In July 2014, CloudFlare released CFSSL, an open source toolkit for TLS and PKI written in Go. CFSSL can be used as a lightweight certificate authority (CA), a certificate chain bundler–and now–a TLS configuration scanner. One year later, CloudFlare announced CFSSL 1.1 and cfssl.org, the home on the web for the CFSSL development team. This was followed by CFSSL 1.2 in March 2016.
The presentation slides cover the challenges of the project and how it evolved from an internal tool for CloudFlare’s Railgun product into a software library used by several high-profile organizations including the “Let’s Encrypt” project.
Introducing CFSSL – CloudFlare’s PKI toolkit
How to build your own public key infrastructure
Introducing CFSSL 1.2