Are there any plans to release some additional documentation or a deep-dive into deploying/operating CFSSL in production? More specifically, from the “ops” side of the “DevOps” equation, as opposed to the “dev” side where I’m finding most of the documentation now.
For example, there’s very very little on the logging to a CT server feature, even though the CFSSL 1.2 release blog talks about it. The documentation is practically absent on it, and the best I’ve found so far is this: https://github.com/Cloudflare/cfssl/blob/master/config/config.go where it references the config parameter and how it’ll be parsed, and this: https://github.com/Cloudflare/cfssl/commit/56c7654dd5dc7623ee557bd7f63a3c95a4abc172 . Configuring the parameter and then doing a tcpdump on the CT end shows no connection attempts, even though the CFSSL config validates properly. I’ve had to dig into the source code to figure out the ct_log_servers param and where to shove it in the config, only to have it not do anything.
The same question/comment but for actually running a small prod environment where you’d be looking at issuing several hundreds or even thousands of certificates a day. Saint Google hasn’t provided much on this, other than various people’s quick tutorials on getting a quick single instance going and issuing a few certs. Nothing really for production-readiness, or scaling.
I love how CF tends to do deep-dive blog posts that are actually informative, and would love to see some on these topics.
I also understand that CFSSL is open source and being given away as a gift to the community, and that’s fantastic, but it’s a real challenge to work wit when you’re not a developer - I wish there was a commercial version available with paid support, or at least Professional Services.