Large-Scale Certificate Management on Multi-Tenant Web Servers
| Autor: | Kentaro Kuribayashi, Ryosuke Matsumoto, Kenji Rikitake |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Service (systems architecture)
Web server General Computer Science Handshake Computer science computer.internet_protocol 02 engineering and technology computer.software_genre 0202 electrical engineering electronic engineering information engineering 060201 languages & linguistics business.industry Process (computing) 020206 networking & telecommunications 020207 software engineering 06 humanities and the arts Service-oriented architecture Certificate Management Protocol Memory management 0602 languages and literature Memory footprint Server Name Indication 020201 artificial intelligence & image processing Page table business computer Computer network |
| Zdroj: | COMPSAC (2) |
| DOI: | 10.1109/compsac.2018.10234 |
| Popis: | In large-scale certificate management on multi-tenant web servers, preloading a large number of certificates for managing a large number of hosts under the single server process results in increasing the required memory usage due to the respective page table entry manipulation, which may be poor resource efficiency and reduced capacity. To solve this issue, we propose a method to dynamically load the certificates bound to the hostnames found during the SSL/TLS handshake sequences without preloading, provided the Server Name Indication (SNI) extension is available. We implement the function of choosing the respective certificates with the ngx_mruby module which extend Web server functions using mruby with small memory footprint while maintaining the execution speed. We also evaluated the proposed method on a Web hosting service of authors' place of an employer. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|