![]() As you can see from the diagram below, clients and servers have their own intermediate certificates. The diagram below illustrates the certificate chain of trust that we are going to implement with Vault. For this blog post, I decided to do as much segmentation as possible when creating this certificate chain. If not please see my blog post here: IR Tales: The Quest for the Holy SIEM: Elastic stack + Sysmon + Osquery.If not please see my blog post here: Getting started with Hashicorp Vault v1.6.1.The means to generate DNS A records for each service.For this blog post, Vault will act as our certificate authority for our organization. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. ![]() A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. Vault is a tool for securely accessing secrets. However, I think for the purpose of this blog post the graphic below provides a good overview of the mutual TLS communication and why it is a powerful mechanism in information security. DISCLAIMER Background What is Mutual TLS?Īs stated by Cloudflare, “Mutual TLS (mTLS) authentication ensures that traffic is both secure and trusted in both directions between a client and server.” For a more thorough deep dive on mutual TLS please visit this blog post. Please review the Hashicorp Vault documentation for best practices. ![]() This blog post is a proof of concept (POC) for a homelab and does NOT implement best practices for an enterprise environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |