TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

Slides:



Advertisements
Similar presentations
SSL Implementation Guide Onno W. Purbo
Advertisements

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
Cryptography and Network Security
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Apache Web Server Quick and Dirty Steve Gibbard for SANOG 16 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.
Secure Sockets Layer (SSL) Fred Schank Kevin Wetter.
SSL Technology Overview and Troubleshooting Tips.
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007 SSL Security with Alpha Five App Server Protecting sensitive or personal data.
CSCI 6962: Server-side Design and Programming
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
IT:Network:Applications.  Single Key (Symmetric) encryption ◦ One “key” or passphrase used to encrypt and decrypt ◦ FAST – good for large amounts of.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Masud Hasan Secue VS Hushmail Project 2.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Web Server Quick and Dirty Evelyn NAMARA for AfNOG 2014 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Web Server Quick and Dirty Ayitey Bulley for AfNOG 2011 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Web Server Quick and Dirty Kevin G. Chege for AfNOG 2013 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Advanced Sendmail Part 1
Creating and Managing Digital Certificates Chapter Eleven.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Lemon security. Previous security enhancements user lemon: lemon-db-admin-OraMon will create user lemon (Miro). - OraMon switches to user lemon at its.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
Securing Access to Data Using IPsec Josh Jones Cosc352.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Setting and Upload Products
Public-key Infrastructure
SSL Certificates for Secure Websites
Apache Security with SSL Using FreeBSD
How to Check if a site's connection is secure ?
Using SSL – Secure Socket Layer
A Programmer’s Guide to Secure Connections
Public Key Infrastructure
Electronic Payment Security Technologies
Presentation transcript:

TLS/SSL Review

Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent and secure transactions. In 1997 an Open Source version of Netscape’s patented version was created, which is now OpenSSL. In 1999 the existing protocol was extended by a version now known as Transport Layer Security (TLS). By convention, the term "SSL" is used even when technically the TLS protocol is being used.

TLS: Server Certificate Authentication –Server and/or client identity is verified via certificate. Privacy –Data is encrypted with block cipher –Cipher key is exchanged via public key

TLS: Server Certificate Verification The client browser recognizes the Certificate Authority and thus verifies the authenticity of the connection.

Failed Verification If there is a conflict between the name on the certificate and the name of the server, the browser pops up a “Domain Name Mismatch” notice, allowing the user to decide whether to continue.

Cert Request: CSR CSR: Certificate Signing Request It contains: o Information about the organization (organization name, country, etc...) o Web Server's public key o A unique mathematical match to server's private key.

Cert Request: CSR (cont.) Let’s Create one

Cert Request Go to Common Name: ricardoserver.sdsu.edu Server software: Certificate Term: 1,2, or 3 years CSR: 2048-bit CSR Pass-phrase: (Don’t use)

Cert Request

Cert Request: Type Certificate TypeDescription & Purpose Single domain (Incommon SSL Certificate) SSL certificate protects a single domain e.g. These are the "traditional" SSL certificates that have been in use since the advent of the SSL protocol. Multiple domain (Incommon Multi-domain SSL certificate) A multiple domain certificate allows you protect multiple host names with a single SSL certificate. These are also known as SAN (Subject Alternative Name) certificates. Up to 100 domain names can be included in a multi- domain certificate. These certificates are often used on a single servers hosting many web sites to eliminate the need to use unique IP addresses for each web site e.g. and

Cert Request: Type (cont.) Certificate TypeDescription & Purpose Wildcard (Incommon wildcard SSL certificate) A wildcard certificate protects a domain and unlimited subdomains of that domain e.g. (not used for sdsu.edu) UCC Exchange (Incommon Unified Communications Certificate) A unified communications certificate allows you to protect multiple host names with a single SSL certificate. Specifically designed for Microsoft Exchange and Microsoft Office Communications Server. Newer versions of Microsoft products will work with multi-domain certificates.

Cert Request: Type (cont.) Certificate TypeDescription & Purpose Extended validation single domain (Comodo EV SGC SSL certificate) An Extended Validation certificate protects a single domain e.g. my.sdsu.edu. However, the certificate is issued according to a specific set of identity verification criteria. Certificates issued by a CA under the EV guidelines are not structurally different from other certificates but are designated with a CA-specific policy identifier so that EV-aware software (browsers) can recognize them and display the "green bar". Extended validation multiple domain (Comodo EV multi-domain SSL certificate) See above, except this certificate can protect multiple domains.

Cert Request: Hello, You have successfully enrolled for an InCommon SSL certificate. You now need to complete the following steps: * Click the following link to download your SSL certificate (generally try to use a version that includes intermediates & root or your certificate may be rejected by some older clients) Format(s) most suitable for your server software: as X509 Certificate only, Base64 encoded: manager.com/customer/InCommon/ssl?action=download&sslId=xxxx&format=x509CO as X509 Intermediates/root only, Base64 encoded: manager.com/customer/InCommon/ssl?action=download&sslId=xxxx&format=x509IO as X509 Intermediates/root only Reverse, Base64 encoded: manager.com/customer/InCommon/ssl?action=download&sslId=xxxxx&format=x509IOR Other available formats: as PKCS#7 Base64 encoded: manager.com/customer/InCommon/ssl?action=download&sslId=xxxxxx&format=base64 as PKCS#7 Bin encoded: manager.com/customer/InCommon/ssl?action=download&sslId=xxxxx&format=bin as X509, Base64 encoded: manager.com/customer/InCommon/ssl?action=download&sslId=xxxxxx&format=x509 manager.com/customer/InCommon/ssl?action=download&sslId=xxxx&format=x509COhttps://cert- manager.com/customer/InCommon/ssl?action=download&sslId=xxxx&format=x509IOhttps://cert- manager.com/customer/InCommon/ssl?action=download&sslId=xxxxx&format=x509IORhttps://cert- manager.com/customer/InCommon/ssl?action=download&sslId=xxxxxx&format=base64https://cert- manager.com/customer/InCommon/ssl?action=download&sslId=xxxxx&format=binhttps://cert- manager.com/customer/InCommon/ssl?action=download&sslId=xxxxxx&format=x509

Cert Request: Which File to download? X509 Certificate only, Base64 encoded This file contains only your domain/entity certificate and is commonly used with Apache-based systems (Apache Directive: SSLCertificateFile), Tomcat and Oracle Wallet Manager. X509 Intermediates/root only, Base64 encoded This file includes only the Root and Intermediate CA certificates (in order) for your domain/entity certificate. X509 Intermediates/root only (Reverse), Base64 encoded This file contains only the Intermediate(s) and Root CA certificates (in reverse order) and is commonly used with Apache-based systems (Apache2 Directive: SSLCertificateChainfile). This file is also known as a 'CA Bundle' or 'Certificate Chain File'. Other available formats: PKCS#7 Base64 encoded PKCS#7 Bin encoded PKCS#7 is commonly used with IIS 5.x and later. This file contains the: Root, Intermediate(s) and your certificate; all rolled into a single file. X509, Base64 encoded This file typically includes (in order): Root, Intermediate(s) and your certificate.

Cert Request: PKCS#7 vs. X509? PKCS#7 is a cryptography standard published by RSA Security in 1993 that deals with data that has cryptography applied to it. Its a standard for how to package data securely. PKCS#7 references the X.509 standard, as the source for certificate formatting. X.509 is a wide ranging security standards document published in 1998 which includes amongst other things, certificate file formats. X.509 specifies that certificates should be encoded using the Distinguished Encoding Rules of the ASN.1 (documented in the X.208 and now X.608) standard, first published in So, DER says how to encode some strings and numeric source data into a binary format, X.509 says which data needs to go into a digital certificate, and PKCS#7 says how that certificate should be used, to digitally sign a message.

SSL Cert: Install Add to httpd.conf –SSLEngine on –SSLCertificateKeyFile /etc/ssl/ssl.key/server.key –SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt –SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca- bundle Restart apache

SSL Cert Expr. Monitoring Nagios Bash Script :

SSL Cert Thank you Questions: me at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.