Presentation is loading. Please wait.

Presentation is loading. Please wait.

Apache and SSL Presented by Paul Weinstein, Waubonsie Consulting, O’Reilly Open Source Convention July 24, 2002.

Published bySamson Murphy Modified over 9 years ago

Similar presentations

Presentation on theme: "Apache and SSL Presented by Paul Weinstein, Waubonsie Consulting, O’Reilly Open Source Convention July 24, 2002."— Presentation transcript:

1 Apache and SSL Presented by Paul Weinstein, Waubonsie Consulting, O’Reilly Open Source Convention July 24, 2002

2 Apache and SSL - Paul Weinstein - - 2 Hello World Introduction What Will Be Covered oReview of SSL oQuick History of Apache and SSL oApache 1.3.x oApache 2.0.x oCool Tricks of Apache and SSL What Won’t Be Covered

3 Apache and SSL - Paul Weinstein - - 3 Disclaimer It should be noted that this presentation does not cover all issues relating to securing networked based machines and their content. This presentation is designed only to introduce basic concepts and configuration of Apache and SSL.

4 Apache and SSL - Paul Weinstein - - 4 SSL and TLS: Secure Sockets Layer (SSL), developed by Netscape Communications, and Transport Layer Security (TLS), the open-standard replacement for SSL from the Internet Engineering Task Force, are the two protocols that add encryption and authentication to TCP/IP.

5 Apache and SSL - Paul Weinstein - - 5 SSL and TLS: Two Main Features Ciphers; which enable the encryption of data between the client and server. Digital Certificates; which provide a method of authentication of a client and server.

6 Apache and SSL - Paul Weinstein - - 6 SSL and TLS: Ciphers Symmetric (a.k.a. Secret-Key) Asymmetric (a.k.a. Public-Key)

7 Apache and SSL - Paul Weinstein - - 7 SSL and TLS: Digital Certificates Advantage of Public-Key Encryption Server Certificate Client Certificate Root Certificate Certificate Authority oPublic Certificate Authority oPrivate Certificate Authority

8 Apache and SSL - Paul Weinstein - - 8 Apache and SSL: A Timeline

9 Apache and SSL - Paul Weinstein - - 9 * Platform Dependent mod_ssl Support for SSL v2, v3 and TLS v1 Advance pass-phrase handling for private keys X.509 based digital certificates, certificate generation, certificate revocation list Support for crypto acceleration hardware * Backward compatibility

10 Apache and SSL - Paul Weinstein - - 10 * Source: E-Soft June 2002 Report, mod_ssl Most Popular SSL Solution for Apache o1,098,542 of 4,577,603 or 23.99%* Second Only to PHP and Perl Overall o 43.71% and 24.11%*

11 Apache and SSL - Paul Weinstein - - 11 Apache 1.3.x: mod_ssl Integration oNeeds EAPI oCan Build as a DSO oOpenSSL Toolkit

12 Apache and SSL - Paul Weinstein - - 12 Supports New Apache 2.0 Architecture Included with the Apache 2.0.x source code To add mod_ssl when building Apache o--enable-ssl o--with-ssl=/path/to/OpenSSL/lib Apache 2.0.x: mod_ssl

13 Apache and SSL - Paul Weinstein - - 13 Transacting of payment information for consumer good(s) in a secure manner between the customer and the business. Apache and SSL: Cool Tricks - The Ubiquitous Online Store

14 Apache and SSL - Paul Weinstein - - 14 Apache and SSL: Cool Tricks - The Ubiquitous Online Store What We Need: oEnable mod_ssl oRequest a server certificate from a public certificate authority oInstall server certificate oAdd a CGI script to collect data oConfigure access to CGI script via HTTPS

15 Apache and SSL - Paul Weinstein - - 15 Apache and SSL: Cool Tricks - The Ubiquitous Online Store What We Get:

16 Apache and SSL - Paul Weinstein - - 16 Apache and SSL: Cool Tricks - The Ubiquitous Online Store What We Get: oThe communication with the store is secure. oThe server on the other end, decrypting the data is in fact the online store as identified by the server’s digital certificate and authenticated by a trusted third party.

17 Apache and SSL - Paul Weinstein - - 17 Transacting of organizational information in a secure manner between the organization’s groups and individuals. Apache and SSL: Cool Tricks - An Organization’s Intranet

18 Apache and SSL - Paul Weinstein - - 18 Apache and SSL: Cool Tricks - An Organization’s Intranet What We Need: oCreate a private certificate authority using OpenSSL oEnable mod_ssl oRequest a server certificate from the private certificate authority oInstall server certificate

19 Apache and SSL - Paul Weinstein - - 19 Apache and SSL: Cool Tricks - An Organization’s Intranet What We Need: oAdd a CGI script to collect data oConfigure access to CGI script via HTTPS oInstall private certificate authority's root certificate oConfigure server to authenticate clients based on certificates from private certificate authority

20 Apache and SSL - Paul Weinstein - - 20 Apache and SSL: Cool Tricks - An Organization’s Intranet What We Need: oSign client certificate requests & install in client’s web browsers oInstall private certificate authority’s root certificate oAuthenticate servers based on private certificate authority

21 Apache and SSL - Paul Weinstein - - 21 Apache and SSL: Cool Tricks - An Organization’s Intranet What We Get:

22 Apache and SSL - Paul Weinstein - - 22 Apache and SSL: Cool Tricks - An Organization’s Intranet What We Get: oThe communication within the organization is secure. oThe server on one end is in fact organization’s server - the information from is valid. oThe client on the other end is in fact a member of the organization - the information has not been compromised.

23 Apache and SSL - Paul Weinstein - - 23 Review of Apache and SSL SSL and TLS History of Apache and SSL Apache 1.3.x Apache 2.0.x Cool Tricks of Apache and SSL

24 Apache and SSL - Paul Weinstein - - 24 Citation Engelschall, Ralf User Manual mod_ssl Version 2.8 Jan. 2001 mod_ssl: The Apache Interface to OpenSSL

25 Apache and SSL - Paul Weinstein - - 25 Citation Weinstein, Paul. "Web Security: Encryption & Authentication." Daemonnews (May 2001): 15 pars. Weinstein, Paul "Web Security: Apache and mod_ssl." Daemonnews (June 2001): 15 pars.

26 Apache and SSL - Paul Weinstein - - 26 Suggested References This Presentation: oArticle: Weinstein, Paul. “Apache and SSL” O’Reilly Network: ONLamp.com (April 2002): 24 pars.

27 Apache and SSL - Paul Weinstein - - 27 Suggested References This Presentation: oSlides: (HTML) (PDF)

28 Apache and SSL - Paul Weinstein - - 28 Suggested References Apache Project, Apache Week,

29 Apache and SSL - Paul Weinstein - - 29 Suggested References mod_ssl Project, oMailing Lists, List Archives: o

30 Apache and SSL - Paul Weinstein - - 30 Suggested References OpenSSL Project, oMailing Lists, List Archives: o o o o

Download ppt "Apache and SSL Presented by Paul Weinstein, Waubonsie Consulting, O’Reilly Open Source Convention July 24, 2002."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
Cryptography and Network Security

Cryptography and Network Security
Internet Security Protocols

Internet Security Protocols
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
SSL Serguei Mokhov SOEN321, Fall 2004. Contents Background SET SSL –origins –protocol.

SSL Serguei Mokhov SOEN321, Fall Contents Background SET SSL –origins –protocol.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
Introduction to Cryptography

Introduction to Cryptography
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

Similar presentations

Ads by Google