HashiTLS: Demystifying Security Certs
Feb 26, 2020
This talk will show you how to test that your infrastructure tools properly uphold the security claims they make regarding mTLS and other security certificates.
What exactly is an SSL Certificate? Does rolling out tools with mutual TLS (mTLS) enabled seem impossible? Can you test that your infrastructure tools properly uphold the security claims they make regarding mTLS?
What You'll Learn
In this talk, we will begin our journey looking at the RFCs behind these technologies. Next, we will use OpenSSL, CFSSL, and mkcert to validate what we have learned about X509 v3 certificates. Then we will use the certificates we make to bootstrap Consul, Vault, and Nomad clusters with mTLS enabled so we can get familiar with terminology and error messages. Finally, we will look at their source code to learn how we might implement the same ideas in our projects.