- 著者
- Ryosuke Matsumoto Kenji Rikitake Kentaro Kuribayashi
- 出版者
- 一般社団法人 情報処理学会
- 雑誌
- Journal of Information Processing (ISSN:18826652)
- 巻号頁・発行日
- vol.27, pp.650-657, 2019 (Released:2019-09-15)
- 参考文献数
- 28
For large-scale certificate management of multi-tenant web servers, preloading numerous certificates for managing numerous hosts under the single server process results in increasing the required memory usage because of the respective page table entry manipulation, which might be a poor resource efficiency and a reduced capacity. To resolve this issue, we propose a method for dynamic loading of certificates bound to the hostnames found during the SSL/TLS handshake sequences without preloading, provided that the Server Name Indication (SNI) extension is available. We implemented the function of choosing the respective certificates with the ngx_mruby module, which extends web server functions using mruby with a small memory footprint while maintaining the execution speed. The proposed method was evaluated by a web hosting service employing the authors.
言及状況
外部データベース (DOI)
Twitter (2 users, 5 posts, 8 favorites)
Our research on large-scale web server certificate management that we have been working on for several years since 2015 has been published as a journal paper. Please check it out! / Large-scale Certificate Management on Multi-tenant Web Servers https://t.co/ni7caL00qq
J-STAGEにも、我々の採録論文「Large-scale Certificate Management on Multi-tenant Web Servers」が公開されています。実際に研究開発して取り組んでいたのは何年か前ですが、ようやく研究としてこの手の実用的な話を完成させることができてとても嬉しいです。 https://t.co/ni7caL00qq