ll too often we read stories about systems being compromised because an administrative interface was left open and unsecured, or because access keys were inadvertently made public. You probably know that HTTPS is “secure”; you may well have experience of creating certificate signing requests or using public/private key pairs. But many of us follow the instructions without worrying too much about what’s going on. The next thing you know, you have directories full of mysterious-looking .pem, .csr and .key files, and only the loosest grasp of what they’re there for. In this tutorial session, Liz will explore what’s going on, illustrating everything as she goes with demos and Go code. This isn’t a talk about cryptography; it’s a practical guide to what is happening under the covers when applications or users need to identify themselves, or need a secure channel for communications. Afterwards, you should be much more confident about using secure connections within your own code, and when configuring security settings on the tools you use day-to-day.