Weinstein.org > Digital World > Technical Papers and Presentations

> > >

feb 04 012

Digital World

ApacheCon US 2002: Las Vegas, November 20, 2002.

Hello World (Slide Two)

Introduction
The Basics:
- Review of Digital Certificates
- A Private Certificate Authority in Action
The Nit anf Gritty
- Creating a Private Certificate Authority
- Publishing the Private Certificate Authority
- Using Our Private Certificate Authority

Notice (Slide Three)

"Persons attempting to find a motive in this narrative will be prosecuted;persons attempting to find a moral will be banished; persons attempting to find a plot will be shot."

- Preface for The Adventures of Huck Finn By Mark Twain

The Basics (Slide Four)

Digital Certificates and Certificate Authorities

Digital Certificates (Slide Five)

SSL Protocol
- Encryption
- Authentication
Digital Certificates
- A Serial Number
- Identifying Information
  - Individual and/or Group Name
  - Location/Contact Information
- Subject's Public Key
- Name of Issuing Certificate Authority
- A "Signature" Of Issuing Certificate Authority
Type Of Digital Certificates
- Root Certificate
- Server Certificate
- CLient Certificate

Certificate Authorities (Slide Six)

Public Certificate Authority; Verisign, Thawte, GeoTrust; recognized by default by most web browsers and web servers; used when no other relation exists between two parties.
Private Certificate Authority; by default not recognized; used when a relationship already exists between two parties.

A PCA in Action (Slide Seven)

Secure valuable data in transit between employees/departments
- Intranet

A PCA in Action (Slide Eight)

Secure valuable data in transit between business/departents
- Extranet

The Nit and Gritty (Slide Nine)

Creating, Publishing and Using a Private Certificate Authority

Creating a Private Certificate Authority (Slide Ten)

A self-signed Root Certificate

Creating a Private Certificate Authority (Slide Eleven)

Configuring OpenSSL:

Creating a Private Certificate Authority (Slide Twelve)

Configuring OpenSSL:

Publishing the Private Certificate Authority (Slide Thirteen)

Setting MIME-type in Apache:

Using Our Private Certificate Authority: Server Certificate (Slide Fourteen)

Creating a Certificate Signing Request:

Using Our Private Certificate Authority: Server Certificate (Slide Fifteen)

Signing the Certificate Signing Request:

Using Our Private Certificate Authority: Server Certificate (Slide Sixteen)

Configuring Apache:

Using Our Private Certificate Authority: Client Certificate (Slide Seventeen)

Creating a Certificate Signing Request:

Using Our Private Certificate Authority: Client Certificate (Slides Eighteen)

Signing the Client Signing Request:

Using Our Private Certificate Authority: Client Certificate (Slide Nineteen)

Configuring Apache:

Using Our Private Certificate Authority: Certificate Revocation List (Slide Twenty)

Revoking an Existing Digital Certificate

Publishing the Private Certificate Authority (Slide Twenty One)

Setting MIME-type in Apache:

Review (Slide Twenty Two)

The Basics:
- Review of Digital Certificates
- A Private Certificate Authority in Action
The Nit and Gritty
- Creating a Private Certificate Authority
- Publishing the Private Certificate Authority
- Using Our Private Certificate Authority

Citation (Slide Twenty Three)

Hirsch, Frederick Introducing SSL and Certificates using SSLeay. 8 Oct 2002 <http://www.pseudonym.org/ssl/wwwj-index.html>.

Engelschall, Ralf User Manual mod_ssl Version 2.8 9 Oct. 2002 <http://www.modssl.org/docs/2.8/>

Resources (Slide Twenty Four)

This Presentation:
- <http://www.weinstein.org/work/presentations/apacheconus02/pca/> (HTML)
- <http://www.weinstein.org/work/presentations/apacheconus02/pca.pdf> (PDF)
CD-ROM
- Whitepaper
- Handout
Upcoming Publication: Mobily, Tony, Paul Weinstein, Mark Wilcox, Debashish Bhattacharjee, Sandip Bhattacharya, Brian Rickabaught. Apache Security. Birmingham: Wrox Press, 2003.

Resources (Slide Twenty Five)

Apache HTTP Server Project
- <http://httpd.apache.org>
Apache Week
- <http://www.apacheweek.com>

Resources (Slide Twenty Six)

mod_ssl Project, <http://www.modssl.org>
- Mailing Lists, List Archives:
OpenSSL Project, <http://www.openssl.org>
- Mailing Lists, List Archives:

Any Questions (Slide Twenty Eight)

The isolation of every human soul and the necessity of self-dependence must give each individual the right, to choose his own surroundings. The strongest reason for giving woman all the opportunities for higher education, for the full development of her faculties, forces of mind and body; for giving her the most enlarged freedom of thought and action; a complete emancipation from all forms of bondage, of custom, dependence, superstition; from all the crippling influences of fear, is the solitude and personal responsibility of her own individual life. The strongest reason why we ask for woman a voice in the government under which she lives; in the religion she is asked to believe; equality in social life, where she is the chief factor; a place in the trades and professions, where she may earn her bread, is because of her birthright to self-sovereignty; because, as an individual, she must rely on herself. No matter how much women prefer to lean, to be protected and supported, nor how much men desire to have them do so, they must make the voyage of life alone, and for safety in an emergency they must know something of the laws of navigation. To guide our own craft, we must be captain, pilot, engineer; with chart and compass to stand at the wheel; to match the wind and waves and know when to take in the sail, and to read the signs in the firmament over all. It matters not whether the solitary voyager is man or woman. Nature having endowed them equally, leaves them to their own skill and judgment in the hour of danger, and, if not equal to the occasion, alike they perish. To appreciate the importance of fitting every human soul for independent action, think for a moment of the immeasurable solitude of self.

From: Solitude of Self, Elizabeth Cady Stanton