OpenSSL Cookbook.pdf

(1596 KB) Pobierz
OPENSSL
COOKBOOK
A Guide to the Most Frequently Used
OpenSSL Features and Commands
SECOND
EDITION
From the book
Bulletproof SSL and TLS
Ivan Ristić
Last update: Thu Jun 09 04:26:02 BST 2016 (build 538)
BULLETPROOF SSL AND TLS
Understanding and deploying SSL/TLS and PKI
to secure your servers and web applications
For system administrators, developers, and
IT security professionals, this book will
teach you everything you need to know to
protect your systems from eavesdropping
and impersonation attacks.
BULLETPROOF
SSL AND TLS
Understanding and Deploying SSL/TLS and
PKI to Secure Servers and Web Applications
Free edition: Getting Started
“The most comprehensive book about
deploying TLS in the real world!”
Ivan Ristić
Available Now
www.feistyduck.com
Nasko Oskov,
Chrome Security
developer and former SChannel
developer
“Meticulously researched.”
Eric Lawrence,
Fiddler author and
former Internet Explorer Program
Manager
“The most to the point and up to date
book about SSL/TLS I’ve read.”
Jakob Schlyter,
IT security advisor
and DANE co-author
OpenSSL Cookbook
Ivan Ristić
OpenSSL Cookbook
by Ivan Ristić
Version 2.1-draft (build 538), published in June 2016.
Copyright © 2016 Feisty Duck Limited. All rights reserved.
First published in May 2013. Second edition published in March 2015.
Feisty Duck Limited
www.feistyduck.com
contact@feistyduck.com
Address:
6 Acantha Court
Montpelier Road
London W5 2QP
United Kingdom
Production editor:
Jelena Girić-Ristić
Copyeditors:
Melinda Rankin, Nancy Wolfe Kotary
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or
by any means, without the prior permission in writing of the publisher.
The author and publisher have taken care in preparation of this book, but make no expressed or implied warranty of any kind and
assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection
with or arising out of the use of the information or programs contained herein.
Feisty Duck Digital
Book Distribution
www.feistyduck.com
Licensed for the exclusive use of:
luca lanari <luca_lanari@libero.it>
Table of Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Feedback
viii
About Bulletproof SSL and TLS
viii
About the Author
viii
1. OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Getting Started
2
Determine OpenSSL Version and Configuration
2
Building OpenSSL
3
Examine Available Commands
5
Building a Trust Store
6
Key and Certificate Management
8
Key Generation
8
Creating Certificate Signing Requests
12
Creating CSRs from Existing Certificates
14
Unattended CSR Generation
14
Signing Your Own Certificates
15
Creating Certificates Valid for Multiple Hostnames
15
Examining Certificates
16
Key and Certificate Conversion
19
Configuration
22
Cipher Suite Selection
22
Performance
34
Creating a Private Certification Authority
38
Features and Limitations
38
Creating a Root CA
38
Creating a Subordinate CA
45
2. Testing with OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Connecting to SSL Services
49
Testing Protocols that Upgrade to SSL
54
iii

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin