| CPC H04L 9/0825 (2013.01) [H04L 9/3268 (2013.01)] | 14 Claims |
|
1. A method comprising:
requesting, at a service configured on a server, a public key infrastructure (PKI) generated certificate using a PKI agent;
storing, at the PKI agent, a private key and the generated certificate in a key management service (KMS);
registering, at an application layer security controller communicatively coupled to the server, the service to have packet inspection at the application layer, wherein the registration further comprises setting an access control list (ACL) for keys of the service with the KMS to provide access to certificates and private keys to the application layer security controller;
transmitting, at the PKI agent, version information for the certificates to the application layer security controller;
updating, at the PKI agent, the certificates and keys in the KMS;
configuring the service and an application layer datapath component that is communicatively coupled to the application layer security controller to change the routing of packets using an overlay network, and inspecting at least one of the packets;
transmitting the one or more routed packets from the service to the application layer datapath component using the overlay network to preserve an original packet of the one or more packets; and
decapsulating, at the application layer datapath component, at least one routed packet of the one or more routed packets by retrieving the private keys and certificates from the KMS to perform the decapsulation, and performing application inspection of the decapsulated at least one routed packet of the one or more routed packets.
|