devoops DevOops 2020 Msc (06.07.2020 — 10.07.2020)

Getting mutually familiar with mTLS

img

In this talk, we will begin our journey looking at the RFCs behind these technologies. Next, we will use OpenSSL, CFSSL, and mkcert to validate what we have learned about X509 v3 certificates.

<p>What exactly is an SSL Certificate? Does rolling out tools with mTLS enabled seem impossible? Can you test that your infrastructure tools properly uphold the security claims they make regarding mTLS? Does the thought of rotating the certificate authority your service mesh relies on scare you? </p> <p>In this talk, we will begin our journey looking at the RFCs behind these technologies. Next, we will use OpenSSL, CFSSL, and mkcert to validate what we have learned about X509 v3 certificates.

Then we will use the certificates we make to bootstrap Consul, Vault, and Nomad clusters with mTLS enabled so we can get familiar with terminology and error messages.

Finally, we will look at their source code to learn how we might implement the same ideas in our projects.</p> <p>Who should come to this talk?</p> <p>Operators, developers, and SREs. Operators cannot correctly build automated solutions to manage or troubleshoot mTLS installations without understanding how these systems work. Similarly, developers cannot start using mTLS to secure their software until we make certificates easy to use and understand. And SREs will continue to be helpless, assisting either role, until they know how and why certificates work.</p>