Lately I've been playing around with some new technologies and what struck me was the lack of documentation or of working how-to's with regards to generating secure certificates to authenticate and secure the services. I had to figure out 80% of stuff on my own.
Every one is insisting that they are important but there is literally nobody taking their time to explain it for a specific tool or software. Every Youtube tutorial from a "Linux professional meme enjoyer" has a default installation with -dev flags everywhere and claims to be good enough. Or random github repositories that have some of the stuff but it's clearly mentionned that it's a "hack".
I wouldn't call that good enough not even for my own home setup and to be fair most of the stuff that's out there is sub-par or works only in an absolute specific condition.
Don't get me wrong, I know certificates business is difficult and hard but to be honest it shouldn't be. I believe the main issue is that when documenting or coming up with a guide, people always try to cover absolutely every possible parameter and way and end up not helping with anything.
So please, if you come up with a new tool or anything else, make it totally easy to setup a sane default for TLS/mTLS without shooting yourself in the foot too much.
And I would like to give huge props to whomever did this gide: Learn mTLS the hard way which I'm recommending everyone that once to get a basic understanding of how things should work.
There is I believe a fair amount of opportunity teaching those things online in an accessible and simple manner and I'd gladly purchase a course or two even for beginners to support any venture going in that direction.
No wonder hackers have it absolutely easy compromising services due to misconfigurations...