
July 13, 2018
If you have ever used Docker or any other Linux OCI container system, you inevitably have incurred in the following error:
x509: failed to load system roots and no roots provided
This message is remembering you that you forgot to provide Root Certificate Authorities to your application.
There are two different ways to solve this:
- mount the /etc/ssl/certs folder from the machine where the container is running
- bundling the root CAs in your image
As you may imagine from the title, I believe that the second option is by far better than the first one.
Read More 
December 21, 2017
A few months ago, I posted how to create a PKI in Go.
Today I’d like to add share a useful function (at least from my point of view) that I found myself to write.
The problem arose when I had a function that required as input a *pem.Block
of the public key, but all I had was the PEM file containing, as you can imagine:
- the Private Key
- the Public Key
- the CA Public Key
I think this is a typical situation, and for this, I’d like to share a function I wrote to extract it.
I know that it’s probably not perfect, but it could be a good starting point for many of you, and if you have suggestions, please leave a comment down below or send me an email, and I’ll update the post!
Read More 
April 13, 2016
Yesterday, Let’s Encrypt moved from beta to GA.
During the beta phase, which started last September, more than 1.7 million certificates were issued.
I think this is a crucial step for the project and overall for the Internet as well.
Until now, the only way to obtain a valid TLS certificate was to pay a CA.
This artificial constraint made no sense since the CAs were forcing users to buy an insurance policy that made no sense (and often, it was completely worthless).
Read More