The magic of TLS, X509 and mutual authentication explained
A story that explains the problems solved by TLS and X509 certificates
💡 I am now writing at andrewhowden.com. Check out this article over there!
More recently I had to set up mutual TLS authentication between a MySQL server and a replica which gave me the first chance to really dive into setting up and running a CA, and implementing mutual authentication.
It was a cool learning experience, and I’d like to recap and expand on some of the learning I had. First, let me state: This isn’t designed to be a 100% accurate reflection of the specification. Rather, it’s simplified in some places to build abstractions. Hopefully where terms are mentioned there are links which can be used to find a more concrete meaning.
The problem of data safety
When conceptualising how computers communicate, its reasonable to assume that messages will send directly from one computer to another. Computer “Alice” sends a website to computer “Bob”:
However, that’s not how it happens. It’s extremely rare that two computers are connected directly to each other; normally, there many intermediary computers (often termed “routers” or “firewalls” or any number of other appliance-like names”). It looks more like:
😲 Oh no! The remaining article is gone!
Don’t worry. You can still check it out at andrewhowden.com!
I’m moving most of my content to a personal website, powered by SubStack. This is because I’m writing there in future, and I want to centralize all of this material there rather than have some writing in one place, and some in another. While I appreciate this is annoying, this content will be available there for you going forward, and you’ll even be able to subscribe to some new and (hopefully interesting) work!
Thanks ♥
