4

As this is a performance-based question about a security issue, some folks at Information Security suggested I post here:

My IoT company would like to use client certificate authentication to secure communications between each "thing" and a central server. We deploy about 30K things per year, and they have about a 5-year lifetime, so our server-side solution conservatively needs to be able to support 150-200k certificates at a time. From reading and asking other questions, it seems like the best-of-breed solution is EJBCA, which appears to scale quite well, but I also see that haproxy (theoretically) has the ability to do it too.

My question is this: how well does haproxy scale to handle a large number of client certs and connections?

Community
  • 1
AnodeCathode
  • 81
  • 1
  • Are all the client certs going to be signed by the same CA? – GregL Dec 30 '15 at 17:28
  • 1
    Does it need to do more than verify the certificate is signed by a trusted (ie, your in-house issuing) CA? 200k files of any kind in a directory would have to be tuned. If the certs are not signed by a common CA, haproxy and nginx may require all certs to be in a single PEM; I don't believe either will let you verify from a directory. – Andrew Domaszek Dec 30 '15 at 17:36
  • Another thing to note is haproxy is designed to tier. It doesn't have to do ssl verification at its level. It can forward the whole connection to a (cluster of) separate server(s) to terminate the ssl connection and perform verification there. In this way, if you can't do it in one, you can do it in many. – Andrew Domaszek Dec 30 '15 at 17:40
  • OP here, yes, all certs would be signed by the same CA -- and in our particular use case it would be perfectly viable to self-sign. I agree that all certs might have to be in a single PEM, which has plusses and minuses IMO (the biggest plus being that caching is easy, but biggest minus being that adding new certs will be slow). On the matter of tiering servers, at some point some server is going to have to verify the client against a giant list, I don't see any way to split that list apart - do you? – AnodeCathode Dec 30 '15 at 18:45
  • 2
    If all the client certs are signed by the same CA (or even a handful of them), then you simply add them to a file, and use the `ca-file` option on your `bind` line to make it work. You don't need to have the client certs loaded at all. – GregL Dec 30 '15 at 19:27

1 Answers1

1

To clear a possible misconception, quite popular with people who learned about public/private key pairs. A certificate is something more than a public key. Even if you have 30000 different private keys on devices that talk to you, on your side you don't need 30000 public keys. Or 30000 pieces of anything. You need 1 piece. The beauty of cryptographic signatures is that you can authenticate a huge number of private keys when the only thing you know is just a single certificate (called a CA certificate), and you don't even have all their public keys.

Sometimes there are a few more CA certificates, to allow long-running migrations/upgrades, compatibility with foreign systems, etc, but theoretically one is sufficient.

In this context, the actual answer to the question is: haproxy will scale extremely well in your situation, as will any other software. As long as you only use a few CA certificates, you won't note any difference whether haproxy authenticates 30 private keys or 30k private keys or 300k private keys.

kubanczyk
  • 13,812
  • 5
  • 41
  • 55