Getting mutually familiar with mTLS

#Vault #Nomad #SSL #SRE #X.509 #security

What exactly is an SSL Certificate? Does rolling out tools with mTLS enabled seem impossible? Can you test that your infrastructure tools properly uphold the security claims they make regarding mTLS? Does the thought of rotating the certificate authority your service mesh relies on scare you?

In this talk, we will begin our journey looking at the RFCs behind these technologies. Next, we will use OpenSSL, CFSSL, and mkcert to validate what we have learned about X509 v3 certificates. Then we will use the certificates we make to bootstrap Consul, Vault, and Nomad clusters with mTLS enabled so we can get familiar with terminology and error messages. Finally, we will look at their source code to learn how we might implement the same ideas in our projects.

Who should come to this talk?

Operators, developers, and SREs. Operators cannot correctly build automated solutions to manage or troubleshoot mTLS installations without understanding how these systems work. Similarly, developers cannot start using mTLS to secure their software until we make certificates easy to use and understand. And SREs will continue to be helpless, assisting either role, until they know how and why certificates work.



О докладе


Alan Scherger

Alan Scherger


Alan has worked for companies like Expedia and Nike to automate and migrate their workloads across multiple data centers and providers. Now he's spending his time exploring and learning about the fundamentals of computing that we all take for granted.


Приглашённый эксперт

Vladimir Sitnikov

Vladimir Sitnikov


Vladimir has been working on performance and scalability of NetCracker platform (a software used by telecom operators for automatization of network management processes and network equipment) for ten years. His focus is Java and Oracle Database performance optimisations. Vladimir is an author of more than a dozen of performance improvements in the official PostgreSQL JDBC driver.


Похожие доклады