| |
| |
ApacheCon EU 2006: Dublin, June 28, 2006.
Hello World (Slide Two)
- Introduction
- The Basics:
- Review of SSL Protocol
- Review of Digital Certificates
- A Private Certificate Authority in Action
- The Nit anf Gritty
- Creating a Private Certificate Authority
- Publishing the Private Certificate Authority
- Using Our Private Certificate Authority
Notice (Slide Three)
"Persons attempting to find a motive in this narrative will be prosecuted;persons attempting to find a moral will be banished; persons attempting to find a plot will be shot."
- Preface for The Adventures of Huck Finn By Mark Twain
The Basics (Slide Four)
SSL, Digital Certificates and Certificate Authorities
Key Players (Slide Five)
- SSL Protocol
- Encryption
- Authentication
- Digital Certificates
- Identifying Information of Party
- Name Of Issuing Certificate Authority
- A "Signature" Of Issuing Certificate Authority
- Type Of Digital Certificates
- Root Certificate
- Server Certificate
- Client Certificate
SSL/TLS Protocol (Slide Six)
- A web client requests a secure transaction.
- If a new SSL session is being established the web server sends back a list of agreeable ciphers.
- The server also sends along a digital certificate.
SSL/TLS Protocol (Slide Seven)
- The client authenticates the server.
- The client generates a symmetric key using an agreeable cipher and key size and then encodes the symmetric key.
- If the server has requested a digital certificate to authenticate the client, the client sends it along with the encoded symmetric key.
SSL/TLS Protocol (Slide Eight)
- Both the client and the server use the symmetric key to generate another symmetric key, know as the session key.
- The client sends a message to the server stating that all future messages from the client will be encrypted with the session key.
- The server sends a message to the client stating that all future messages from the server will be encrypted with the session key
Digital Certificate (Slide Nine)
- Digital Certificates
- A Serial Number
- Identifying Information
- Individual and/or Group Name
- Location/Contact Information
- Subject's Public Key
- Name Of Issuing Certificate Authority
- A "Signature" Of Issuing Certificate Authority
- Type Of Digital Certificates
- Root Certificate
- Server Certificate
- Client Certificate
Certificate Authorities (Slide Ten)
- Public Certificate Authority; Verisign, Thawte, GeoTrust; recognized by default by most web browsers and web servers; used when no other relation exists between two parties.
- Private Certificate Authority; by default not recognized; used when a relationship already exists between two parties.
A PCA in Action (Slide Eleven)
- Secure valuable data in transit between employees/departments
A PCA in Action (Slide Twelve)
- Secure valuable data in transit between business/departents
The Nit and Gritty (Slide Thirteen)
Creating, Publishing and Using a Private Certificate Authority
Creating a Private Certificate Authority (Slide Fourteen)
- A self-signed Root Certificate
Creating a Private Certificate Authority (Slide Fifteen)
Creating a Private Certificate Authority (Slide Sixteen)
Publishing the Private Certificate Authority (Slide Seventeen)
- Setting MIME-type in Apache:
Using Our Private Certificate Authority: Server Certificate (Slide Eighteen)
- Creating a Certificate Signing Request:
Using Our Private Certificate Authority: Server Certificate (Slide Nineteen)
- Signing the Certificate Signing Request:
Using Our Private Certificate Authority: Server Certificate (Slide Twenty)
Using Our Private Certificate Authority: Client Certificate (Slide Twenty One)
- Creating a Certificate Signing Request:
Using Our Private Certificate Authority: Client Certificate (Slides Twenty Two)
- Signing the Client Signing Request:
Using Our Private Certificate Authority: Client Certificate (Slide Twenty Three)
Using Our Private Certificate Authority: Certificate Revocation List (Slide Twenty Four)
- Revoking an Existing Digital Certificate
Publishing the Private Certificate Authority (Slide Twenty Five)
- Setting MIME-type in Apache:
Using Our Private Certificate Authority:Certificate Revovation List (Slide Twenty Six)
Review (Slide Twenty Seven)
- The Basics:
- Review of Digital Certificates
- A Private Certificate Authority in Action
- The Nit and Gritty
- Creating a Private Certificate Authority
- Publishing the Private Certificate Authority
- Using Our Private Certificate Authority
Citation (Slide Twenty Eight)
Hirsch, Frederick Introducing SSL and Certificates using SSLeay. 8 Oct 2002 <http://www.pseudonym.org/ssl/wwwj-index.html>.
Mobily, Tony, et al. Professional Apache Security. Birmingham: Wrox Press, 2003.
Weinstein, Paul, et al. Professional Linux Security. Indianapolis: Wrox,, 2006.
Resources (Slide Twenty Nine)
This Presentation:
Resources (Slide Thirty)
- Apache HTTP Server Project
- Apache Week
Resources (Slide Thirty One)
Any Questions (Slide Thirty Two)
|
|
|
| |
Today you hear much talk of absolutes ... that one is good and one is evil, and good and evil cannot exist in the world... Good and evil have existed in this world since [creation].
The proper search is for limited ends which soon enough educate us in the complexities of the tasks which face us. That is what all of us must learn to do in the United States; to limit objectives, to get ourselves away from the search for the absolute, to find out what is within our powers.... We must respect our opponents. We must understand that for a long, long period of time they will continue to believe as they do, and that for a long, long period of time we will both inhabit this spinning ball in the great void of the universe.
-Dean Acheson
|
|
|