mTLS with NGINX
Ғылым және технология
In this API Management track session, Shawn Hurst (Technical Solutions Architect, F5 Networks) goes over how securing data in your solution is not just a good practice, but a requirement from business owners and customers. Ensuring that your solutions are encrypted across all layers of communication is critical to user adoption. How do you make sure that the endpoints you are talking to haven’t been compromised, or worse, intercepted in flight?
Mutual TLS (mTLS) is one of the ways to not only ensure that the data you are sending is intact, but also that the endpoint is the intended destination. In this session, we will discuss how mTLS works, and show how NGINX and NGINX Plus provide authentication of the session, and can direct calls to connecting services. Finally, we will discuss how NGINX Plus, with dynamic certificate loading, can support a more secure certificate handling solution, including certificate replacement via API calls.
To learn more, go to www.nginx.com.
Пікірлер: 4
This talk was very useful to me, thank you for the upload.
at 6:40 the authentication is right but then the flow diagram at 7:18 shows conversation between the two devices and the Certificate Authories, which isn't needed to be a real-time communication. The validation of the cert is primarily completed computationally... the assurance of the certificate is augmented by checking a CRL with an external party using OCSP... but one can configure that either way. Use very short period certs and avoid running a CRL/OCSP like Lets Encrypt wants everyone to do
This is for NGINX Plus ... misleading title ... :-(
You missed a LOT of cast of characters. Alice and Bob even have their own Wikipedia page.