Abstract: Approaches described herein allow an appliance to receive a message from a client device when the client device is attempting to connect to a service other than the appliance. For instance, a client device might connect to a service on a private network, however if the client device is not on the private network, it may encounter an appliance such as a gateway. The appliance is configured to return a message to a client device indicating that it is an appliance, and the client device returns a certificate to the appliance that allows the client to indicate a first purpose of a connection and a second purpose of the connection. In approaches described herein, the second purpose is used by the appliance to perform an action related to providing the service with a certificate that allows for the first purpose, which can include information to create a secure connection between the service and the client device.

Abstract: Methods and systems for securing a data connection for communicating between two end-points are described herein. One of the end-points may be a server and the other of the end-points may be a client that wants to communicate with the server. The data connection may be secured based on a previously-established secure connection and/or a self-signed or self-issued certificate. In some variations, by using the previously-established secure connection and/or a self-signed or self-issued certificate, the secure communication between the server and the client may be conducted without using a third-party authentication service and without requiring a third-party CA to issue a certificate for the server.

Abstract: Approaches described herein allow an appliance to receive a message from a client device when the client device is attempting to connect to a service other than the appliance. For instance, a client device might connect to a service on a private network, however if the client device is not on the private network, it may encounter an appliance such as a gateway. The appliance is configured to return a message to a client device indicating that it is an appliance, and the client device returns a certificate to the appliance that allows the client to indicate a first purpose of a connection and a second purpose of the connection. In approaches described herein, the second purpose is used by the appliance to perform an action related to providing the service with a certificate that allows for the first purpose, which can include information to create a secure connection between the service and the client device.

Abstract: Approaches described herein allow an appliance to receive a message from a client device when the client device is attempting to connect to a service other than the appliance. For instance, a client device might connect to a service on a private network, however if the client device is not on the private network, it may encounter an appliance such as a gateway. The appliance is configured to return a message to a client device indicating that it is an appliance, and the client device returns a certificate to the appliance that allows the client to indicate a first purpose of a connection and a second purpose of the connection. In approaches described herein, the second purpose is used by the appliance to perform an action related to providing the service with a certificate that allows for the first purpose, which can include information to create a secure connection between the service and the client device.

Abstract: Methods and systems for securing a data connection for communicating between two end-points are described herein. One of the end-points may be a server and the other of the end-points may be a client that wants to communicate with the server. The data connection may be secured based on a previously-established secure connection and/or a self-signed or self-issued certificate. In some variations, by using the previously-established secure connection and/or a self-signed or self-issued certificate, the secure communication between the server and the client may be conducted without using a third-party authentication service and without requiring a third-party CA to issue a certificate for the server.

Abstract: Methods and systems for securing a data connection for communicating between two end-points are described herein. One of the end-points may be a server and the other of the end-points may be a client that wants to communicate with the server. The data connection may be secured based on a previously-established secure connection and/or a self-signed or self-issued certificate. In some variations, by using the previously-established secure connection and/or a self-signed or self-issued certificate, the secure communication between the server and the client may be conducted without using a third-party authentication service and without requiring a third-party CA to issue a certificate for the server.

Abstract: Methods and systems for securing a data connection for communicating between two end-points are described herein. One of the end-points may be a server and the other of the end-points may be a client that wants to communicate with the server. The data connection may be secured based on a previously-established secure connection and/or a self-signed or self-issued certificate. In some variations, by using the previously-established secure connection and/or a self-signed or self-issued certificate, the secure communication between the server and the client may be conducted without using a third-party authentication service and without requiring a third-party CA to issue a certificate for the server.

Abstract: Approaches described herein allow a stateless device to recover at least one private key. In particular, a stateless device can provide service-account credentials to a directory service to establish a first session and acquire a certificate and private key using information associated with the stateless device. The stateless device can store its private key before the first session ends. A stateless device can then provide user-account credentials to the directory service to establish a second session. After the second session begins, a private key can be acquired by the stateless device.

Abstract: Approaches described herein allow a stateless device to recover at least one private key. In particular, a stateless device can provide service-account credentials to a directory service to establish a first session and acquire a certificate and private key using information associated with the stateless device. The stateless device can store its private key before the first session ends. A stateless device can then provide user-account credentials to the directory service to establish a second session. After the second session begins, a private key can be acquired by the stateless device.

Abstract: Approaches described herein allow a stateless device to recover at least one private key. In particular, a stateless device can provide service-account credentials to a directory service to establish a first session and acquire a certificate and private key using information associated with the stateless device. The stateless device can store its private key before the first session ends. A stateless device can then provide user-account credentials to the directory service to establish a second session. After the second session begins, a private key can be acquired by the stateless device.

Abstract: Approaches described herein allow a stateless device to recover at least one private key. In particular, a stateless device can provide service-account credentials to a directory service to establish a first session and acquire a certificate and private key using information associated with the stateless device. The stateless device can store its private key before the first session ends. A stateless device can then provide user-account credentials to the directory service to establish a second session. After the second session begins, a private key can be acquired by the stateless device.

Abstract: Approaches described herein allow an appliance to receive a message from a client device when the client device is attempting to connect to a service other than the appliance. For instance, a client device might connect to a service on a private network, however if the client device is not on the private network, it may encounter an appliance such as a gateway. The appliance is configured to return a message to a client device indicating that it is an appliance, and the client device returns a certificate to the appliance that allows the client to indicate a first purpose of a connection and a second purpose of the connection. In approaches described herein, the second purpose is used by the appliance to perform an action related to providing the service with a certificate that allows for the first purpose, which can include information to create a secure connection between the service and the client device.

Abstract: Approaches described herein provide devices, methods, and mediums for building a chain of certificates. In particular, various devices can communicate with a certificate repository. The certificate repository can provide information indicating whether a certificate stored on a device is valid. If the certificate is no longer valid, then a new certificate is acquired from the certificate repository. This new certificate can have certificate extensions. These certificate extensions can be used by a device to build a chain to a root certificate authority to validate the device.