This is a really great intro to the how and why of TLS PKI as well as showing how to use CloudFare's really awesome looking CFSSL tool.
I'm a big fan of DigitalOcean but they don't offer VPCs like AWS does so I always have to create a PKI in order to communicate securely between my droplets. I've always done this with some crappy scripts but I'll definitely give CFSSL a shot for automating this next time.
EDIT: One beef I have with cfssl is the csr_ca.json file. Making the keys in the "names" object less obscure would do wonders for readability.
Sure, but if one doesn't have a grasp of the (admittedly user-hostile and obscure) underlying x509 structure you probably shouldn't be running a CA in the first place...
I'm a big fan of DigitalOcean but they don't offer VPCs like AWS does so I always have to create a PKI in order to communicate securely between my droplets. I've always done this with some crappy scripts but I'll definitely give CFSSL a shot for automating this next time.
EDIT: One beef I have with cfssl is the csr_ca.json file. Making the keys in the "names" object less obscure would do wonders for readability.