In July 2014, CloudFlare released CFSSL, an open source toolkit for TLS and PKI written in Go. CFSSL can be used as a lightweight certificate authority (CA), a certificate chain bundler–and now–a TLS configuration scanner. One year later, CloudFlare announced CFSSL 1.1 and, the home on the web for the CFSSL development team. This was followed by CFSSL 1.2 in March 2016.

The presentation slides cover the challenges of the project and how it evolved from an internal tool for CloudFlare’s Railgun product into a software library used by several high-profile organizations including the “Let’s Encrypt” project.

Blog posts:
Introducing CFSSL – CloudFlare’s PKI toolkit

How to build your own public key infrastructure

Introducing CFSSL 1.2

Crypto & Privacy Village at DEF CON 23
July 2014 – Present
Introducing CFSSL