Large-Scale Certificate Management on Multi-Tenant Web Servers

In large-scale certificate management on multi-tenant web servers, preloading a large number of certificates for managing a large number of hosts under the single server process results in increasing the required memory usage due to the respective page table entry manipulation, which may be poor res...

Full description

Saved in:
Bibliographic Details
Main Authors: Matsumoto, Ryosuke, Rikitake, Kenji, Kuribayashi, Kentaro
Format: Conference Proceeding
Language:English
Subjects:
Certificate
Cloud
IP networks
Loading
Memory management
Middleware
multi tenant
Service-oriented architecture
TLS
Web Server
Web servers
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In large-scale certificate management on multi-tenant web servers, preloading a large number of certificates for managing a large number of hosts under the single server process results in increasing the required memory usage due to the respective page table entry manipulation, which may be poor resource efficiency and reduced capacity. To solve this issue, we propose a method to dynamically load the certificates bound to the hostnames found during the SSL/TLS handshake sequences without preloading, provided the Server Name Indication (SNI) extension is available. We implement the function of choosing the respective certificates with the ngx_mruby module which extend Web server functions using mruby with small memory footprint while maintaining the execution speed. We also evaluated the proposed method on a Web hosting service of authors' place of an employer.
ISSN:0730-3157
DOI:10.1109/COMPSAC.2018.10234