Spent most of the day racking my brain as to why I couldn’t get this mutual TLS setup working. Was it that the server CA pool was wrong1? Was it that the client cert didn’t include the root CA? Should it? Turns out the root CA pool was expecting the certificates to be encoded as PEM data, and I was decoding the PEM first.

This is what happens when all your cryptography functions only work on byte slice. 😕

  1. I did also get the client CA pool wrong. ↩︎