Oracle Cloud Migration GCP Migration WordPress Migration PeopleSoft Migration EBS Migration Tools
Load Balancers in cloud architecture play an important role in distributing a set of tasks among multiple resources for quicker delivery. However, the segregation of the task presents a critical threat to security and exposes data to threats and vulnerabilities. SSL implementations by Vast Edge leverage top-notch security policies and practices to entrust businesses with a secure system, proven and practical IT tools to prevent against all such malicious attacks.Vast Edge orchestrates SSL certificates to uphold privacy and security from a client to a load balancer. In order to achieve this, we configure an SSL certificate and a corresponding private key for load balancers. All the data exchange and communication between the client and the load balancer is only available to users with a private key.
SSL on OCI by Vast Edge
Vast Edge aids organizations in establishing an
encrypted link between client and server to secure credential, sensitive detail and data transfer logs.
SSL implementations by Vast Edge on Oracle Cloud configure industry-grade security protocols to safeguard
against malicious attacks and data theft threats.
Vast Edge provides users with an SSL-secured website or green address bar with an added layer of security
and multi-factor authentication. This helps users safeguard their data on the public connection,
especially during online transactions or while transmitting confidential information.
IAM Policy: To use Oracle Cloud Infrastructure, Vast Edge provides you with secure access in form of a policy. However, businesses are totally independent to choose any type of architecture whether it be the Console or the REST API with an SDK, CLI, or another tool.
Generating SSL on Oracle Cloud
Vast Edge always prioritizes user data and maintains its authenticity & intimacy by creating SSL certificates on OCI services. We assist users to configure the SSL certificate needed to create an SSL connection using OpenSSL as
Create one directory to keep the certificate and private keys
Generate a private key using the command:
- openssl genrsa -des3 -out server.key 2048 pass
Generate CSR- Certificate Signing Request using
commands:
- openssl req -new -key <private_key_file_name.key> -sha256 -out <csr_file_name.csr>
- openssl req -new -key server.key -sha256 -out server.csr
Enter the required information
- Country Name (2 letter code)
- State or Province Name
- Locality Name
- Organization Name
- Organizational Unit Name
- Common Name
- Email Address
Enter extra attributes to be sent with your certificate request
- A challenge password
- An optional company name
Run command to generate a temporary certificate for 365 days
- openssl x509 -req -days 365 -in server.csr -signkey server.key -sha256 -out server.crt
Convert the certificate created from crt to pen format using the command:
- openssl x509 -in server.crt -out server.pem -outform PEM
Command to check the certificate and private keys:
- For private keys: cat server.key
- For the certificate: cat server.pem
Why SSL?
SSL certificate creates trust between retailers and their customers and assures them that their critical information is kept safe. Benefits of SSL encryption by Vast Edge includes:
Server Authentication: SSL certificate comes from a trusted third party that guarantees encryption and makes it harder for fraudsters to pretend to be another server. It makes customers feel safe and protected while engaging in business-to-business transactions.
Private Communication Capability: SSL certificate makes user conversation private and turns useful data such as credit card numbers, addresses and other payment information into encrypted bits of information. Encryption with SSL leverage allows only the right recipient to see and decode encrypted messages.
Customer Confidence: SSL certificate assures customers by taking proper steps to protect their personal information. They feel safe and confident in engaging in businesses and retailers.
Web Hosts & Savings: SSL certificate enables web hosts to protectant user's private information and encrypting payments from clients to save the extra cost of data protection in transit.
SSL on Load Balancer
Vast Edge assists SMBs to configure SSL on Load Balancer in OCI to distribute traffic from the entry point to multiple servers in a virtual cloud network (VCN). It automatically distributes traffic to keep backend servers intact and safeguard information between client and servers. Vast Edge enables the user to create two backend servers for information exchange so that the task is not hampered in case of any unforeseen circumstances.
Configuring SSL Termination at LB
Open the Navigation Menu. Under the Under Infrastructure, go to Networking> Load Balancers> Select your LB
Add certificate by clicking on Certificate in Resource
menu
Enter Information to add the certificate
- Name of Certificate
- SSL Certificate: Paste Certificate you have created
- Private Keys: Paste keys created
- Enter Private keys password
- Click on Add Certificate
Go to Resource menu> Listeners> Create Listeners
Enter Information in Edit Listeners
- Name of Listener
- Create Protocol
- Correct port number
- Tick the checkbox "Use SSL"
- Name of Certificate
Hit the IP address to verify LB created for HTTP connection
Configuring End to End SSL (between LB and Backend)
Go to Resource menu> backend sets> action button
Click on Edit
Check on Use SSL box in Edit backend sets
Managing SSL
Vast Edge helps enterprises to manage SSL on Load Balancers by uploading certificate bundles (including public certificate, private keys, CA certificate etc) and creating backend sets if asked by the clients. Besides, Vast Edge allows importing of the certificate that they already have. OCI accepts x.509 type certificate in PEM format only. Vast Edge also assists in the conversion of certificate format in PEM.
Configuring SSL Termination at LB
Convert Certificate or Certificate chain from DER to PEM using
- openssl x509 -inform DER -in <certificate_name>.der -outform PEM -out <certificate_name>.pem
Private key from DER to PEM
- openssl rsa -inform DER -in <private_key_name>.der -outform PEM -out <private_key_name>.pem
Certificate bundle from PKCS#12 (PFX) to PEM
- openssl pkcs12 -in <certificate_bundle_name>.p12 -out <certificate_bundle_name>.pem -nodes
Certificate bundle from PKCS#7 to PEM
- openssl pkcs7 -in <certificate_bundle_name>.p7b -print_certs -out <certificate_bundle_name>.pem
Uploading Certificate Chains
In case of multiple certificates, Vast Edge assists enterprises to assemble all relevant certificate and then upload them to the system. A command line interface allows you to combine server certificate and intermediate CA certificate into a single concentrated file.
- cat ssl_certificate.crt IntermediateCA.crt >> certbundle.pem
Commands for Submitting Private Keys
Mismatch Private Keys: In case of mismatch private keys, command your system using openSSL as
- openssl x509 -in <certificate_name>.crt -noout -modulus | openssl sha1
- oopenssl rsa -in <private_key>.key -noout -modulus | openssl sha1
Private Key Consistency: Check consistency in case of key error using command
- openssl rsa -check -in <private_key>.pem
Decrypting Private keys:In case of unfamiliar disrupting technology used for private keys, decrypts keys using
- openssl rsa -in <private_key>.pem -out <decrypted_private_key>.pem
Updating an expiring certificate
Vast Edge secures client information by update their expiring certificate. We also add features like:
- Upgradation of client and backend server to new certificate bundle.
- Upload SSL certificate bundle to the Load Balancer.
- Edit listeners or backend servers so they use the new certificate bundle.
- Remove the expiring certificate.
About Vast Edge: Cloud Managed Service Provider
Vast Edge is a leading IT Consulting Company that offers Business Intelligence, big data analytics, cloud ERP, IoT platform, enterprise backup and disaster recovery, Blockchain, AI/ML, and Integration solutions. Since 2004, Vast Edge has been providing Oracle consulting services and has assisted 70+ customers to successfully migrate to Oracle cloud till date. Vast Edge has immense knowledge of Oracle Storage Solutions, Oracle SaaS, PaaS, and IaaS products with 100+ Trained Engineers and 40+ Oracle Certified experts to make your cloud journey smooth and successful.