This article discusses the creation of Self-signed CA and TLS certificates using Terrform

How TLS Works? Link to heading

TLS is an industry standward way to add encryption for data in transist.

  • Certificate Authority (CA) is an entity responsible for issuing TLS certificates to websites or services.

  • Private CA is developed by creating public/private key pair. Public portion is then published which is called CA certificate. Private Key is kept securely else attacker can use the Private Key to issue invalide/malicious TLS certificates.

  • TLS certificate is developed by creating another public/private key, the public key is then signed by CA’s private key and this signed public key becomes the TLS certificate. The private key will be used to decrypt the initial message encrypted by the TLS certificate and it should be kept securely.

Why Private TLS? Link to heading

  • Generating private CA and TLS certificate is cost-efficient.
  • Cost-efficieny allows to prototype TLS based application on internal environments before releasing or using actual production certificates.
  • If application is privately used in Organization’s infrastructure then Private TLS and CA could be more beneficial.

Terraform TLS Module Link to heading

Terraform TLS module provides an easy way to create CA and corresponding service certificates.

Gist Link to heading

Above example code creates the following:

  • ca.crt : CA certificate which will be included either in your Browser/OS keychain.
  • Certificate for DNS
  • Private key for DNS

Diagram Link to heading