Oracle Cloud Migration
EBS Migration Tools
Load Balancers in cloud architecture play an important role in distributing a set of tasks among multiple resources for
quicker delivery. However, the segregation of the task presents a critical threat to security and exposes data to threats and vulnerabilities.
SSL implementations by Vast Edge leverage top-notch security policies and practices to entrust businesses with a secure system, proven and
practical IT tools to prevent against all such malicious attacks.
Vast Edge orchestrates SSL certificates to uphold privacy and security from a client to a load balancer. In order to achieve this, we
configure an SSL certificate and a corresponding private key for load balancers. All the data exchange and communication between the client
and the load balancer is only available to users with a private key.
SSL on OCI by Vast Edge
Vast Edge aids organizations in establishing an
encrypted link between client and server to secure credential, sensitive detail and data transfer logs.
SSL implementations by Vast Edge on Oracle Cloud configure industry-grade security protocols to safeguard
against malicious attacks and data theft threats.
Vast Edge provides users with an SSL-secured website or green address bar with an added layer of security
and multi-factor authentication. This helps users safeguard their data on the public connection,
especially during online transactions or while transmitting confidential information.
IAM Policy: To use Oracle Cloud Infrastructure, Vast Edge
provides you with secure access in form of a policy. However, businesses are totally independent to choose any type of
architecture whether it be the Console or the REST API with an SDK, CLI, or another tool.
Generating SSL on Oracle Cloud
Vast Edge always prioritizes user data
and maintains its authenticity & intimacy by creating SSL certificates on OCI services. We assist users to
configure the SSL certificate needed to create an SSL connection using OpenSSL as
Create one directory to keep the certificate and private keys
Generate a private key using the command:
- openssl genrsa -des3 -out server.key 2048 pass
Generate CSR- Certificate Signing Request using
- openssl req -new -key <private_key_file_name.key> -sha256 -out <csr_file_name.csr>
- openssl req -new -key server.key -sha256 -out server.csr
Enter the required information
- Country Name (2 letter code)
- State or Province Name
- Locality Name
- Organization Name
- Organizational Unit Name
- Common Name
- Email Address
Enter extra attributes to be sent with your certificate request
- A challenge password
- An optional company name
Run command to generate a temporary certificate for 365 days
- openssl x509 -req -days 365 -in server.csr -signkey server.key -sha256 -out server.crt
Convert the certificate created from crt to pen format using the command:
- openssl x509 -in server.crt -out server.pem -outform PEM
Command to check the certificate and private keys:
- For private keys: cat server.key
- For the certificate: cat server.pem
SSL certificate creates
trust between retailers and their customers and assures them that their critical information is kept safe.
Benefits of SSL encryption by Vast Edge includes:
Server Authentication: SSL certificate comes from a trusted
third party that guarantees encryption and makes it harder for fraudsters to pretend to be another server. It makes customers
feel safe and protected while engaging in business-to-business transactions.
Private Communication Capability: SSL certificate makes user
conversation private and turns useful data such as credit card numbers, addresses and other payment information into
encrypted bits of information. Encryption with SSL leverage allows only the right recipient to see and decode encrypted
Customer Confidence: SSL certificate assures customers by
taking proper steps to protect their personal information. They feel safe and confident in engaging in businesses and
Web Hosts & Savings: SSL certificate enables web hosts to
protectant user's private information and encrypting payments from clients to save the extra cost of data protection in
SSL on Load Balancer
Vast Edge assists SMBs to configure SSL
on Load Balancer in OCI to distribute traffic from the entry point to multiple servers in a virtual cloud network
(VCN). It automatically distributes traffic to keep backend servers intact and safeguard information between
client and servers. Vast Edge enables the user to create two backend servers for information exchange so that
the task is not hampered in case of any unforeseen circumstances.
Configuring SSL Termination at LB
Open the Navigation Menu. Under the Under
Infrastructure, go to Networking> Load Balancers> Select your LB
Add certificate by clicking on Certificate in Resource
Enter Information to add the certificate
- Name of Certificate
- SSL Certificate: Paste Certificate you have created
- Private Keys: Paste keys created
- Enter Private keys password
- Click on Add Certificate
Go to Resource menu> Listeners> Create
Enter Information in Edit Listeners
- Name of Listener
- Create Protocol
- Correct port number
- Tick the checkbox "Use SSL"
- Name of Certificate
Hit the IP address to verify LB created for HTTP connection
Configuring End to End SSL (between LB and Backend)
Go to Resource menu> backend sets> action
Check on Use SSL box in Edit backend sets
Vast Edge helps enterprises to manage
SSL on Load Balancers by uploading certificate bundles (including public certificate, private keys, CA
certificate etc) and creating backend sets if asked by the clients. Besides, Vast Edge allows importing of the
certificate that they already have. OCI accepts x.509 type certificate in PEM format only. Vast Edge also assists
in the conversion of certificate format in PEM.
Configuring SSL Termination at LB
Convert Certificate or Certificate chain from DER to
- openssl x509 -inform DER -in <certificate_name>.der -outform PEM -out <certificate_name>.pem
Private key from DER to PEM
- openssl rsa -inform DER -in <private_key_name>.der -outform PEM -out <private_key_name>.pem
Certificate bundle from PKCS#12 (PFX) to PEM
- openssl pkcs12 -in <certificate_bundle_name>.p12 -out <certificate_bundle_name>.pem -nodes
Certificate bundle from PKCS#7 to PEM
- openssl pkcs7 -in <certificate_bundle_name>.p7b -print_certs -out <certificate_bundle_name>.pem
Uploading Certificate Chains
In case of multiple certificates, Vast Edge assists enterprises to
assemble all relevant certificate and then upload them to the system. A command line interface allows you to combine server certificate and
intermediate CA certificate into a single concentrated file.
- cat ssl_certificate.crt IntermediateCA.crt >> certbundle.pem
Commands for Submitting Private Keys
Mismatch Private Keys: In case of mismatch private keys,
command your system using openSSL as
- openssl x509 -in <certificate_name>.crt -noout -modulus | openssl sha1
- oopenssl rsa -in <private_key>.key -noout -modulus | openssl sha1
Private Key Consistency: Check consistency in
case of key error using command
- openssl rsa -check -in
Decrypting Private keys:In case of unfamiliar
disrupting technology used for private keys, decrypts keys using
- openssl rsa -in
<private_key>.pem -out <decrypted_private_key>.pem
Updating an expiring certificate
Vast Edge secures client information by update their expiring
certificate. We also add features like:
- Upgradation of client and backend server to new certificate bundle.
- Upload SSL certificate bundle to the Load Balancer.
- Edit listeners or backend servers so they use the new certificate bundle.
- Remove the expiring certificate.
About Vast Edge: Cloud Managed Service Provider
Vast Edge is a leading IT Consulting Company that offers
Business Intelligence, big data analytics, cloud ERP, IoT platform, enterprise backup and disaster
recovery, Blockchain, AI/ML, and Integration solutions. Since 2004, Vast Edge has been providing Oracle
consulting services and has assisted 70+ customers to successfully migrate to Oracle cloud till date.
Vast Edge has immense knowledge of Oracle Storage Solutions, Oracle SaaS, PaaS, and IaaS products with
100+ Trained Engineers and 40+ Oracle Certified experts to make your cloud journey smooth and successful.