Cloudflare SSL for Standing Up PKI Infrastructure

Cloudflare SSL for Standing Up PKI Infrastructure

PKI (Public Key infrastructure) stands for a way to create, manage and distribute digital certificates and public key encryption and also ensure that a public key belongs to a particular entity.

Why this is Important?

  • To securely exchange digital information between systems
  • Non repudiation and message integrity by use of Digital Signatures
  • Identification of entities involved in the digital exchange of information.

Most practical protocols use hybrid model leveraging both the symmetric and asymmetric algorithms.  Symmetric algorithms are used to encrypt the data as these are less computationally intensive and asymmetric algorithms are used to establish identification, key exchange and non repudiation. As an example TLS/SSL and IPSec both use PKI for secure web communication. Asymmetric algorithms try to establish the authenticity of the public key. In other words, to make sure that a public key belongs to certain person who claims so.

Setup the identity of Public Key With the Given User

Digital certificates are the mechanism used to sign the public key and establish that trust that this public key belongs to certain user or application. Certificate Authority (CA) are the important vehicles to establish that trust. It is trusted by both the owner of the certificate as well as the the party which relies on the certificate. There are different mechanisms available to get the digital certificate.

  • Public Certificate – You purchase the certificate from public internet certificate authority (CA)
  • Private Certificate – You create your own local CA and use that CA to issue certificates to your users and applications.
  • Self Signed Certificates – You create and issue your own certificates.

Creating your own Private CA and TLS/SSL Certificates

User can use both OpenSSL or Cloudflare SSL toolkit for setting up your private CA authority and creating and issuing TLS/SSL certificates which can be hosted on your websites, clusters, application servers. Cloudflare SSL toolkit helps in creating the certificate bundle or certificate chain which is trusted by the browsers implicitly as users visit the online website or application.

Install CFSSL

CFSSL and CFSSLJSON command line utilities can be used to provision the PKI infrastructure. It can be downloaded from the CFSSL repository using the following command.

Some OS X Users may install it using brew package manager

Leave a Comment

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt