Golang to the rescue: Saving DevOps from TLS turmoil


If you ever need to validate certificates or certificate chains before deploying them, Golang provides a near foolproof test method.

A 3rd party developed a tool that was then handed off to our DevOps team to manage and maintain. Before I could do any re-engineering work, I had to resolve a critical issue—the certificates on the ELBs were about to expire and needed updating.

I assumed that if the ELB, NGINX, or httpd started, it was a good sign. This was a false assumption on my part and I ended up serving a bad chain for a few minutes. This did not break the site, but it was definitely not the way I wanted things to remain.

I needed a tool that would fail if the certificate chain provided was incorrect. I wanted a lightweight tool that could be publicly accessible. Conducting a third-party analysis of the certificates and configuration was a requirement. There were no tools that I could find meeting this need, so I decided to build my own. I turned to the open source language, Golang.

A detailed breakdown of how I built a tiny web server to fit my needs along with what each package is doing as detailed in the article linked above.

Speaker

chris-short

Chris Short

  
Chris Short has over two decades in various IT disciplines from textile manufacturing to dial-up ISPs to DevOps Engineer to Director of DevOps. He’s been a staunch advocate for open source solutions ...