This document provides an overview of SSL/TLS (Secure Sockets Layer/Transport Layer Security) and how it works to secure data transmission over the internet. It discusses why SSL is important for encrypting data and verifying identities. It then explains the basic process of how SSL works, including how a client encrypts requests using a server's public key and how the server decrypts with its private key. The document outlines the requirements to implement SSL, including generating a key and obtaining a certificate. It differentiates between self-signed and authorized certificates. Finally, it provides steps to create a certificate using OpenSSL and configure the Apache web server to use SSL.
4. Contents
Introduction
SSL/TLS
Why SSL?
How does SSL works?
Requirements
Self signed certificate
Authorized certificate
How to create certificate
Terms to know about
Practice
5. Introduction
What Business Opportunities does internet provides?
• Online Commerce .
• Online Shopping .
• Online Resource Sharing.
• Email and Messaging.
• Data Transfer.
Benefits.
• Cost effectiveness of online operations and delivery
• Open global markets - gain customers from all over the world.
• New and exciting ways of marketing directly to your customers
• Offer new data products and services via the Web
6. Cont ...
Improvement needs concentration and security
What is important to be secure?
• Important and Secret Data Transfer
• Username and Passwords.
• Bank Account Numbers .
• Credit Cards.
Unsecure Data Threats and challenges
• Hack
• Data stealing
• ID misuse
7. SSL / TLS
SSL ( Secure Socket Layer )
TLS ( Transport layer Security )
It is a protocol used along with http in order to provide
• Identity assurance
• Encryption
When we implement the SSL protocol
along with http it turns into https , which
Indicates the Secure Socket layer
Protocol
8. Why SSL ?
1.Encryption:
• Process of hiding what is sent from one computer to another.
• Encrypting and securing the data that we want to send to a host.
2.Identity assurance
• Making sure that the computer we are speaking to is the one we trust.
• Assurance for validation of the remote server by issuing a certificate.
9. Identity Assurance
Request: www.gmail.com
Responding https://gmail.com
• The server authenticates us and gives us assurance that the server we
are trying to connect with is a real server.
10. Plain Text Data transfer with No Secure Socket Layer
Hello
H
e
l
l
o
Hello
12. How does SSL Work?
Client Request for page
Server responds with a Public key for encryption
Request http:// www.gmail.com
Response https:// www.gmail.com
Request GET index.html
Client Encrypts Request using Server Public Key
Server Decrypts Request using Private Key
13. What do we need?
• We need a Key
• Crete a Certificate using that key
We have two types of certificate
Self signed Certificate.
Authorized certificate.
14. Self Signed Certificate
A self signed certificate is a certificate that is signed by the person creating
it rather than a trusted authority .
It has major Disadvantage:
A visitor's connection could be hijacked allowing an attacker view all the
data sent and the certificate cannot be revoked like a trusted certificate can.
We're going to explain when a self signed certificate should and shouldn't
be used .
We can generate a self signed certificate for common platforms like
Microsoft IIS, Apache, and Java Keytool or openssl .
15. Self signed Certificate Usage
In a local Network.
When clients only have to go through a local Intranet to get to the server,
there is virtually no chance of a man-in-the-middle attack.
A Development Server.
There is no need to spend extra cash buying a trusted certificate when
you are just developing or testing an application.
Personal sites with few visitors.
If you have a small personal site that transfers non-critical information,
there is very little incentive for someone to attack the connections.
16. Authorized Certificate
The certificate which is signed by an authorized vendor.
SSL Certificate will contain
• your domain name.
• your company name
• your address
• your city
• your state and your country.
It will also contain the expiration date of the Certificate and
details of the Certification Authority responsible for the issuance
of the Certificate.
17. How to create Certificate?
We can create our Certificate using Utilities that we have here.
OPENSSL
It’s a utility used to create a SSL Certificate.
It comes with apache binary package .
TOOLKIT
This is also a utility used to create SSL Certificate
It comes with java package inside the /bin Directory
18. Terms to know about
RSA Algorithm
The RSA algorithm is named after Ron Rivest, Adi Shamir and Len
Adleman, who invented it in 1977. The basic technique was first
discovered in 1973 by Clifford Cocks (part of the British GCHQ) but this
was a secret until 1997.
The RSA cryptosystem is the most widely-used public key cryptography
algorithm in the world.
The RSA algorithm can be used for both public key encryption and digital
signatures. Its security is based on the difficulty of factoring large
integers.
19. Terms to know about
Des3 Algorithm
The Data Encryption Standard (DES) was developed by an IBM team
around 1974 and adopted as a national standard in 1977. Triple DES is
a minor variation of this standard. It is three times slower than regular
DES but can be billions of times more secure if used properly. Triple
DES enjoys much wider use than DES because DES is so easy to
break with today's rapidly advancing technology.
20. Terms to know about
The OSI X.509 standard2.
X.509 uses a centralized hierarchy with at most a few trusted entities
at its core.
These trusted entities issue files which are used to distribute public
keys and certify that the bearer of the file is who or what he or she
claims to be.
23. Apache Installation
You can install the setup file of apache server or the Binary
File as we are using it in here.
Copy the Binary File in to a drive (C:) .
Follow the path using the command line “C:apache2bin”
Use this command to install apache “httpd –k install”
Type localhost in your browser to see if your apache server works.
24. Openssl environment
To use the openssl utility in order to create certificate , we can copy the path
and past it to the windows environment to use it in any where with out every
time typing the path to its location .
The Openssl utility exists in your “c:apache2bin” directory.
Copy the above path and go to the windows environment shown below
My Computer Properties > Advanced System Settings > Environment
Variable
In the Environment Variable choose new path ,give it the name path in
variable path and past the path in to the variable value .
26. Running Openssl Utility
Now that you introduce the Openssl Utility to the windows environment you
Can run it using your CMD in any where you want to make your certificate .
27. Creating certificate
Use the following commands to create your certificate using openssl and
provide information during certificate creation as it asks for it.
To create Certificate Signing Request:
genrsa -des3 -out server.key 1024
To Create Unencrypted Key:
rsa -in server.key -out server.pem
It gives an error when typing this code . We have to read the error and solve it
It says to copy the openssl.conf file to a directory in your (C:) . Follow the exact
name for the directory as it says in the error.
To Generate Unsigned Certificate:
req -new -key server.key -out server.csr
To create or sign a 30 day certificate:
x509 -req -days 30 -in server.csr -signkey server.key -out server.crt
28. This is the process of
how to create a key
and a certificate.
During creation it asks
for “Passphrase”
And info about the
Web site we are
creating this certificate
for.
Provide your FQDN if
your going to create it
for your website , but
here we are working
locally so we provide
localhost for our FQDN
You can ignore the
optional [] options as
we did some by just
hitting ENTER
29. Changing Apache Configuration Files
We have to bring changes in the following configuration files of apache server.
To enable the below modules in httpd.conf file see “C:apacheconf” and enable.
#Loadmodule ssl_module modules/mod_ssl.so
#LoadModule socache_shmcb_module
#modules/mod_socache_shmcb.so
#Include conf/extra/httpd-default.conf
#Include conf/extra/httpd-ssl.con
Specify the certificate and key path in the httpd-ssl in C:apache2confextrsas
SSLCertificateFile "c:/Apache24/conf/localhost.crt"
SSLCertificateKeyFile "c:/Apache24/conf/localhost.pem“
RESTART YOUR APACHE SERVER TO TO GET YOUR CONFIGURATION DONE !
30. Now you are ready to use the https protocol or Secure Socket Layer