Load Balancers in cloud architecture play an important role in distributing a set of tasks among multiple resources for quicker delivery. However, the segregation of the task presents a critical threat to security and exposes data to threats and vulnerabilities. SSL implementations by Vast Edge leverage top-notch security policies and practices to entrust businesses with a secure system, and proven and practical IT tools to prevent all such malicious attacks.
Vast Edge orchestrates SSL certificates to uphold privacy and security from a client to a load balancer. To achieve this, we configure an SSL certificate and a corresponding private key for load balancers. All the data exchange and communication between the client and the load balancer is only available to users with a private key.

SSL On OCI By Vast Edge

Vast Edge aids organizations in establishing an encrypted link between client and server to secure credentials, sensitive details, and data transfer logs. SSL implementations by Vast Edge on Oracle Cloud configure industry-grade security protocols to safeguard against malicious attacks and data theft threats.
Vast Edge provides users with an SSL-secured website or green address bar with an added layer of security and multi-factor authentication. This helps users safeguard their data on the public connection, especially during online transactions or while transmitting confidential information.

IAM Policy: To use Oracle Cloud Infrastructure, Vast Edge provides you with secure access in the form of a policy. However, businesses are independent to choose any type of architecture whether it be the Console or the REST API with an SDK, CLI, or another tool.

Generating SSL on Oracle Cloud

Vast Edge always prioritizes user data and maintains its authenticity & intimacy by creating SSL certificates on OCI services. We assist users to configure the SSL certificate needed to create an SSL connection using OpenSSL as

  • Step:1 Create one directory to keep the certificate and private keys

  • Step:2 Generate a private key using the command:
    ~ openssl genrsa -des3 -out server.key 2048 pass

  • Step:3 Generate CSR- Certificate Signing Request using commands:

    ~ openssl req -new -key -sha256 -out
    ~ openssl req -new -key server.key -sha256 -out server.csr

  • Step:4 Enter the required information

    Country Name (2-letter code)

    State or Province Name

    Locality Name

    Organization Name

    Organizational Unit Name

    Common Name

    Email Address

  • Step:5 Enter extra attributes to be sent with your certificate request

    A challenge password

    An optional company name

  • Step:6 Run the command to generate a temporary certificate for 365 days

    ~ openssl x509 -req -days 365 -in server.csr -signkey server.key -sha256 -out server.crt

  • Step:7 Convert the certificate created from crt to pen format using the command:

    ~ openssl x509 -in server.crt -out server.pem -outform PEM

  • Step:8 Command to check the certificate and private keys:

    For private keys: cat server.key

    For the certificate: cat server.pem

Why SSL?

SSL certificate creates trust between retailers and their customers and assures them that their critical information is kept safe. Benefits of SSL encryption by Vast Edge include:

  • Server Authentication:Server Authentication: SSL certificate comes from a trusted third party that guarantees encryption and makes it harder for fraudsters to pretend to be another server. It makes customers feel safe and protected while engaging in business-to-business transactions.

  • Private Communication Capability: SSL certificate makes user conversation private and turns useful data such as credit card numbers, addresses and other payment information into encrypted bits of information. Encryption with SSL leverage allows only the right recipient to see and decode encrypted messages.

  • Customer Confidence: SSL certificate assures customers by taking proper steps to protect their personal information. They feel safe and confident in engaging with businesses and retailers.

  • Web Hosts & Savings: SSL certificate enables web hosts to protectant users' private information and encrypt payments from clients to save the extra cost of data protection in transit.

SSL on Load Balancer

Vast Edge assists SMBs in configuring SSL on Load Balancer in OCI to distribute traffic from the entry point to multiple servers in a virtual cloud network (VCN). It automatically distributes traffic to keep backend servers intact and safeguard information between clients and servers. Vast Edge enables the user to create two backend servers for information exchange so that the task is not hampered in case of any unforeseen circumstances.

Configuring SSL Termination at LB
  • Step:1 Open the Navigation Menu. Under the Under Infrastructure, go to Networking> Load Balancers> Select your LB

  • Step:2 Add certificate by clicking on Certificate in the Resource menu

  • Step:3 Enter the Information to add the certificate

    Name of Certificate

    SSL Certificate: Paste the Certificate you have created

    Private Keys: Paste keys created

    Enter Private key password

    Click on Add Certificate

  • Step:4 Go to Resource menu> Listeners> Create Listeners

  • Step:5 Enter Information in Edit Listeners

    Name of Listener

    Create Protocol

    Correct port number

    Tick the checkbox "Use SSL"

    Name of Certificate

  • Step:6 Hit the IP address to verify the LB created for the HTTP connection

Configuring End-to-End SSL (between LB and Backend)

  • Step:1 Go to Resource menu> backend sets> action button

  • Step:2 Click on Edit

  • Step:3 Check on the Use SSL box in Edit backend sets.

Managing SSL

Vast Edge helps enterprises manage SSL on Load Balancers by uploading certificate bundles (including public certificates, private keys, CA certificates, etc) and creating backend sets if asked by the clients. Besides, Vast Edge allows the importing of the certificate that they already have. OCI accepts x.509 type certificates in PEM format only. Vast Edge also assists in the conversion of certificate format in PEM.

Configuring SSL Termination at LB

  • Step:1 Convert Certificate or Certificate chain from DER to PEM using

    openssl x509 -inform DER -in .der -outform PEM -out .pem

  • Step:2 Private key from DER to PEM

    openssl rsa -inform DER -in .der -outform PEM -out .pem

  • Step:3 Certificate bundle from PKCS#12 (PFX) to PEM

    openssl pkcs12 -in .p12 -out .pem -nodes

  • Step:4 Certificate bundle from PKCS#7 to PEM

    openssl pkcs7 -in .p7b -print_certs -out .pem

Uploading Certificate Chains

In case of multiple certificates, Vast Edge assists enterprises in assembling all relevant certificates and then uploading them to the system. A command line interface allows you to combine server certificates and intermediate CA certificates into a single concentrated file.

  • Mismatch Private Keys: In case of mismatch private keys, command your system using OpenSSL as

  • ~ openssl x509 -in .crt -noout -modulus | openssl sha1

  • ~ openssl rsa -in .key -noout -modulus | openssl sha1

  • Private Key Consistency: Check consistency in case of key error using the command

  • ~ openssl rsa -check -in .pem

  • Decrypting Private keys: In case of unfamiliar disrupting technology used for private keys, decrypts keys using

  • ~ openssl rsa -in .pem -out .pem

Commands for Submitting Private Keys

  • Mismatch Private Keys: In case of mismatch private keys, command your system using OpenSSL as

  • ~ openssl x509 -in .crt -noout -modulus | openssl sha1

  • ~ openssl rsa -in .key -noout -modulus | openssl sha1

  • Private Key Consistency: Check consistency in case of key error using the command

  • ~ openssl rsa -check -in .pem

  • Decrypting Private keys: In case of unfamiliar disrupting technology used for private keys, decrypts keys using

  • ~ openssl rsa -in .pem -out .pem

Updating an expiring certificate

Vast Edge secures client information by updating their expiring certificate. We also add features like:

  • Upgradation of client and backend server to new certificate bundle.
  • Upload SSL certificate bundle to the Load Balancer.
  • Edit listeners or backend servers so they use the new certificate bundle.
  • Remove the expiring certificate.
Copyrights © 10 October 2024 All Rights Reserved by Vast Edge Inc.