Load balancing across certificates and certificate authorities
Abstract
Systems and methods for server authentication in a content delivery network are provided. Various embodiments include a content delivery network obtaining multiple digital certificates from multiple certificate authorities. When a client attempts to access the content delivery network, the network serves the client a digital certificate and then monitors the authentication of the certificate. If the authentication fails, the content delivery network serves the client another digital certificate that was issued from a different certificate authority. In other embodiments, the content delivery network constantly monitors the function of each certificate authority. The content delivery network constantly pings each certificate authority. If any one of the certificate authorities fails to respond to the pings, the content delivery network will presume the certificate authority is non-operational and will stop using certificates from the non-operational certificate authorities until they resume operation.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method to facilitate server authentication, the method comprising:
receiving a request from a client application to establish a secure session; sending a digital certificate to the client application, wherein the digital certificate is associated with a certificate authority; determining that a state of the secure session is anomalous; in response to determining that the state of the secure session is anomalous, sending a different digital certificate associated with a different certificate authority to the client application.
2 . The method of claim 1 further comprising determining the state of the secure session is normal when the client application validates the digital certificate, and upon determining the state of the secure session is normal, establishing a secure session.
3 . The method of claim 1 wherein determining the state of the secure session further comprises setting a timer or a counter.
4 . The method of claim 3 , wherein the timer or counter, upon time-out, indicates that the state of the secure session is anomalous.
5 . The method of claim 1 further comprising pinging one or more certificate authorities wherein the pinging includes sending one or more of an internet control message protocol (ICMP) echo request, an online certificate status protocol (OCSP) health check, a hypertext transfer protocol (HTTP) health check, or an OCSP request to the one or more certificate authorities.
6 . The method of claim 5 wherein pinging the one or more certificate authorities further comprises ceasing use of digital certificates associated with one or more certificate authorities that do not respond the pinging.
7 . A computing apparatus comprising:
one or more computer readable storage media; one or more processors operatively coupled with the one or more computer-readable storage media; and program instructions stored on the one or more computer readable storage media to facilitate server authentication in a content delivery network that, when executed by the one or more processors, direct the computing apparatus to at least: receive a request from an end point to establish a secure session; send a digital certificate to the end point, wherein the digital certificate is associated with a certificate authority; determine that a state of the secure session is anomalous; in response to determining that the state of the secure session is anomalous, send a different digital certificate associated with a different certificate authority to the end point.
8 . The computer-readable storage medium of claim 7 , wherein the set of instructions further cause the one or more processors to determine the state of the secure session is normal when the end point validates the digital certificate, and upon determining the state of the secure session is normal, establish a secure session.
9 . The computer-readable storage medium of claim 7 , wherein the set of instructions further cause the one or more processors to:
set a timer; and wherein the timer, upon time-out, indicates that the state of the secure session is anomalous.
10 . A method to facilitate server authentication, the method comprising:
receiving a request from a client application to establish a secure session; attempting to establish the secure session, comprising sending a digital certificate to the client application, wherein the digital certificate is associated with a certificate authority; determining that the server and the client application have failed to establish the secure session within a time period; in response to determining that the server and the client application have failed to establish the secure session within the time period, attempting again to establish the secure session, comprising sending a different digital certificate associated with a different certificate authority to the client application.
11 . The method of claim 10 wherein the secure session is a secure session between the server and the client application.
12 . The method of claim 10 wherein the time period is set by the server.
13 . The method of claim 10 , further comprising determining that the client application did not successfully validate the digital certificate.
14 . The method of claim 10 , further comprising determining that the certificate authority is not responding to queries.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.