Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS5930 Internet Computing

Published byYandi Sudjarwadi Modified over 6 years ago

Similar presentations

Presentation on theme: "CIS5930 Internet Computing"— Presentation transcript:

1 CIS5930 Internet Computing
Internet Security - Part 2 Prof. Robert van Engelen

2 OpenSSL Get a copy of “Network Security with OpenSSL” from O’Reilly
Download code examples version 1.3 from and unpack Download scripts from create a new ‘CA’ dir somewhere and unpack files into it 11/13/2018 CIS 5930 Fall 2006 COP4020 Fall 2006

3 Creating a Self-Signed Root CA Certificate
After unpacking sslscripts.tar.gz in ‘CA’, modify the openssl.cnf file in the [req_distinguished_name] section for the following items: countryName_default = US stateOrProvinceName_default = Your-State localityName_default = Your-City 0.organizationName_default = Your-Company-Name Address_default = If you are going to use only one configuration file, use: setenv OPENSSL_CONF $HOME/…/CA/openssl.cnf 11/13/2018 CIS 5930 Fall 2006

4 Creating a Self-Signed Root CA Certificate
Run the root.sh script When prompted enter a passphrase to lock the private key of the CA Keep the root.pem key and the passphrase in a safe place You can distribute the cacert.pem CA certificate The script executes the following commands: Create an RSA key and a certificate signing request for the RSA key: openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem Sign the public key with the private key to create a self-signed certificate: openssl x509 -req -in rootreq.pem -sha1 -extfile openssl.cnf -extensions v3_ca -signkey rootkey.pem -out cacert.pem -days 1095 Keep the certificate and the private key in one file (root.pem): cat cacert.pem rootkey.pem > root.pem Display the X509 certificate subject, issuer, and dates: openssl x509 -subject -issuer -dates -noout -in root.pem To display the entire X509 certificate: openssl x509 -text -in root.pem 11/13/2018 CIS 5930 Fall 2006

5 Using the CA Private Key to Sign Certificates
Recall that the CA is the trusted third party, which means: The CA private key is used to sign certificates The CA public key (in the CA certificate) is used to verify certificates To create a new private/public key pair and sign the public key with the CA to create a certificate, run: cert.sh name Enter a password when prompted and enter the host or “localhost” of the domain of the networked application as the “common name” The password is used to lock the private key (it will be needed by your application to unlock the private key to establish secure communications) Use the root CA’s passphrase when prompted to sign the certificate 11/13/2018 CIS 5930 Fall 2006

6 Using the CA Private Key to Sign Certificates
The cert.sh script executes the following commands on command-line argument name (e.g. use “server” for name to create server.pem): Create new keys and a certificate signing request: openssl req -newkey rsa:1024 -sha1 -keyout namekey.pem -out namereq.pem Sign the certificate with the root CA key: openssl x509 -req -in namereq.pem -sha1 -extfile openssl.cnf -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out namecert.pem -days 365 Put everything into one PEM file (including the CA certificate): cat namecert.pem namekey.pem cacert.pem > name.pem Display the certificate subject, issuer, and dates: openssl x509 -subject -issuer -dates -noout -in name.pem To display the entire X509 certificate: openssl x509 -text -in name.pem 11/13/2018 CIS 5930 Fall 2006

7 Client and Server Examples
We will review the NSwO-1.3/ssl examples The BIO objects and functions The SSL objects and functions The CRYPTO functions The ERR functions Use man pages and Web resources when necessary 11/13/2018 CIS 5930 Fall 2006

Download ppt "CIS5930 Internet Computing"

Similar presentations

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Introduction to OpenSSL Jing Dalhousie University.

Introduction to OpenSSL Jing Dalhousie University.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University.

SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University.
1c.1 Assignment 2 Preliminaries Review (Full details in assignment write-up.)‏ © 2011 B. Wilkinson/Clayton Ferner. Fall 2011 Grid computing course. Modification.

1c.1 Assignment 2 Preliminaries Review (Full details in assignment write-up.)‏ © 2011 B. Wilkinson/Clayton Ferner. Fall 2011 Grid computing course. Modification.
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Customizing X.509 Certificate Fields Charles D. Short CS526 – S2008 University of Colorado, Colorado Springs Dr. C. Edward Chow 5/5/2008CDS - UCCS CS526.

Customizing X.509 Certificate Fields Charles D. Short CS526 – S2008 University of Colorado, Colorado Springs Dr. C. Edward Chow 5/5/2008CDS - UCCS CS526.
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Lockdown of a Basic Pool.

Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Lockdown of a Basic Pool.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.

Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.
Secure Sockets Layer (SSL) Fred Schank Kevin Wetter.

Secure Sockets Layer (SSL) Fred Schank Kevin Wetter.
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.

Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.
SSL Technology Overview and Troubleshooting Tips.

SSL Technology Overview and Troubleshooting Tips.
IT:Network:Applications.  Single Key (Symmetric) encryption ◦ One “key” or passphrase used to encrypt and decrypt ◦ FAST – good for large amounts of.

IT:Network:Applications.  Single Key (Symmetric) encryption ◦ One “key” or passphrase used to encrypt and decrypt ◦ FAST – good for large amounts of.
Wireless RADIUS Access Susan Mulholland Joseph Paulowskey Joseph Woulfe.

Wireless RADIUS Access Susan Mulholland Joseph Paulowskey Joseph Woulfe.
Public-key Infrastructure. Computer Center, CS, NCTU 2 Public-key Infrastructure  A set of hardware, software, people, policies, and procedures.  To.

Public-key Infrastructure. Computer Center, CS, NCTU 2 Public-key Infrastructure  A set of hardware, software, people, policies, and procedures.  To.

Similar presentations

Ads by Google