Creating X.509 TLS certificate in Kubernetes

In deployment automation, I often had to create self-signed X.509 certificate for testing TLS traffic into Kubernetes. Sometimes self-signed, sometimes signed by a CA. This post summarized the approaches I’ve taken. Create self-signed certificate with OpenSSL Traditionally, this is done in three OpenSSL commands: I have an older post to cover the basics of cryptography … Read moreCreating X.509 TLS certificate in Kubernetes

Secure web application deployment

In Nov 2020, I created OrthWeb project, a deployment of Orthanc’s server. Orthanc is a DICOM viewer and repo shipped in Docker container. In the deployment project, I use Terraform to provision infrastructure, including a managed PostgreSQL instance, an EC2 instance for docker runtime, and the init script to bring up the web service. I … Read moreSecure web application deployment

Public Key Infrastructure (PKI)

A public-key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The algorithms are based on Publick-key cryptography. The format of the digital certificate is defined in X.509 standard.  Certificate Authority – CA digitally signs and publishes … Read morePublic Key Infrastructure (PKI)

NTLM and Kerberos protocols

This article explains how two most common authentication mechanisms (NTLM and Kerberos) work. Both authentication protocols are based on symmetric key cryptography. The protocols themselves are platform independent. NTLM Authentication NTLM is the default authentication protocol prior to Windows 2000 and still prevalent today as backup to Kerberos. It is based on challenge/response mechanism. User … Read moreNTLM and Kerberos protocols

OAuth 2.0 and OIDC 1 of 2

OAuth 2.0 and OpenID Connect (OIDC 1.0) are different but highly related protocols and they are often confused. When we talk about IAM (identity and access management), we should first distinguish between Authentication (AuthN) and Authorization (AuthZ): In a nutshell, OAuth 2.0 deals with authorization. OIDC is a layer later developed on top of OAuth … Read moreOAuth 2.0 and OIDC 1 of 2

Security Assertion Markup Language (SAML)

SAML is an XML-based standard for exchanging authentication and authorization data between IdP (identity provider) and service provider. We can compare SAML with LDAP (as authentication protocol) as both are to provide single-sign-on (SSO) feature. LDAP is considered traditional configuration in on-premise operation for organizations. The configuration can be complex and administrators needs to complete … Read moreSecurity Assertion Markup Language (SAML)