx2hO2mmWFVSfeuFLMaURT/RCB6GRe+LFwqMUAzDI
-QjaUmuvHeWqGFFAIdzIvB1KaWFJff+k1/7JepHANsqZjWYJHJ8Xz/BJi8tqLT5wR
-jLv6/8QyYq9dtNb1NA+mUQ2oo2B8MBNgXtIs5CFwCQKBgA29D0ai//HHWDExHE1m
-8lQbQRG/mN+K2ej2VOwimkP5pT62f6xgiJIORF9jY0l0O7TvXM+9XRFpexppPx2C
-pBwTsr+ItYQOz42DXaOJVMY488IJuXnSz9x3jLHjOCQDj1oLzFCfnFRK56J5Wp5w
-8Owg85ga4PAS+UQ7NB8oqu2e
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsDxGCVh+PNGcX
+myPZYCHJFKAITUQqqFPvIIabTu/7NhzpgnOJceihZ/rFWQngqovtrNuqoxPDXcW5
+OIiMVRBBJGXs35Axy8j1mfF3NX99QQXhPSdUIuPCHhAOKdOddUDj2b1W0TzBOpV6
+4WCGz2bV8ncxGJpObKOcci8Mp4suFwSdOUAkgHYhR7ZrYmLjBuzR/7GF7ZGaQRM7
+KQIxATNStqbS6buEipdjXdR9C3hd4O4GcZ8KDaK5Xvuiyeksv1qjWnc32RzLZ4Lp
+S+2iPI1gdWMFX9YO/ZzEp14qHvWYM6dForw0q7a3z0uppAgHO4EKVxy+Ag4bC64K
+3787Leh3AgMBAAECggEAcSEHkx8TIN5MSdPf6l1X07Y+u7vL32WsU/2ShPvfptTY
+JlCObmBYzIG4fLufMDyLsuwUmkJtRkO6bnnZdueNUqrO7iZ2RGcVeB6+yhKpdq2i
+078rCfduj6k4qJEDCYMYBhpj0yeTpkcdPDamu/TJo97/oFfaG5uVDXTrd3UUDpGt
+ptaewKwWYeORygbdFXEn5Er2CGRfzRfkcTSOu8OG9sqzdz8JzD1R2ywk3/M577Ez
+ZPsdxGcJbV4yUx9OXFCc/NyDJhVgXGIPAWB5D2SPJ9iNOt171neqqpTs71rN1YqD
+Qgx9Y/22+o4bSKD35pb8kdHbArhtLLpvxQ6RBQCdgQKBgQD/lcfvMIYn4q0GJQPa
+zHqT2cgOC1uwJdbbo3Y9CvQZxtHgA2tM+W308JI0c2POVUzPzcraeUsYtXHMe/pX
+sP4tkrv5OGY/EQptfqH9/+mBW1aUVbK9Z68a+Tx6eu4FMU+XJr0a8Ij6DUIkewx2
+mXnm2tniIHrYfek89vbnaRkE1QKBgQDscSwm5pZaIOtiTsaK/L2qTXvkAXZL/Wp3
+KOeWdVLZKz6MG+UwPqHNJ5BJeb5n4/jm4D5qUue5cxs46/s+k6DjZwFYSZWA3B7q
+F3b9dXtbNbORGob2D955K0Yuov/tROphqBfX57aJFfhN/XUBIXlT86SCThQvtAZu
+eUDz1IvOGwKBgFc4aSOCPrYL0BohtaAMWeRs1K2eSKrjLuCDdw072LOXOvYklJCP
+KmwFUQ+fNTcruuvLgeduryb+fJhY0sTsPMGWqplRGut4yEM3jNaeZ7RiVDiIyleC
+s6oT1gTCQMn62vttF+nCniwfLCxA5a7vjz8t/l8B0Ipi5Z6NdRLhtc0FAoGBALnW
+7iQZQ33NuBUJ48Xkh1LvGfyJJajuoxrLnNNGnfqxobTQTCDSaaxtd1w5A2524fDd
+ulEpnpbFoVTpLg3uTRvPn1/8XjTtTqMiFFV9XJrBJ8VaO0/2Ax/r4nrPhSbB7xMY
+4rzBlFhFW2g5WhisbceNjfUZV4ZzEkcMqP+9RLGXAoGBAJqddcP0fDmGKaEC0THh
+jO81CSrMUBFSEfzv2luQujEhsalt8s1jQGl4Lx7ZUdDRiEX6PwA4lDG4SYm+D6r0
+zzWX/OKEEqbTII/eoiBzv1JlshyvRc/LvbThoLTAF7uxQNlOP0b24MeFMCIeoZNb
+skv1m4NPGW/EJeZAbzjC2Zxu
 -----END PRIVATE KEY-----
--- a/data/tls/serverCA.crt
+++ b/data/tls/serverCA.crt
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApACCQDN74icxWmu+zANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDER
+MA8GA1UECgwISVRzeXNDT00xDTALBgNVBAsMBHJvb3QxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBpdHN5c2NvbS5jb20wHhcNMTgw
+NjA0MTMwNDUzWhcNMTgwNzA0MTMwNDUzWjCBljELMAkGA1UEBhMCREUxEDAOBgNV
+BAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDERMA8GA1UECgwI
+SVRzeXNDT00xDzANBgNVBAsMBnNlcnZlcjESMBAGA1UEAwwJbG9jYWxob3N0MSMw
+IQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOwPEYJWH480ZxebI9lgIckUoAhNRCqoU+8ghptO
+7/s2HOmCc4lx6KFn+sVZCeCqi+2s26qjE8Ndxbk4iIxVEEEkZezfkDHLyPWZ8Xc1
+f31BBeE9J1Qi48IeEA4p0511QOPZvVbRPME6lXrhYIbPZtXydzEYmk5so5xyLwyn
+iy4XBJ05QCSAdiFHtmtiYuMG7NH/sYXtkZpBEzspAjEBM1K2ptLpu4SKl2Nd1H0L
+eF3g7gZxnwoNorle+6LJ6Sy/WqNadzfZHMtngulL7aI8jWB1YwVf1g79nMSnXioe
+9Zgzp0WivDSrtrfPS6mkCAc7gQpXHL4CDhsLrgrfvzst6HcCAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAfJzQqYMO5FvbP8StTc7vdX8QR17fgDZ87PgFj6HGsmIPp/Wa
+oYUvmkup48q+3VPyQrrxrFK9Folvd4FEVO56yofbHaAODwPdUmkZTTrIMmexC0jR
+jfvIaq0NfmDpZGyl08SkwmvK8H4N3oLCSF6z2Uiejrlwep18ntE8LCBkEWh910i
+mhkw3R4a6lbK/lIGlIVlR04cJdUTaJEO+lBTaEE1Kh90i+peDZLkxypAxOj80RSJ
+YuPdHacFtBAm8fgtCUHjWBwcI9lCqOgKQaWw0M/488qp7Uwia3F+6H7rxqGWFpCn
+ZuTVxr6HN2P/bL5M/BUmgCaHrG5hfGYBhLzsQA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID/TCCAuWgAwIBAgIJAPtQI9LtiBDeMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o
+YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJ
+bG9jYWxob3N0MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTAe
+Fw0xODA2MDQxMzA0NTNaFw0xODA3MDQxMzA0NTNaMIGUMQswCQYDVQQGEwJERTEQ
+MA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxsMREwDwYD
+VQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJbG9jYWxob3N0
+MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAN+V47Xtx0Yn0/pphvK44SII9cjNN5o2pncI
+Dp4c2kyOSfS/LYbU4W4S4u5B7BEvmeQ76C98L9nSy0pCDwFI1HdQ56hY46jNX0I8
+633W+zLqFHWokkNo/HxnCBbdixCsxTLlymrwGwMA5zF9f4cuySi78o6lRyN97RC3
+50hFjAXiTmNe9hgzf2imyag2FFVPhXPiMJyOJea+7AKUYsG+nO/lG992Gw9ShyXH
+FpcN7Avp+wuTgW4BFyUuQ94oiFthCcH1HtxXsPKse+6DEs7uFezL8xfMLeNbirAO
+Iq0ulEQPoF+eGq7Ne04lykdJ41RsWovthNlYifqsrWd/HtYErz8CAwEAAaNQME4w
+HQYDVR0OBBYEFCQBBGNhYiWifVlF8q1XYgXFUdLKMB8GA1UdIwQYMBaAFCQBBGNh
+YiWifVlF8q1XYgXFUdLKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+AHQRGykgGXU3Mfwi965GJBFx+pmYsEou4o37K/mLRfqCgxkc1NhEjRWtcu0BM4K7
+gPNzZmbvkAgypyb3YByIECQ5ieg3u4vWipq5xW3o/MrCNKIfMOBqDu3/mSiaEwHG
+civUcY4NBfbjnDCziKz0cCwfLeljV/Xqa4WPMf9lITbtNTvCKTTPlYgxycT1skXI
+XjmnJl1jBLsIke/O2TYHlQyaBz3owKrj2DZypy0ZX6UNb1BOddsjy01R0JgL/RDf
+TJLUwRG32prs1mPDe8RbSlM42eZ53cpq0oEOVlxOYJgovn+wC02Dsu/g9UDJ20Uw
+hWYtflU5IkMWOIn+YnKCpcs=
+-----END CERTIFICATE-----
--- a/engine/filters.go
+++ b/engine/filters.go
@@ -65,7 +65,8 @@ func (fS *FilterS) connStatS() (err error) {
 	if fS.statSConns != nil { // connection was populated between locks
 		return
 	}
-	fS.statSConns, err = NewRPCPool(rpcclient.POOL_FIRST, fS.cfg.ConnectAttempts, fS.cfg.Reconnects, fS.cfg.ConnectTimeout, fS.cfg.ReplyTimeout,
+	fS.statSConns, err = NewRPCPool(rpcclient.POOL_FIRST, fS.cfg.TLSClientKey, fS.cfg.TLSClientCerificate,
+		fS.cfg.ConnectAttempts, fS.cfg.Reconnects, fS.cfg.ConnectTimeout, fS.cfg.ReplyTimeout,
 		fS.cfg.FilterSCfg().StatSConns, fS.statSChan, fS.cfg.InternalTtl)
 	return
 }
--- a/engine/libengine.go
+++ b/engine/libengine.go
@@ -28,8 +28,9 @@ import (
 	"github.com/cgrates/rpcclient"
 )

-func NewRPCPool(dispatchStrategy string, connAttempts, reconnects int, connectTimeout, replyTimeout time.Duration,
-	rpcConnCfgs []*config.HaPoolConfig, internalConnChan chan rpcclient.RpcClientConnection, ttl time.Duration) (*rpcclient.RpcClientPool, error) {
+func NewRPCPool(dispatchStrategy, key_path, cert_path string, connAttempts, reconnects int,
+	connectTimeout, replyTimeout time.Duration, rpcConnCfgs []*config.HaPoolConfig,
+	internalConnChan chan rpcclient.RpcClientConnection, ttl time.Duration) (*rpcclient.RpcClientPool, error) {
 	var rpcClient *rpcclient.RpcClient
 	var err error
 	rpcPool := rpcclient.NewRpcClientPool(dispatchStrategy, replyTimeout)
@@ -43,13 +44,13 @@ func NewRPCPool(dispatchStrategy string, connAttempts, reconnects int, connectTi
 			case <-time.After(ttl):
 				return nil, errors.New("TTL triggered")
 			}
-			rpcClient, err = rpcclient.NewRpcClient("", "", "", "", connAttempts, reconnects, connectTimeout, replyTimeout, rpcclient.INTERNAL_RPC, internalConn, false)
+			rpcClient, err = rpcclient.NewRpcClient("", "", key_path, cert_path, connAttempts, reconnects, connectTimeout, replyTimeout, rpcclient.INTERNAL_RPC, internalConn, false)
 		} else if utils.IsSliceMember([]string{utils.MetaJSONrpc, utils.MetaGOBrpc, ""}, rpcConnCfg.Transport) {
 			codec := utils.GOB
 			if rpcConnCfg.Transport != "" {
 				codec = rpcConnCfg.Transport[1:] // Transport contains always * before codec understood by rpcclient
 			}
-			rpcClient, err = rpcclient.NewRpcClient("tcp", rpcConnCfg.Address, "", "", connAttempts, reconnects, connectTimeout, replyTimeout, codec, nil, false)
+			rpcClient, err = rpcclient.NewRpcClient("tcp", rpcConnCfg.Address, key_path, cert_path, connAttempts, reconnects, connectTimeout, replyTimeout, codec, nil, false)
 		} else {
 			return nil, fmt.Errorf("Unsupported transport: <%s>", rpcConnCfg.Transport)
 		}
--- a/general_tests/tls_it_test.go
+++ b/general_tests/tls_it_test.go
@@ -0,0 +1,122 @@
+// +build integration
+
+/*
+Real-time Online/Offline Charging System (OCS) for Telecom & ISP environments
+Copyright (C) ITsysCOM GmbH
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>
+*/
+package general_tests
+
+import (
+	"path"
+	"testing"
+	"time"
+
+	"github.com/cgrates/cgrates/config"
+	"github.com/cgrates/cgrates/engine"
+	"github.com/cgrates/cgrates/utils"
+	"github.com/cgrates/rpcclient"
+)
+
+var (
+	tlsCfgPath       string
+	tlsCfg           *config.CGRConfig
+	tlsRpcClientJson *rpcclient.RpcClient
+	tlsRpcClientGob  *rpcclient.RpcClient
+	tlsConfDIR       string //run tests for specific configuration
+	tlsDelay         int
+)
+
+var sTestsTLS = []func(t *testing.T){
+	testTLSLoadConfig,
+	testTLSInitDataDb,
+	testTLSStartEngine,
+	testTLSRpcConn,
+	testTLSPing,
+	testTLSStopEngine,
+}
+
+// Test start here
+func TestTLS(t *testing.T) {
+	tlsConfDIR = "tls"
+	for _, stest := range sTestsTLS {
+		t.Run(tlsConfDIR, stest)
+	}
+}
+
+func testTLSLoadConfig(t *testing.T) {
+	var err error
+	tlsCfgPath = path.Join(*dataDir, "conf", "samples", tlsConfDIR)
+	if tlsCfg, err = config.NewCGRConfigFromFolder(tlsCfgPath); err != nil {
+		t.Error(err)
+	}
+	tlsDelay = 2000
+}
+
+func testTLSInitDataDb(t *testing.T) {
+	if err := engine.InitDataDb(tlsCfg); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func testTLSStartEngine(t *testing.T) {
+	if _, err := engine.StopStartEngine(tlsCfgPath, tlsDelay); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func testTLSRpcConn(t *testing.T) {
+	var err error
+	tlsRpcClientJson, err = rpcclient.NewRpcClient("tcp", "localhost:2022", tlsCfg.TLSClientKey,
+		tlsCfg.TLSClientCerificate, 3, 3,
+		time.Duration(1*time.Second), time.Duration(5*time.Minute), utils.JSON, nil, false)
+	if err != nil {
+		t.Errorf("Error: %s when dialing", err)
+	}
+
+	tlsRpcClientGob, err = rpcclient.NewRpcClient("tcp", "localhost:2023", tlsCfg.TLSClientKey,
+		tlsCfg.TLSClientCerificate, 3, 3,
+		time.Duration(1*time.Second), time.Duration(5*time.Minute), utils.GOB, nil, false)
+	if err != nil {
+		t.Errorf("Error: %s when dialing", err)
+	}
+}
+
+func testTLSPing(t *testing.T) {
+	var reply string
+
+	if err := tlsRpcClientJson.Call(utils.ThresholdSv1Ping, "", &reply); err != nil {
+		t.Error(err)
+	} else if reply != utils.Pong {
+		t.Errorf("Received: %s", reply)
+	}
+	if err := tlsRpcClientGob.Call(utils.ThresholdSv1Ping, "", &reply); err != nil {
+		t.Error(err)
+	} else if reply != utils.Pong {
+		t.Errorf("Received: %s", reply)
+	}
+	if err := tlsRpcClientJson.Call(utils.DispatcherSv1Ping, "", &reply); err == nil {
+		t.Error(err)
+	}
+	if err := tlsRpcClientGob.Call(utils.DispatcherSv1Ping, "", &reply); err == nil {
+		t.Error(err)
+	}
+}
+
+func testTLSStopEngine(t *testing.T) {
+	if err := engine.KillEngine(100); err != nil {
+		t.Error(err)
+	}
+}