Creating X.509 TLS certificate in Kubernetes

In deployment automation, I often had to create self-signed X.509 certificate for testing TLS traffic into Kubernetes. Sometimes self-signed, sometimes signed by a CA. This post summarized the approaches I’ve taken. Create self-signed certificate with OpenSSL Traditionally, this is done in three OpenSSL commands: I have an older post to cover the basics of cryptography … Read moreCreating X.509 TLS certificate in Kubernetes

Secure web application deployment

In Nov 2020, I created OrthWeb project, a deployment of Orthanc’s server. Orthanc is a DICOM viewer and repo shipped in Docker container. In the deployment project, I use Terraform to provision infrastructure, including a managed PostgreSQL instance, an EC2 instance for docker runtime, and the init script to bring up the web service. I … Read moreSecure web application deployment

Public Key Infrastructure (PKI)

A public-key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The algorithms are based on Publick-key cryptography. The format of the digital certificate is defined in X.509 standard.  Certificate Authority – CA digitally signs and publishes … Read morePublic Key Infrastructure (PKI)

Automatic deployment of Orthanc on AWS

[Update] Some security improvement was introduced in may 2021. Here‘s detail. In this project we introduce a medical imaging web service based on Orthanc, an open-source project of DICOM server, and a pipeline to deploy such server automatically and consistently. We deploy Orthanc on AWS automatically. This little project involves a number of technical deets … Read moreAutomatic deployment of Orthanc on AWS

Cryptography basics 2 of 2

My previous post outlines several core concepts around cryptography, such as asymmetric key encryption, digital certificate, the encoding formats and relevant file extensions. In this article, we continue to explore cryptography use cases, where these concepts are connected and put into application. The most important use case is TLS handshake. I cannot stress enough how … Read moreCryptography basics 2 of 2