@article{oai:ipsj.ixsq.nii.ac.jp:00199588,
 author = {Ryosuke, Matsumoto and Kenji, Rikitake and Kentaro, Kuribayashi and Ryosuke, Matsumoto and Kenji, Rikitake and Kentaro, Kuribayashi},
 issue = {9},
 journal = {情報処理学会論文誌},
 month = {Sep},
 note = {For large-scale certificate management of multi-tenant web servers, preloading numerous certificates for managing numerous hosts under the single server process results in increasing the required memory usage because of the respective page table entry manipulation, which might be a poor resource efficiency and a reduced capacity. To resolve this issue, we propose a method for dynamic loading of certificates bound to the hostnames found during the SSL/TLS handshake sequences without preloading, provided that the Server Name Indication (SNI) extension is available. We implemented the function of choosing the respective certificates with the ngx_mruby module, which extends web server functions using mruby with a small memory footprint while maintaining the execution speed. The proposed method was evaluated by a web hosting service employing the authors.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.27(2019) (online)
DOI　http://dx.doi.org/10.2197/ipsjjip.27.650
------------------------------, For large-scale certificate management of multi-tenant web servers, preloading numerous certificates for managing numerous hosts under the single server process results in increasing the required memory usage because of the respective page table entry manipulation, which might be a poor resource efficiency and a reduced capacity. To resolve this issue, we propose a method for dynamic loading of certificates bound to the hostnames found during the SSL/TLS handshake sequences without preloading, provided that the Server Name Indication (SNI) extension is available. We implemented the function of choosing the respective certificates with the ngx_mruby module, which extends web server functions using mruby with a small memory footprint while maintaining the execution speed. The proposed method was evaluated by a web hosting service employing the authors.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.27(2019) (online)
DOI　http://dx.doi.org/10.2197/ipsjjip.27.650
------------------------------},
 title = {Large-scale Certificate Management on Multi-tenant Web Servers},
 volume = {60},
 year = {2019}
}