SSL Certificate and Code Signing
- 1. SSL Certificate and Code Signing 2015/05/03 Qlync Inc. YAO, LI-WEI Ver1.1
- 5. Why SSL Certificate and Code Signing? To Encrypt Sensitive Information To Gain Your Customer’s Trust https://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html
- 8. Secure Socket Layer (SSL) Protocol http://beefchunk.com/documentation/bin/apache/ apache2_with_ssl_tls/part1.htm
- 9. HTTPS = HTTP + SSL/TLS http://hackerxu.com/2014/11/18/HTTPS.html
- 13. https://www.youtube.com/watch?v=E5FEqGYLL0o Video: Asymmetric Key Cryptography
- 14. Asymmetric Encryption for Random Key Exchange Symmetric Encryption by Random Key for Data
- 17. PKI
- 18. PKI = Public Key Infrastructure http://software-engineer-tips-and-tricks.blogspot.tw/2012/09/what-is-pki.html
- 19. CA/ VA/ RA
- 20. Certificate and CA A certificate is a document that contains both an identity and a public key, binding them together by a digital signature. This digital signature is created by an organization called a Certification Authority (CA). This organization guarantees that upon creating the digital signature it has checked the identity of the public key owner (e.g. by verifying a passport) and that is has checked that this public key owner is in possession of the corresponding private key. Anybody in possession of the CA's public key can verify the CA's signature on the certificate. In this way the CA guarantees that the public key in the certificate belongs to the individual whose identity is in the same certificate. http://www.win.tue.nl/hashclash/rogue-ca/
- 21. CA Certificate Structure (X.509) https://technet.microsoft.com/en-us/library/cc737264(v=ws.10).aspx
- 24. Example
- 28. CA List in Firefox
- 29. Q Web Browser - Firefox How do I trust a self-signed issuer certificate?
- 30. Lifecycle of an SSL Certificate If you need to secure your web site, it is quick and easy to request an SSL certificate and install it. 1 Generate a Certificate Signing Request (CSR) for the web server you plan to secure. If you do not manage your own web server, contact your web host or Internet service provider to request a CSR. 2 Select an SSL Certificate and click buy. 3 Pick up your certificate in to your Thawte® Certificate Center Account. 4 Follow installation instructions for your Web server. 5 Download the Thawte® Trusted Site Seal to display on pages within your secured domain. At the end of the SSL certificate’s validity period (1-5 years, depending on the certificate type and your selection), you have the option to renew your SSL certificate. You may need to provide additional information for authentication or generate a new CSR. https://www.thawte.com/resources/getting-started/how-ssl-works/index.html
- 33. SSL Certificate Guide • What is CSR • https://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html • Generate CSR for Apache SSL • https://search.thawte.com/support/ssl-digital-certificates/index? page=content&actp=CROSSLINK&id=SO2614 • How to Install SSL Certificates to Apache • https://www.thawte.com/resources/video/install-ssl-certificates- apache.html
- 34. Video: Install SSL Certificate on Apache https://www.youtube.com/watch?v=yYxhPgMJCbo
- 35. Why SSL Certificate and Code Signing? To Encrypt Sensitive Information To Gain Your Customer’s Trust https://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html
- 36. To Gain Your Customer’s Trust
- 37. Code Signing
- 38. Code Signing Certificate Code signing certificates are digital certificates that will help protect users from downloading compromised files or applications. When a file or application signed by a developer is modified or compromised after publication, a popup browser warning will appear to let users know that the origin of the file or application cannot be verified. http://www.symantec.com/code-signing/
- 41. Code Signing Products http://www.symantec.com/zh/tw/products-solutions/ families/?fid=code-signing
- 42. Code Signing Products http://www.symantec.com/zh/tw/products-solutions/ families/?fid=code-signing
- 46. More…
- 47. The First Few Milliseconds of an HTTPS Connection • http://www.moserware.com/2009/06/first-few- milliseconds-of-https.html?m=1
- 48. Android: Security with HTTPS and SSL • https://developer.android.com/training/articles/ security-ssl.html
- 49. iOS: Maintaining Your Signing Identities and Certificates • https://developer.apple.com/library/ios/ documentation/IDEs/Conceptual/ AppDistributionGuide/MaintainingCertificates/ MaintainingCertificates.html#//apple_ref/doc/uid/ TP40012582-CH31-SW1
- 50. Java Code Signing Guide • https://www.digicert.com/code-signing/java- code-signing-guide.htm
- 52. What are the different types of SSL Certificate? • https://www.globalsign.com/en/ssl-information- center/types-of-ssl-certificate/ • https://www.thawte.com/ssl/index.html