| CPC H04L 9/3263 (2013.01) [H04L 9/0825 (2013.01); H04L 9/3236 (2013.01); H04L 9/3247 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for establishing a PKI (Public Key Infrastructure) chain of trust in an isolated cloud computing environment, comprising:
receiving a digital leaf certificate in the isolated cloud computing environment, the digital leaf certificate being rooted to a first root certificate in a non-isolated PKI chain of trust in a non-isolated cloud computing environment and the digital leaf certificate including a first object identifier value,
wherein the digital leaf certificate is received to support establishing the PKI chain of trust rooted in a second root certificate for the isolated cloud computing environment;
obtaining a second root certificate in the isolated cloud computing environment;
signing the second root certificate with a private key of the digital leaf certificate to generate a signed blob;
storing the signed blob to a predetermined storage location in the isolated cloud computing environment;
executing a bootstrap executable configured with a second object identifier value;
obtaining the signed blob from the predetermined storage location in the isolated cloud computing environment;
verifying the signed blob with the digital leaf certificate;
when the signed blob is verified, comparing the first object identifier value from the digital leaf certificate to the second object identifier value from the bootstrap executable;
when the first and second object identifier values match, installing a PKI chain of trust rooted in the second root certificate for the isolated cloud computing environment; and
distributing the second root certificate in the isolated cloud computing environment to secure communications within the isolated cloud computing environment.
|