I’ve just released a new project, a way to get valid TLS certificates automatically onto off the shelf hardware to prevent the problem of running their admin interfaces over HTTP or using self-signed certificates.
The concept is fairly simple, a new bit of off the shelf kit is plugged in at home or in the office, it boots, calls out to its HQ which generates a DNS entry for it, creates a certificate through Lets Encrypt, and then sends it all back to the box. The box can then start up its admin web server, running over HTTPS, and not have the problem of trying to explain to users why they have to accept a security warning caused by a self-signed certificate.
This is by far the biggest Go app I’ve written and I can see areas where I can tidy it up but if any expert Go coders can make suggestions I’d be happy to hear them. The code is here:
https://github.com/digininja/ots-cert-demo
And a blog post describing the process is here: