Demo

HashiTLS: Demystifying Security Certs

Published 8:00 AM UTC Feb 26, 2020

This talk will show you how to test that your infrastructure tools properly uphold the security claims they make regarding mTLS and other security certificates.

What exactly is an SSL Certificate? Does rolling out tools with mutual TLS (mTLS) enabled seem impossible? Can you test that your infrastructure tools properly uphold the security claims they make regarding mTLS?

What You'll Learn

In this talk, we will begin our journey looking at the RFCs behind these technologies. Next, we will use OpenSSL, CFSSL, and mkcert to validate what we have learned about X509 v3 certificates. Then we will use the certificates we make to bootstrap Consul, Vault, and Nomad clusters with mTLS enabled so we can get familiar with terminology and error messages. Finally, we will look at their source code to learn how we might implement the same ideas in our projects.

Slides

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/15/2023
  • Case Study

Using Consul Dataplane on Kubernetes to implement service mesh at an Adfinis client

  • 3/14/2023
  • Article

5 best practices for secrets management

View all resources