1

I have a setup whereby the SSL certificates are terminated at the load balancer (i.e. Load balancer to web server is in plaintext). In order to do the SSL termination, the private key is stored on the load balancer itself. I do have a HSM in a data center.

I was told by security guys that best practice is to store the private key in a HSM.

I have read Should SSL be terminated at a load balancer? and I understand that there is nothing wrong in terminating SSL encryption at the load balancer.

However, should the private keys be stored in the load balancer itself (from a security perspective)? Are there any technical challenges in storing the SSL private keys in a central HSM instead?

newbie
  • 139
  • 6

2 Answers2

1

From the security point of view, keeping the private key inside HSM is an ultimate solution. However, HSM has a throughput limitation, which brings a question of what rate of handshake requests do you expect to your web service and is it guaranteed to be lower than the max number that HSM can process.

If storing private keys in the HSM is not an option, then I still wouldn't store them in plain text. Every cloud solution offers tools for keys management, for example, if your service where run AWS - AWS Key Management Service (AWS KMS). Azure and gcloud will have their own tools.

Valentin Balaschenko
  • 137
  • 2
  • 8
0

On AWS, ACM and ELB are integrated and ACM and KMS are integrated such that the private key is stored in KMS. So that is secure and what you want to do.

Z.T.
  • 7,768
  • 1
  • 20
  • 35
  • Yes, there are lesser problems if a cloud platform is involved. However, my setup is not on cloud and I would like to know what are the other considerations I have to weigh against if I do not want to store the keys in HSM – newbie Apr 08 '20 at 10:32
  • For you it's a security vs performance trade-off. If the HSM can handle the number of sign operations per second that you need, use the HSM. The load balancer should allow resuming TLS connections (it's better latency but also to not need signatures for the resumed connections). – Z.T. Apr 08 '20 at 10:36