By Mamoon Yunus | Date posted: February 3, 2014
Signer Groups and CRLs are the cornerstone of PKI management necessary for API Security. In asymmetric cryptography used for SSL, when an X.509 certificate is presented to a client or a server, a process of certificate chain validation establishes trust in the X.509 certificate and the public key that it represents. Certificate chain validation requires intermediate and root certificates that are embedded in the client (e.g., a browser) or a server (e.g., an Apache server). Additionally, if an X.509 certificate is compromised, through Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol OCSP, certificates can be marked as revoked such that any entity presenting such certificates cannot be trusted. Certificate validation through Signer Groups and revocation though CRLs or OCSP form the backbone of PKI management necessary for SSL, XML, SOAP and Big Data security.
In the tutorial, we will show how to enable and manage Signer Groups and CRLs rapidly for establishing APIs security using Forum Sentry API Gateway.