Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Manage SSL certificates with secure, reliable system

Manage SSL certificates with secure, reliable system

Hwee-jae Yoo
LINE Infra Protection Team1 Security Engineer
Noh Seung-Heun
LINE Plus Service Engineering Service Reliability Engineer
https://linedevday.linecorp.com/2020/ja/sessions/3493
https://linedevday.linecorp.com/2020/en/sessions/3493

Eebedc2ee7ff95ffb9d9102c6d4a065c?s=128

LINE DevDay 2020

November 25, 2020
Tweet

Transcript

  1. None
  2. Agenda › Why manage SSL certificates matters? › Renovate way

    of managing SSL certificates › Consolidated management system › Alignment with private cloud platform › How we develop Voyager › Security without stress
  3. Why manage SSL certificates matters?

  4. Server guarantee Communication encryption Why manage SSL certificates matters? Why

    use SSL certificates?
  5. Why manage SSL certificates matters? Why use SSL certificates? Server

    Browser Certificate Authority
  6. Why manage SSL certificates matters? Why use SSL certificates? Server

    Browser Certificate Authority
  7. Why manage SSL certificates matters? Why use SSL certificates? ref.

    https://www.computerworld.com/article/2510951/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html
  8. Why manage SSL certificates matters? Why use SSL certificates? Server

    Browser Certificate Authority
  9. Be Shorten 1 Year (=398 days) Public SSL certs by

    CA Security vs. Cost Go Free Secure enough Compatible enough Automation Gain Performance TLS 1.3 for 0-RTT ECDSA Remove Fields Split SSL Certificate Dean Coclin (DigiCert) blog post - https://www.digicert.com/blog/position-on-1-year-certificates/ Let’s Encrypt publish stats - https://letsencrypt.org/stats/ Why manage SSL certificates matters? It changes a lot
  10. What you need for your service Why manage SSL certificates

    matters? VOYAGER
  11. Renovate way of managing SSL certificate

  12. Renovate way of managing SSL certificate Consolidated Management System Before…

    Workflow Request SSL Certificate Grant WIKI Access Download Attachment › Is certificate exist? › Any other options? › No validation at all › Easy to share › 100% manual › Still not that secure › Human errors › Not that secure › Expiration
  13. Renovate way of managing SSL certificate Consolidated Management System Commercial

    Solutions In-house Development ✓ Feature Enhancement Integrate Enterprise Infrastructure Issue Fighting
  14. Workflow via Voyager Renovate way of managing SSL certificate Consolidated

    Management System After… Add Certificate To List via Voyager Download Certificate / using API for automation › Validate Inquiries in advance › Status check in one UI › Simplified steps by case › Access Control › Onetime password › Automation › No need to remember details › Securely stored certificate
  15. Renovate way of managing SSL certificate Consolidated Management System Real

    Users Security Asset Readiness Comfortable Seamless Workflow Ownership Gain Visibility for Usage
  16. Renovate way of managing SSL certificate Align with private cloud

    platform Load Balancer Server Server Server Server Powered by Server Server Server Server Powered by Load Balancer PROXY MODE DSR MODE
  17. Renovate way of managing SSL certificate Align with private cloud

    platform PM Container VM …… …… Expiration Vulnerability Cipher Suite Configuration Ownership Resources Incidents
  18. Renovate way of managing SSL certificate Secure provision of certificates

    Authentication Authorization KMS Test CA for Dev User Voyager Certificate & OTP Secure Zone Security Check Database
  19. How we develop Voyager

  20. Voyager makers How we develop Voyager Cloud Service Service Engineering

    Security Engineering System Development UI Engineering
  21. Voyager makers How we develop Voyager ONE TEAM

  22. Security without stress

  23. SSL management stress Security without stress Install & Renew

  24. Voyager agent for SSL Management Security without stress Voyager Voyager

    agent WEB Server config
  25. Voyager agent for SSL Management Security without stress Certified user

    Voyager CA DB request certificate query certificate receive encrypted certificate fetch cert provide certificate with OTP decrypt certificate automatic purchase certificate KMS encrypted certificate
  26. Thank you Voyager is here alpha beta 1.0 2.0 10.0