From my experience it's a popular security requirement to stipulate backend traffic use mutual-TLS (doesn't actually exist as a concept, it's just TLS with a client certificate..) except that usually devolves to self-signed certs, hence doesn't quite have the revocation benefits of a real PKI.

It's also a slightly different use case from normal PKI for browsers, CRL (Certificate Revocation List) lose lots of their value and OCSP become much more useful.

For most developers a full-blown HSM is too expensive, e.g. Gemalto is $50k a year or something? Whereas a YubiHSM is a one-off purchase of ~ $700. This is much more appealing.

This follows pages 366-376 of Bulletproof TLS pretty closely. It's recommended reading.

The accompanying blog post for this repo on josephkirwin.com will have some extra info on roles in the HSM and dettail 1 or 2 shortcomings.

• The ROOT CA key will be created in the YubiHSM and never leave the HSM
• The ROOT and Intermediate's OSCP responder will run on a different box(es) that will be updated only if there is an intermediate certificate breach

1. YubiHSM
2. Docker Setup
3. Root CA
4. Intermediate CA
5. Clear those audit logs!
6. Client Certificates