In an effort to improve security, browsers have become stricter in warning users about sites that aren’t properly secured with SSL/TLS. ASP.NET Core 2.1 has improved support for HTTPS. You can read more about these enhancements in Improvements to using HTTPS. In this blog post, we’ll look at how you can add HTTPS to your ASP.NET Core applications deployed on Red Hat OpenShift.
Before we get down to business, let’s recap some OpenShift vocabulary and HTTPS fundamentals. If you are familiar, you can skip over these sections.
OpenShift, pods, services, routes, and S2I
OpenShift is a Kubernetes-based open-source container application platform. A Kubernetes pod is a set of containers that must be deployed on the same host. In most cases, a pod consists of a single container. When we run the same application in several pods, a service does the load balancing across those pods. A route makes a service accessible externally via a hostname.
Continue reading “Securing .NET Core on OpenShift using HTTPS”
Previously I did a post on Securing AMQ7 Routers with SSL. This post will expand upon that and explain how to secure JBoss AMQ7 Brokers with SSL and how to connect the routers and brokers with SSL as well.
Continue reading “Securing AMQ7 Brokers with SSL (part 2)”
AMQ7 is full of new and exciting technology and capabilities. However, with both routers and brokers now securing your topology can get confusing. Particularly securing the routers and learning how to use clients with them, using AMQP can be challenging for those of us used to using jks files and pure jms.
Continue reading “Securing AMQ7 Routers with SSL”
With a simple annotation to a service, you can dynamically create certificates in OpenShift.
Certificates created this way are in PEM (base64-encoded certificates) format and cannot be directly consumed by Java applications, which need certificates to be stored in Java KeyStores.
In this post, we are going to show a simple approach to enable Java applications to benefit from certificates dynamically created by OpenShift.
Continue reading “Dynamically Creating Java Keystores in OpenShift”
If you have a large number of servers, which are configured with SSL/TLS and you are out of track on their certificate validity, now all of sudden you are worried if some of the certificates are expired.
Or if I think in some other scenario where you are required to understand underlying SSL/TLS configuration of your servers e.g. CipherSuits, Protocols, etc.
Yes, in the traditional way, you can get all the information of your SSL/TLS configuration by login into an individual server and check the certificates but it is very difficult if your environment size is very high.
To overcome this problem, I have to build a tool, which will give you all required details.
Continue reading “SSL Testing Tool”
Enabling SSL/TLS in a Fabric is slightly more complex than securing a jetty in a standalone Karaf container. In the following article, we are providing feedback on the overall process. For clarity and simplification, the article will be divided into two parts.
Part1: The Management Console
Part2: Securing Web Service:including gateway-http
For the purpose of this PoC, the following environment will be used.
Continue reading “Securing Fuse 6.3 Fabric Cluster Management Console with SSL/TLS”