developer security skill risk: medium
Python mTLS Certificate Generator for Zero Trust
The prompt asks the model to generate CA certificates, issue service certificates, and configure mutual TLS verification for service-to-service authentication using the Python cryp…
- Policy sensitive
- Human review
SKILL 4 files · 2 folders
SKILL.md
---
name: implementing-mtls-for-zero-trust-services
description: "Configures mutual TLS (mTLS) authentication between microservices using Python cryptography library for certificate"
---
# Implementing mTLS for Zero Trust Services
## When to Use
- When deploying or configuring implementing mtls for zero trust services capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
## Prerequisites
- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
## Instructions
Generate CA certificates, issue service certificates, and configure mutual TLS
verification for service-to-service authentication.
```python
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa
import datetime
# Generate CA key and certificate
ca_key = rsa.generate_private_key(public_exponent=65537, key_size=4096)
ca_cert = (x509.CertificateBuilder()
.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "Internal CA")]))
.issuer_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "Internal CA")]))
.public_key(ca_key.public_key())
.serial_number(x509.random_serial_number())
.not_valid_before(datetime.datetime.utcnow())
.not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=3650))
.add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
.sign(ca_key, hashes.SHA256()))
```
## Examples
```python
import ssl
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_cert_chain("client.pem", "client-key.pem")
context.load_verify_locations("ca.pem")
context.verify_mode = ssl.CERT_REQUIRED
```
REQUIRED CONTEXT
- Python 3.8+ environment with cryptography library
EXPECTED OUTPUT
- Format
- markdown
- Constraints
- include working Python code examples
- cover CA and service certificate generation plus SSLContext configuration
SUCCESS CRITERIA
- Generate CA certificates, issue service certificates, and configure mutual TLS verification for service-to-service authentication.
EXAMPLES
Includes two Python code examples: one for CA certificate generation and one for SSL context configuration.
CAVEATS
- Dependencies
- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
- Missing context
- Full code or steps for issuing service certificates (only CA generation shown)
- How to handle multiple services or certificate distribution
- Error handling, validation, or production hardening guidance
- Ambiguities
- Awkward phrasing in description: 'Configures mutual TLS (mTLS) authentication between microservices using Python cryptography library for certificate'
- When to Use bullet: 'When deploying or configuring implementing mtls for zero trust services capabilities' contains redundant wording
QUALITY
- OVERALL
- 0.50
- CLARITY
- 0.65
- SPECIFICITY
- 0.45
- REUSABILITY
- 0.55
- COMPLETENESS
- 0.40
IMPROVEMENT SUGGESTIONS
- Replace the partial code snippet with a complete, runnable example covering CA + service certificate issuance and mTLS configuration
- Add explicit output format expectations (e.g., 'return a step-by-step implementation guide with code blocks')
- Clarify the 'When to Use' section to remove repetition and improve readability
USAGE
Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.
MORE FOR DEVELOPER
- Python Security Code Auditordevelopersecurity
- Arcjet AI Endpoint Protection Implementerdevelopersecurity
- Multi-Layer Data Validation Implementerdevelopersecurity
- Git Diff Security Auditordevelopersecurity
- Cybersecurity Viral Tool Architectdevelopersecurity
- LLM Security Vulnerability Analyzerdevelopersecurity
- AI Agent Security Evaluation Checklist Creatordevelopersecurity
- Cyberscam Survival Simulator Specificationdevelopersecurity
- AI Agent Permissions Updater for Claude Geminidevelopersecurity
- Prompt Injection Jailbreak Detectordevelopersecurity
- Ethereum Smart Contract Vulnerability Analyzerdevelopersecurity
- SHA-256 Log Integrity Chain Builderdevelopersecurity
- Cloud Workload Protection Implementationdevelopersecurity
- GHAS Alerts and Repo Vulnerability Analyzerdevelopersecurity
- Codebase Security Fix and Test Writerdevelopersecurity
- AI Vulnerability Analysis and Automation Acceleratordevelopersecurity
- GHAS Vulnerability Triage and Upgrade Recommenderdevelopersecurity
- Context7 Library Documentation Expertdevelopercoding
- Structured Python Production Code Generatordevelopercoding
- Minimax Music API Generation Agentdevelopercreative
- Angular Standalone Directive Generatordevelopercoding
- Pytest Unit Test Suite Generatordevelopercoding
- Unity Architecture Specialistdevelopercoding
- iOS App Store Compliance Auditordeveloperanalysis
- Reusable Enterprise Website Template Architectdevelopersoftware_engineering