| |
| |
ApacheCon US 2002: Las Vegas, November 20, 2002.
Hello World (Slide Two)
- Introduction
- The Basics:
- Review of Digital Certificates
- A Private Certificate Authority in Action
- The Nit anf Gritty
- Creating a Private Certificate Authority
- Publishing the Private Certificate Authority
- Using Our Private Certificate Authority
Notice (Slide Three)
"Persons attempting to find a motive in this narrative will be prosecuted;persons attempting to find a moral will be banished; persons attempting to find a plot will be shot."
- Preface for The Adventures of Huck Finn By Mark Twain
The Basics (Slide Four)
Digital Certificates and Certificate Authorities
Digital Certificates (Slide Five)
- SSL Protocol
- Encryption
- Authentication
- Digital Certificates
- A Serial Number
- Identifying Information
- Individual and/or Group Name
- Location/Contact Information
- Subject's Public Key
- Name of Issuing Certificate Authority
- A "Signature" Of Issuing Certificate Authority
- Type Of Digital Certificates
- Root Certificate
- Server Certificate
- CLient Certificate
Certificate Authorities (Slide Six)
- Public Certificate Authority; Verisign, Thawte, GeoTrust; recognized by default by most web browsers and web servers; used when no other relation exists between two parties.
- Private Certificate Authority; by default not recognized; used when a relationship already exists between two parties.
A PCA in Action (Slide Seven)
- Secure valuable data in transit between employees/departments
A PCA in Action (Slide Eight)
- Secure valuable data in transit between business/departents
The Nit and Gritty (Slide Nine)
Creating, Publishing and Using a Private Certificate Authority
Creating a Private Certificate Authority (Slide Ten)
- A self-signed Root Certificate
Creating a Private Certificate Authority (Slide Eleven)
Creating a Private Certificate Authority (Slide Twelve)
Publishing the Private Certificate Authority (Slide Thirteen)
- Setting MIME-type in Apache:
Using Our Private Certificate Authority: Server Certificate (Slide Fourteen)
- Creating a Certificate Signing Request:
Using Our Private Certificate Authority: Server Certificate (Slide Fifteen)
- Signing the Certificate Signing Request:
Using Our Private Certificate Authority: Server Certificate (Slide Sixteen)
Using Our Private Certificate Authority: Client Certificate (Slide Seventeen)
- Creating a Certificate Signing Request:
Using Our Private Certificate Authority: Client Certificate (Slides Eighteen)
- Signing the Client Signing Request:
Using Our Private Certificate Authority: Client Certificate (Slide Nineteen)
Using Our Private Certificate Authority: Certificate Revocation List (Slide Twenty)
- Revoking an Existing Digital Certificate
Publishing the Private Certificate Authority (Slide Twenty One)
- Setting MIME-type in Apache:
Review (Slide Twenty Two)
- The Basics:
- Review of Digital Certificates
- A Private Certificate Authority in Action
- The Nit and Gritty
- Creating a Private Certificate Authority
- Publishing the Private Certificate Authority
- Using Our Private Certificate Authority
Citation (Slide Twenty Three)
Hirsch, Frederick Introducing SSL and Certificates using SSLeay. 8 Oct 2002 <http://www.pseudonym.org/ssl/wwwj-index.html>.
Engelschall, Ralf User Manual mod_ssl Version 2.8 9 Oct. 2002 <http://www.modssl.org/docs/2.8/>
Resources (Slide Twenty Four)
- This Presentation:
- CD-ROM
- Upcoming Publication:
Mobily, Tony, Paul Weinstein, Mark Wilcox, Debashish Bhattacharjee, Sandip Bhattacharya, Brian Rickabaught. Apache Security. Birmingham: Wrox Press, 2003.
Resources (Slide Twenty Five)
- Apache HTTP Server Project
- Apache Week
Resources (Slide Twenty Six)
Any Questions (Slide Twenty Eight)
|
|
|
| |
Today you hear much talk of absolutes ... that one is good and one is evil, and good and evil cannot exist in the world... Good and evil have existed in this world since [creation].
The proper search is for limited ends which soon enough educate us in the complexities of the tasks which face us. That is what all of us must learn to do in the United States; to limit objectives, to get ourselves away from the search for the absolute, to find out what is within our powers.... We must respect our opponents. We must understand that for a long, long period of time they will continue to believe as they do, and that for a long, long period of time we will both inhabit this spinning ball in the great void of the universe.
-Dean Acheson
|
|
|