Inhaltsverzeichnis

4.5 Trust Server

4.5 Trust Server

Central trust server for certificate validation.

Concept: Single Point of Trust

All clients query the Trust Server
Trust Server decides on trustworthiness
Central control over certificate status
Real-time revocation possible

Architecture

[Client] -> [Proxy] -> [Trust Server]
                          |
                    [Certificate DB]

API Endpoints

Endpoint	Function
POST /validate	Verify certificate
GET /trusted	List of trusted certs
POST /revoke	Revoke certificate

Configuration in Proxy

{
  "TrustServer": {
    "Url": "https://trust.intern",
    "ApiKey": "...",
    "CacheSeconds": 60,
    "FailOpen": false
  }
}

Fail-Closed

With FailOpen: false:

Trust Server not reachable → Access denied
Maximum security
Availability of Trust Server critical

High Availability

Run Trust Server in cluster
Load balancer in front
Local cache for short-term outages