I am currently working on setting up a production level application stack and I was hoping to ask you for some ideas regarding certs and keys (generation, management, storage) and backend ELB SSL:
1) What is the de facto process for dealing with automation for generating SSL keys in AWS? Both for self signed and for 3rd party certs and the signing process automation?
2) Once you have the keys/certs, which location it advised to store them and how do you secure it without complicated HSM architecture? S3 with KMS encryption? Just S3 making sure you have a strict access policy? Of course it depends on company to company, but what would be the standard approach?
3) Is it standard practice to upload self-signed certs to the ELB?
4) How is the verification of a certificate performed for ELBs? Both for self signed certs and for certs from 3rd party CA?
5) Is it necessary to put in the backend SSL between the ELB and the instance once it goes to production or is ELB to client SSL enough from a security standpoint (as a standard practice).
Aucun commentaire:
Enregistrer un commentaire