Part 2 will cover testing client authentication and setting up intermediate CAs.

Image for post
Image for post

In Part 1, we got HTTPoison working to simply and securely send a client certificate as part of Mutual TLS. This covered the basic use case of sending a client certificate to a server.

To test our code, we used server.cryptomix.com which is a test site that requests a client certificate but it doesn't actually verify the client certificate. This isn't realistic since in practice, if the client certificate is expired or if it isn't signed by a trusted CA, the server will return an error.

Additionally, our dummy certificate from Part 1 was not very realistic either. It was signed directly by our dummy root CA. This is a common practice when you’re using a homegrown CA internal to your company (Ex. to do mTLS between your micro-services). But if you’re doing mTLS externally with your customers, it’s more common for your certificate to be issued from a public CA (Ex. …


Using HTTPoison to include a client certificate is mostly straightforward but there a few caveats.

Image for post
Image for post

Mutual TLS (mTLS) builds upon TLS by adding client authentication. A client can include a certificate to identify itself and the server can verify this certificate. This blog post will focus on the client perspective — providing a client certificate and verifying the server certificate.

Although performing Mutual TLS at the application layer is becoming less common with the rise of TLS offloading and sidecar proxies like istio, doing mTLS straight from Elixir still has some benefits — it’s simpler and requires less additional infrastructure.

I was recently setting up Mutual TLS in Elixir and I ran into a few challenges. Part 1 of this blog post will go over how I overcame those challenges to arrive at some simple code that performs Mutual TLS securely.


I spent the last three years working at a company with a Ruby on Rails monolith. 90% of my time was spent developing new micro-services in Elixir. 10% was spent making minor changes to the monolith in Ruby. As such, I didn’t really know anything about Ruby.

To me:

  • guards were people that protected malls
  • unless was a word I occasionally used in sentences
  • <=> looked like a typo.
Image for post
Image for post

But after starting to look for a new job and cranking through some Leetcode problems, my Ruby got better. …


Over the last two years, I have taught an interview workshop at my alma mater, McMaster University in Hamilton, Ontario, Canada. Attendees learn about technical software interviews and have an opportunity to practice doing them. I’ve given 2 workshops to over 150 students, conducted 70+ mock interviews, 10 of which resulted in referrals and 3 of which have ended up in hires for my company PagerDuty.

Image for post
Image for post

This blog post describes how I ran the workshops, lessons I learned, and how the workshops benefited both students and PagerDuty alike.

About

Michael Viveros

Software engineer with a passion for clarity and brevity.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store