SSL

Securing .NET Core on OpenShift using HTTPS

Securing .NET Core on OpenShift using HTTPS

In an effort to improve security, browsers have become stricter in warning users about sites that aren’t properly secured with SSL/TLS. ASP.NET Core 2.1 has improved support for HTTPS. You can read more about these enhancements in Improvements to using HTTPS. In this blog post, we’ll look at how you can add HTTPS to your ASP.NET Core applications deployed on Red Hat OpenShift.

Before we get down to business, let’s recap some OpenShift vocabulary and HTTPS fundamentals. If you are familiar, you can skip over these sections.

OpenShift, pods, services, routes, and S2I

OpenShift is a Kubernetes-based open-source container application platform. A Kubernetes pod is a set of containers that must be deployed on the same host. In most cases, a pod consists of a single container. When we run the same application in several pods, a service does the load balancing across those pods. A route makes a service accessible externally via a hostname.

Continue reading “Securing .NET Core on OpenShift using HTTPS”

Share
Dynamically Creating Java Keystores in OpenShift

Dynamically Creating Java Keystores in OpenShift

Introduction

With a simple annotation to a service, you can dynamically create certificates in OpenShift.

Certificates created this way are in PEM (base64-encoded certificates) format and cannot be directly consumed by Java applications, which need certificates to be stored in Java KeyStores.

In this post, we are going to show a simple approach to enable Java applications to benefit from certificates dynamically created by OpenShift.

Continue reading “Dynamically Creating Java Keystores in OpenShift”

Share
SSL Testing Tool

SSL Testing Tool

If you have a large number of servers, which are configured with SSL/TLS and you are out of track on their certificate validity, now all of sudden you are worried if some of the certificates are expired.

Or if I think in some other scenario where you are required to understand underlying SSL/TLS configuration of your servers e.g. CipherSuits, Protocols, etc.

Yes, in the traditional way, you can get all the information of your SSL/TLS configuration by login into an individual server and check the certificates but it is very difficult if your environment size is very high.

To overcome this problem, I have to build a tool, which will give you all required details.

Continue reading “SSL Testing Tool”

Share

Securing Fuse 6.3 Fabric Cluster Management Console with SSL/TLS

Introduction

Enabling SSL/TLS in a Fabric is slightly more complex than securing a jetty in a standalone Karaf container. In the following article, we are providing feedback on the overall process. For clarity and simplification, the article will be divided into two parts.

 

Part1: The Management Console

Part2: Securing Web Service:including gateway-http

 

For the purpose of this PoC, the following environment will be used.

Continue reading “Securing Fuse 6.3 Fabric Cluster Management Console with SSL/TLS”

Share