Skip to main content

Certificate Management

Overview

OBLV Deploy incorporates an architectural design to ensure the confidentiality of data in transit through a secure communication channel between the client and the enclave. Below, we detail the process involved in setting up and managing this secure channel:

  1. Secure Certificate Transfer: During the enclave's bootup, OBLV Deploy securely transfers a TLS certificate into the enclave. This certificate is critical for establishing a trusted communication pathway between the client and the enclave.
  2. Certificate Chain of Trust: A leaf certificate is generated from it upon successfully securing the TLS certificate within the enclave. This action forms a certificate chain of trust whereby each enclave has a unique TLS certificate. Such individual certification ensures that should any single enclave be compromised, the security of other enclaves remains intact.
  3. Public Key Distribution via Attestation Document: The public key of the enclave’s SSL certificate is embedded within the attestation document, which is then securely sent to the client. The embedding of the public key in the attestation document allows the client to verify the enclave's authenticity and trustworthiness. Upon successful verification, the client can use the TLS certificate to establish a secure TLS connection with the enclave.
  4. Guidance on Certificate Management: This documentation includes a series of how-to guides designed to assist with certificate management. By detailing the processes for managing and renewing certificates effectively, these guides ensure the maintenance of a secure communication channel.

The following guides provide detailed, step-by-step instructions for setting up various configurations:

Creation of Self-Signed Certificate

The simplest way to get started is simply to use out-of-the-box self-signed certificates.

Read More

Getting certificates from ACM

Leverage the AWS certificate manager to get access to your organisations certificates from inside the enclave.

Read More

Generation of Leaf Certificate

Securely share intermediate certificates with your enclave so every instance has its own unique TLS certificate.

Read More