SSL Management by Vast Edge

Request Demo

Oracle Cloud Migration     GCP Migration     WordPress Migration     PeopleSoft Migration     EBS Migration Tools

Load Balancers in cloud architecture play an important role in distributing a set of task among multiple resources for quicker delivery. However, the segregation of the task presents a critical threat to security and exposes data to threats and vulnerabilities. SSL implementations by Vast Edge leverage top-notch security policies and practices to entrust businesses with a secure system, proven and practical IT tools to prevent against all such malicious attacks.
Vast Edge orchestrates SSL certificates to uphold privacy and security from a client to a load balancer. In order to achieve this, we configure an SSL certificate and a corresponding private key for load balancers. All the data exchange and communication between the client and the load balancer is only available to users with a private key.

SSL on OCI by Vast Edge

Vast Edge aids organizations in establishing an encrypted link between client and server to secure credential, sensitive detail and data transfer logs. SSL implementations by Vast Edge on Oracle Cloud configure industry-grade security protocols to safeguard against malicious attacks and data theft threats.
Vast Edge provides users with an SSL-secured website or green address bar with an added layer of security and multi-factor authentication. This helps users safeguard their data on the public connection, especially during online transactions or while transmitting confidential information.

IAM Policy: To use Oracle Cloud Infrastructure, Vast Edge provides you with secure access in form of a policy. However, businesses are totally independent to choose any type of architecture whether it be the Console or the REST API with an SDK, CLI, or another tool.

Generating SSL on Oracle Cloud

Vast Edge always prioritizes user data and maintains its authenticity & intimacy by creating SSL certificates on OCI services. We assist users to configure the SSL certificate needed to create an SSL connection using OpenSSL as

Step:1

Create one directory to keep the certificate and private keys

Step:2

Generate a private key using the command:

  • openssl genrsa -des3 -out server.key 2048 pass
Step:3

Generate CSR- Certificate Signing Request using commands:

  • openssl req -new -key <private_key_file_name.key> -sha256 -out <csr_file_name.csr>
  • openssl req -new -key server.key -sha256 -out server.csr
Step:4

Enter the required information

  1. Country Name (2 letter code)
  2. State or Province Name
  3. Locality Name
  4. Organization Name
  5. Organizational Unit Name
  6. Common Name
  7. Email Address
Step:5

Enter extra attributes to be sent with your certificate request

  1. A challenge password
  2. An optional company name
Step:6

Run command to generate a temporary certificate for 365 days

  • openssl x509 -req -days 365 -in server.csr -signkey server.key -sha256 -out server.crt
Step:7

Convert the certificate created from crt to pen format using the command:

  • openssl x509 -in server.crt -out server.pem -outform PEM
Step:8

Command to check the certificate and private keys:

  1. For private keys: cat server.key
  2. For the certificate: cat server.pem

Why SSL?

SSL certificate creates a trust between retailers and their customers and assures them that their critical information is kept safe. Benefits of SSL encryption by Vast Edge includes:

Server Authentication: SSL certificate comes from a trusted third party that guarantees encryption and makes it harder for fraudsters to pretend as another server. It makes customers feel safe and protected while engaging in business-to-business transactions.

Private Communication Capability: SSL certificate makes user conversation private and turns useful data such as credit card numbers, addresses and other payment information into encrypted bits of information. Encryption with SSL leverages allows only to the right recipient to see and decode encrypted messages.

Customer Confidence: SSL certificate assures customers by taking proper steps to protect their personal information. They feel safe and confident in engaging in businesses and retailers.

Web Hosts & Savings: SSL certificate enables web hosts to protectant user's private information and encrypting payments from clients to save the extra cost of data protection in transit.

SSL on Load Balancer

Vast Edge assists SMBs to configure SSL on Load Balancer in OCI to distribute traffic from the entry point to multiple servers in a virtual cloud network (VCN). It automatically distributes traffic to keep backend servers intact and safeguard information between client and servers. Vast Edge enables the user to create two backend servers for information exchange so that the task is not hampered in case of any unforeseen circumstances.

Configuring SSL Termination at LB

Step:1

Open the Navigation Menu. Under the Under Infrastructure, go to Networking> Load Balancers> Select your LB

Step:2

Add certificate by clicking on Certificate in Resource menu

Step:3

Enter Information to add the certificate

  1. Name of Certificate
  2. SSL Certificate: Paste Certificate you have created
  3. Private Keys: Paste keys created
  4. Enter Private keys password
  5. Click on Add Certificate
Step:4

Go to Resource menu> Listeners> Create Listeners

Step:5

Enter Information in Edit Listeners

  1. Name of Listener
  2. Create Protocol
  3. Correct port number
  4. Tick the checkbox "Use SSL"
  5. Name of Certificate
Step:6

Hit the IP address to verify LB created for HTTP connection

Configuring End to End SSL (between LB and Backend)

Step:1

Go to Resource menu> backend sets> action button

Step:2

Click on Edit

Step:3

Check on Use SSL box in Edit backend sets

Managing SSL

Vast Edge helps enterprises to manage SSL on Load Balancers by uploading certificate bundles (including public certificate, private keys, CA certificate etc) and creating backend sets if asked by the clients. Besides, Vast Edge allows importing of the certificate that they already have. OCI accepts x.509 type certificate in PEM format only. Vast Edge also assists in the conversion of certificate format in PEM.

Configuring SSL Termination at LB

Step:1

Convert Certificate or Certificate chain from DER to PEM using

  • openssl x509 -inform DER -in <certificate_name>.der -outform PEM -out <certificate_name>.pem
Step:2

Private key from DER to PEM

  • openssl rsa -inform DER -in <private_key_name>.der -outform PEM -out <private_key_name>.pem
Step:3

Certificate bundle from PKCS#12 (PFX) to PEM

  • openssl pkcs12 -in <certificate_bundle_name>.p12 -out <certificate_bundle_name>.pem -nodes
Step:4

Certificate bundle from PKCS#7 to PEM

  • openssl pkcs7 -in <certificate_bundle_name>.p7b -print_certs -out <certificate_bundle_name>.pem

Uploading Certificate Chains

In case of multiple certificates, Vast Edge assists enterprises to assemble all relevant certificate and then upload them to the system. A command line interface allows you to combine server certificate and intermediate CA certificate into a single concentrated file.

  • cat ssl_certificate.crt IntermediateCA.crt >> certbundle.pem

Commands for Submitting Private Keys

Mismatch Private Keys: In case of mismatch private keys, command your system using openSSL as

  • openssl x509 -in <certificate_name>.crt -noout -modulus | openssl sha1
  • oopenssl rsa -in <private_key>.key -noout -modulus | openssl sha1

Private Key Consistency: Check consistency in case of key error using command

  • openssl rsa -check -in <private_key>.pem

Decrypting Private keys:In case of unfamiliar disrupting technology used for private keys, decrypts keys using

  • openssl rsa -in <private_key>.pem -out <decrypted_private_key>.pem

Updating an expiring certificate

Vast Edge secures client information by update their expiring certificate. We also add features like:

  • Upgradation of client and backend server to new certificate bundle.
  • Upload SSL certificate bundle to the Load Balancer.
  • Edit listeners or backend servers so they use the new certificate bundle.
  • Remove the expiring certificate.

About Vast Edge: Cloud Managed Service Provider

Vast Edge is a leading IT Consulting Company that offers Business Intelligence, big data analytics, cloud ERP, IoT platform, enterprise backup and disaster recovery, Blockchain, AI/ML, and Integration solutions. Since 2004, Vast Edge has been providing Oracle consulting services and has assisted 70+ customers to successfully migrate to Oracle cloud till date. Vast Edge has immense knowledge of Oracle Storage Solutions, Oracle SaaS, PaaS, and IaaS products with 100+ Trained Engineers and 40+ Oracle Certified experts to make your cloud journey smooth and successful.

chat
Hello! 👋 How can we help you today?