Januar 2024 - Seite 7 von 40 - Cloud Computing Köln

This post was contributed by Keyfactor.Docker has revolutionized how we develop and deploy modern applications, making it easier and more efficient for developers to create and manage containerized applications.

If you’re in the world of enterprise-level security, public key infrastructure (PKI), and certificate management, you might already be familiar with EJBCA, an open source tool for implementing PKIs. In this blog post, we will explore how to deploy EJBCA as a Docker container, making your infrastructure setup more modern, efficient, and flexible for your security and certificate management needs.

Why deploy EJBCA as a Docker container?

EJBCA is a robust PKI and certificate management solution, but sometimes setting up and managing it can be challenging, especially if you need to deploy it from source. Deploying EJBCA as a Docker container can simplify the process and offer various benefits, including:

Portability — Docker containers are lightweight and portable, containing all the software needed to run an application. Once you have an EJBCA container image, you can run it on any system that supports Docker, ensuring consistency across environments.

Easy scaling — Containers make it straightforward to scale your EJBCA instance. You can spin up multiple containers with ease, and orchestration tools like Kubernetes can manage the scaling for you.

Simplified deployment — With EJBCA in a Docker container, you can deploy and upgrade it quickly without worrying about complex installation procedures or dependencies such as Java, database drivers, Wildfly application server, operating system, etc. An installation of EJBCA requires all of these components, and the container has all of these critical dependencies installed and configured.

Advantages of open source PKI and EJBCA

When it comes to implementing a PKI solution, EJBCA’s open source nature provides distinct advantages over other software tools or utilities. Tools such as OpenSSL may serve well for testing, but they often prove inadequate for production. A Microsoft PKI or other PKI service tailored to specific use cases can be robust but often limited in flexibility, scalability, interoperability, and compliance.

EJBCA is one of the most used open source PKIs in the world. It can be built from source using the code from GitHub or be deployed as a Docker container. Here are advantages that you can expect from EJBCA:

Comprehensive feature set — EJBCA offers a comprehensive feature set for certificate management, including certificate issuance, revocation, and key management for many use cases. You can run hundreds of CAs in one single installation. This is effective compared to, for example, Microsoft ADCS, which can run only one CA per server installation. One installation of EJBCA can also support multiple use cases.

Robust certificate authority — EJBCA functions as a full-fledged certificate authority (CA), registration authority, and validation authority, including support for both online certificate status protocol (OCSP) and certificate revocation lists (CRLs), essential for being able to support a serious PKI.

Scalability and automation — In production scenarios, scalability is critical when EJBCA is under load and more instances are needed to serve PKI operations. EJBCA can be easily scaled using Docker orchestration tools, Helm charts, and by leveraging EJBCA open source Ansible playbooks, ensuring that your PKI infrastructure can handle the demands of your organization.

User management and role-based access control — EJBCA offers user management and role-based access control, allowing you to define who can perform specific tasks within your PKI.

Active community and support — EJBCA benefits from an active open source community and professional support options for the EJBCA Enterprise editions, ensuring you can find the right assistance when needed. EJBCA Enterprise edition is available as software and hardware appliances, Cloud AWS and Azure Marketplace options, and SaaS.

Compliance and auditing — EJBCA is designed with compliance and auditing in mind, helping you meet regulatory requirements and maintain a robust and signed audit trail. For example, you can enforce certificate policy for each CA to prevent the CA from signing any type of certificate signing request (CSR) that is submitted.

Getting started

Let’s walk through the process of deploying EJBCA as a Docker container. You can learn more through our introductory video on YouTube.

Step 1: Install Docker

You must have Docker installed on your system.

Step 2: Pull the EJBCA Docker image

EJBCA provides an official Docker image, making it easy to get started. You can pull the image using the following command:

docker pull keyfactor/ejbca-ce:latest

Step 3: Run EJBCA container

Now that you have the EJBCA image, you can run it as a container:

shellCopy code
docker run -d –rm –name ejbca-node1 -p 80:8080 -p 443:8443 -h "127.0.0.1" –memory="2048m" –memory-swap="2048m" –cpus="2" ejbca/ejbca-ce:8.0.0

This command will start the EJBCA container in the background, and it will be accessible at https://localhost:443/ejbca/adminweb.

Step 4: Access the EJBCA web console

Open your web browser and navigate to https://localhost/ejbca/adminweb to access the EJBCA web console.

Custom installation configuration

If you need to customize your EJBCA instance, you can mount a configuration file or use an external database with the container. This step allows you to tailor the PKI to your specific needs.

Issuing a TLS certificate as a PKI admin

Private TLS certificates play a crucial role in authenticating users and devices within closed network environments such as enterprise networks and business applications. When public trust isn’t necessary, opting for private TLS certificates is the most cost efficient and convenient way. Yet, it’s crucial to approach it with seriousness. The PKI software setup and certificate issuance process hold significance even in private trust environments.

You can generate TLS client or server certificates easily by following our best practices video tutorials. EJBCA allows you to initiate on a small scale and expand as your use case evolves. This series commences with a guide on setting up EJBCA as a Docker container. Read more and find additional options for how to issue your TLS certificates with EJBCA on the website.

Conclusion

Deploying EJBCA as a Docker container simplifies the management of your PKI setup. It provides portability, isolation, and scalability, making it easier to handle security and certificate management. Whether you are a security professional or a developer working on PKI solutions, using Docker to run EJBCA can streamline your workflow and enhance your security practices.

In this blog post, we’ve covered the basics of setting up EJBCA as a Docker container and explained how a PKI admin can configure the software to issue TLS certificates. We encourage you to explore the EJBCA documentation and tutorial videos for more advanced configurations and guidance on issuing certificates for your products or workloads. With the power of Docker and EJBCA, you can take control of your certificate authority and PKI efficiently and securely.

Now, go ahead and secure your digital world with EJBCA and Docker! If you have any questions or want to share your experiences, connect with us on the Keyfactor discussions page.

Learn more

Check out EJBCA CE on Docker Hub.

Visit the Open source EJBCA PKI product page.

New to Docker? Get started.

Quelle: https://blog.docker.com/feed/

26. Januar 2024

da Agency

Announcing Docker Scout Software Supply Chain Solution for Open Source Projects

As we announced at DockerCon, we’re now providing a free Docker Scout Team subscription to all Docker-Sponsored Open Source (DSOS) program participants.

If your open source project participates in the DSOS program, you can start using Docker Scout today. If your open source project is not in the Docker-Sponsored Open Source program, you can check the requirements and apply.

For other customers, Docker Scout is already generally available. Refer to the Docker Scout product page to learn more.

Why use Docker Scout?

Docker Scout is a software supply chain solution designed to make it easier for developers to identify and fix supply chain issues before they hit production.

To do this, Docker Scout:

Gives developers a centralized view of the tools they already use to see all the critical information they need across the software supply chain

Makes clear recommendations on how to address those issues, including for security issues and opportunities to improve reliability efforts

Provides automation that highlights new defects, failures, or issues

Docker Scout allows you to prevent and address flaws where they start. By identifying issues earlier in the software development lifecycle and displaying information in Docker Desktop and the command line, Docker Scout reduces interruptions and rework.

Supply chain security is a big focus in software development, with attention from enterprises and governments. Software is complex, and when security, reliability, and stability issues arise, they’re often the result of an upstream library. So developers don’t just need to address issues in the software they write but also in the software their software uses.

These concerns apply just as much to open source projects as proprietary software. But the focus on improving the software supply chain results in an unfunded mandate for open source developers. A research study by the Linux Foundation found that almost 25% of respondents said the cost of security gaps was “high” or “very high.” Most open source projects don’t have the budget to address these gaps. With Docker Scout, we can reduce the burden on open source projects.

Conclusion

At Docker, we understand the importance of helping open source communities improve their software supply chain. We see this as a mutually beneficial relationship with the open source community. A well-managed supply chain doesn’t just help the projects that produce open source software; it helps downstream consumers through to the end user.

For more information, refer to the Docker Scout documentation.

Learn more

Join our “Improving Software Supply Chain Security for Open Source Projects” webinar on Wednesday, February 7, 2024 at 1 PM Eastern (1700 UTC). Watch on LinkedIn or on the Riverside streaming platform.

Try Docker Scout.

Looking to get up and running? Use our Quickstart guide.

Vote on what’s next! Check out the Docker Scout public roadmap.

Have questions? The Docker community is here to help.

Not a part of DSOS? Apply now.

Quelle: https://blog.docker.com/feed/