Back To Schedule
Thursday, February 22 • 1:00pm - 1:05pm
Golang to the rescue: Saving DevOps from TLS turmoil

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
If you ever need to validate certificates or certificate chains before deploying them, Golang provides a near foolproof test method.
A 3rd party developed a tool that was then handed off to our DevOps team to manage and maintain. Before I could do any re-engineering work, I had to resolve a critical issue—the certificates on the ELBs were about to expire and needed updating.
I assumed that if the ELB, NGINX, or httpd started, it was a good sign. This was a false assumption on my part and I ended up serving a bad chain for a few minutes. This did not break the site, but it was definitely not the way I wanted things to remain.
I needed a tool that would fail if the certificate chain provided was incorrect. I wanted a lightweight tool that could be publicly accessible. Conducting a third-party analysis of the certificates and configuration was a requirement. There were no tools that I could find meeting this need, so I decided to build my own. I turned to the open source language, Golang.
A detailed breakdown of how I built a tiny web server to fit my needs along with what each package is doing as detailed in the article linked above.


Chris Short

CHRIS SHORT has over two decades in various IT disciplines from textile manufacturing to dial-up ISPs to Senior DevOps Engineer. He’s been a staunch advocate for open source solutions throughout his time in the private and public sector. He’s a partially disabled US Air Force... Read More →

Thursday February 22, 2018 1:00pm - 1:05pm EST