- Why was Redwax written?
-
For a long time the issuing and manipulation of certificates has been served by command line tools offered by projects such as OpenSSL.
Over time however, many certificate based operations have moved to the World Wide Web, and the need has arisen for a standard set of web based server tools to build web based certificate authorities. The Redwax server was built to meet this need.
- Why does Redwax Server take the form of Apache HTTP server modules?
-
To be secure, a certificate authority needs to have a small code footprint and small attack surface. Apache httpd is a modular server, and so can be hardened by removing unnecessary code and features.
There must be no gaps in the defined behaviour of the certificate authority. Many language bindings, libraries and frameworks allow loose and insufficiently well defined bindings between components, leading to injection attacks. Apache httpd's hook mechanism offers a well defined and complete interface between modular components, with no side effects.
The underlying framework of a certificate authority requires heritage. Apache httpd has been scrutinised and audited for over two decades, and is therefore a safe foundation on which to build a secure service.
To exist, a certificate authority needs to be usable. Apache httpd is widely deployed and widely understood, and the concepts used within Apache httpd are carried through into the Redwax Server.
- Does Redwax Server need OpenSSL?
-
At the present time, many Redwax Server implementation modules rely on OpenSSL in order to perform secure operations.
The core
mod_ca
module however does not depend on any specific security library, OpenSSL or otherwise.Each hook requires the passing of standard DER encoded security objects like certificates and certificate sign requests. This allows two Redwax server modules backed by different security libraries to be linked within the same server, and allows security modules to be linked together using low level generic mechanisms such as Unix Domain Sockets, pipes or data diodes, and can potentially run on separate physical hardware.