Autenticando microservices usando HTTPS/SSL Cielo Lio Magno Costa - PowerPoint PPT Presentation

Autenticando microservices usando HTTPS/SSL Cielo Lio

Magno Costa magnocosta.br @magnocosta_br @magnocosta

Certificate Certificate Authority Certificate Sign Request Client Certificate Microservices + HTTPS

Certificate - CRT Subtitulo CRT

Certificate - CRT Subtitulo > openssl genrsa -des3 -out private.key 1024

Certificate - CRT Subtitulo CRT > openssl req -new -key private.key -out server.crt

Certificate - CRT Subtitulo CRT > openssl req -new -key private.key -out server.crt

Certificate - CRT Subtitulo CRT

Certificate - CRT Subtitulo CRT Privado

Certificate - CRT Subtitulo Publico CRT Privado

CRT Nginx

CRT Nginx

CRT Nginx + { valid? }

CRT Nginx + { valid? } > Expiration date > CN = host

CRT Nginx https + { valid? } > Expiration date > CN = host

Certificate Certificate Authority Certificate Sign Request Client Certificate Microservices + HTTPS

CRT Nginx https https + { valid? } > Expiration date > CN = host

{ issuer attribute }

issuer CRT CRT

issuer CRT CRT CA

issuer CRT CRT CA

CRT Nginx

CRT Nginx

CRT Nginx + { valid? } > Expiration date > CN = host

CRT CA Nginx + { valid? } > Expiration date > CN = host

CRT CA Nginx https + { valid? } > Expiration date > CN = host

issuer CRT CRT CA

issuer CRT CRT CA ??????

CA ?????? Root

CA ?????? Root

CA ?????? Root Root CA CA CA CA CA CA ?????? ?????? ?????? ?????? ?????? ??????

CA ?????? Root Root CA CA CA CA CA CA ?????? ?????? ?????? ?????? ?????? ??????

CA ?????? Root CA CA CA CA CA CA ?????? ?????? ?????? ?????? ?????? ?????? CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA

CRT Nginx

CRT Nginx

CRT Nginx + { valid? } > Expiration date > CN = host

CA CRT Nginx + { valid? } > Expiration date > CN = host

CA CA CRT Nginx + { valid? } > Expiration date > CN = host

CA CA CA CRT Nginx + { valid? } > Expiration date > CN = host

CA CA CA CRT Nginx + https { valid? } > Expiration date > CN = host

> Chain of Certificates CA CA CA CRT Nginx + https { valid? } > Expiration date > CN = host

Certificate Certificate Authority Certificate Sign Request Client Certificate Microservices + HTTPS

CA ?????? Root CA CA CA CA CA CA ?????? ?????? ?????? ?????? ?????? ?????? CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA

Certificate Sign Request - CSR Subtitulo CRT CRT CSR

Certificate Sign Request - CSR Subtitulo CRT CSR

Certificate Certificate Authority Certificate Sign Request Client Certificate Microservices + HTTPS

Client Certificate - CRT Subtitulo Cliente CRT CRT CSR =

CRT Nginx Cliente

CRT Nginx Cliente

> Expiration date > CN = host { valid? } + CRT Nginx Cliente

> Expiration date > CN = host { valid? } + CRT Nginx Cliente

> Expiration date > CN = host { valid? } + CRT Nginx Cliente + { valid? } > Expiration date > CN = host

> Expiration date > CN = host { valid? } + CRT Nginx Cliente + { valid? } > Expiration date > CN = host

> Expiration date > CN = host { valid? } + CRT Nginx https Cliente + { valid? } > Expiration date > CN = host

Certificate Certificate Authority Certificate Sign Request Client Certificate Microservices + HTTPS

Root

CRT Nginx Root

CRT Nginx Root Services

CRT Nginx Root Services CA

CRT Nginx Root Services CA REST API Auth

CRT Nginx Root Services CA REST API Auth

CRT Nginx Root Services CA REST API Auth

CRT Nginx Root Services CA REST API Auth CSR

CRT Nginx Root Services CA CSR REST API Auth

CRT Nginx Root Services CA CSR REST API Auth CRT

CRT Nginx Root Services CA CSR REST API Auth CRT

CRT Nginx Root Services https CA REST API Auth CRT

CRT Nginx Root Services https CA REST API Auth CRT { valid? } > Expiration date > CN = host

CRT Nginx Root Services https CA REST API Auth CRT { valid? } > Expiration date > CN = 123e4567-e89b-12d3-a456-426655440000

Service Service CRT Nginx https Service CRT

Service Service CRT Nginx https Service CRT Device-Id 123e4567-e89b-12d3-a456-426655440000

Service Service CRT parceiro Nginx https Service CRT Device-Id 123e4567-e89b-12d3-a456-426655440000

Obrigado =)