SLIDE 1
Autenticando microservices usando HTTPS/SSL
Cielo Lio
Autenticando microservices usando HTTPS/SSL Cielo Lio Magno Costa - - PowerPoint PPT Presentation
Autenticando microservices usando HTTPS/SSL Cielo Lio Magno Costa - - PowerPoint PPT Presentation
Autenticando microservices usando HTTPS/SSL Cielo Lio Magno Costa magnocosta.br @magnocosta_br @magnocosta Certificate Certificate Authority Certificate Sign Request Client Certificate Microservices + HTTPS Certificate - CRT Subtitulo
SLIDE 2
SLIDE 3
Magno Costa
magnocosta.br @magnocosta_br @magnocosta
SLIDE 4
Client Certificate
Certificate
Certificate Sign Request Certificate Authority Microservices + HTTPS
SLIDE 5
Subtitulo
Certificate - CRT
CRT
SLIDE 6
Subtitulo
Certificate - CRT
> openssl genrsa -des3 -out private.key 1024
SLIDE 7
Subtitulo
Certificate - CRT
> openssl req -new -key private.key -out server.crt
CRT
SLIDE 8
Subtitulo
Certificate - CRT
> openssl req -new -key private.key -out server.crt
CRT
SLIDE 9
Subtitulo
Certificate - CRT
CRT
SLIDE 10
Subtitulo
Certificate - CRT
CRT
Privado
SLIDE 11
Subtitulo
Certificate - CRT
CRT
Privado Publico
SLIDE 12
SLIDE 13
Nginx
CRT
SLIDE 14
Nginx
CRT
SLIDE 15
Nginx
CRT
{ valid? } +
SLIDE 16
Nginx
CRT
{ valid? } + > Expiration date > CN = host
SLIDE 17
Nginx
CRT
https { valid? } > Expiration date > CN = host +
SLIDE 18
Client Certificate
Certificate
Certificate Sign Request Certificate Authority Microservices + HTTPS
SLIDE 19
Nginx
CRT
https https > Expiration date > CN = host { valid? } +
SLIDE 20
{ issuer attribute }
SLIDE 21
CRT CRT
issuer
SLIDE 22
CRT CRT
issuer
CA
SLIDE 23
CRT CRT
issuer
CA
SLIDE 24
Nginx
CRT
SLIDE 25
Nginx
CRT
SLIDE 26
Nginx
CRT
{ valid? } + > Expiration date > CN = host
SLIDE 27
Nginx
CRT CA
{ valid? } + > Expiration date > CN = host
SLIDE 28
Nginx
CRT
https
CA
{ valid? } + > Expiration date > CN = host
SLIDE 29
CRT CRT
issuer
CA
SLIDE 30
CRT CRT
issuer
CA
??????
SLIDE 31
??????
CA
Root
SLIDE 32
??????
CA
Root
SLIDE 33
??????
CA
Root Root ??????
CA
??????
CA
??????
CA
??????
CA
??????
CA
??????
CA
SLIDE 34
??????
CA
Root Root ??????
CA
??????
CA
??????
CA
??????
CA
??????
CA
??????
CA
SLIDE 35
??????
CA
Root ??????
CA
??????
CA
??????
CA
??????
CA
??????
CA
??????
CA
CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA SLIDE 36
Nginx
CRT
SLIDE 37
Nginx
CRT
SLIDE 38
Nginx
CRT
{ valid? } + > Expiration date > CN = host
SLIDE 39
Nginx
CRT CA
{ valid? } + > Expiration date > CN = host
SLIDE 40
Nginx
CRT CA CA
{ valid? } + > Expiration date > CN = host
SLIDE 41
Nginx
CRT CA CA CA
{ valid? } + > Expiration date > CN = host
SLIDE 42
Nginx
CRT CA CA CA
{ valid? } + > Expiration date > CN = host https
SLIDE 43
Nginx
CRT CA CA CA
{ valid? } + > Expiration date > CN = host
> Chain of Certificates
https
SLIDE 44
Client Certificate
Certificate
Certificate Sign Request Certificate Authority Microservices + HTTPS
SLIDE 45
??????
CA
Root ??????
CA
??????
CA
??????
CA
??????
CA
??????
CA
??????
CA
CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA SLIDE 46
Subtitulo
Certificate Sign Request - CSR
CRT CSR CRT
SLIDE 47
Subtitulo
Certificate Sign Request - CSR
CRT CSR
SLIDE 48
Client Certificate
Certificate
Certificate Sign Request Certificate Authority Microservices + HTTPS
SLIDE 49
Subtitulo
Client Certificate - CRT
CRT CSR Cliente CRT
=
SLIDE 50
Nginx
CRT Cliente
SLIDE 51
Nginx
Cliente CRT
SLIDE 52
Nginx
Cliente CRT
{ valid? } > Expiration date > CN = host +
SLIDE 53
Nginx
CRT
{ valid? } > Expiration date > CN = host +
Cliente
SLIDE 54
Nginx
CRT
{ valid? } > Expiration date > CN = host +
Cliente
{ valid? } + > Expiration date > CN = host
SLIDE 55
Nginx
CRT
{ valid? } > Expiration date > CN = host +
Cliente
{ valid? } + > Expiration date > CN = host
SLIDE 56
Nginx
CRT
{ valid? } > Expiration date > CN = host +
Cliente
{ valid? } + > Expiration date > CN = host https
SLIDE 57
SLIDE 58
SLIDE 59
SLIDE 60
Client Certificate
Certificate
Certificate Sign Request Certificate Authority Microservices + HTTPS
SLIDE 61
Root
SLIDE 62
Root
Nginx
CRT
SLIDE 63
Root
Nginx
CRT
Services
SLIDE 64
Root CA
Nginx
CRT
Services
SLIDE 65
Auth
REST API Root CA
Nginx
CRT
Services
SLIDE 66
Auth
REST API Root CA
Nginx
CRT
Services
SLIDE 67
Auth
REST API Root CA
Nginx
CRT
Services
SLIDE 68
CSR
Auth
REST API Root CA
Nginx
CRT
Services
SLIDE 69
Auth
REST API Root CA CSR
Nginx
CRT
Services
SLIDE 70
Auth
REST API Root CA CSR
Nginx
CRT CRT
Services
SLIDE 71
Auth
REST API Root CA CSR
Nginx
CRT CRT
Services
SLIDE 72
Auth
REST API Root CA
Nginx
CRT CRT
https
Services
SLIDE 73
Auth
REST API Root CA
Nginx
CRT CRT
https { valid? } > Expiration date > CN = host
Services
SLIDE 74
Auth
REST API Root CA
Nginx
CRT CRT
https { valid? } > Expiration date > CN = 123e4567-e89b-12d3-a456-426655440000
Services
SLIDE 75
Nginx
CRT CRT
https
Service Service Service
SLIDE 76
Nginx
CRT CRT
https Device-Id
Service
123e4567-e89b-12d3-a456-426655440000
Service Service
SLIDE 77
Nginx
CRT CRT
https Device-Id
Service
123e4567-e89b-12d3-a456-426655440000
Service Service
parceiro
SLIDE 78