Release date: February 2021
Language: English (84 pages)
Formats: PDF, EPUB, Online
A short and free book that covers the most frequently used OpenSSL features and commands, by Ivan Ristić
- Provides OpenSSL documentation that covers installation, configuration,
and key and certificate management
- Includes instructions and templates for how to build a private CA
- The second chapter focuses on TLS server configuration testing
- Written by the author of SSL Labs and
the SSL/TLS configuration assessment tool
- Available in a variety of digital formats (PDF, EPUB); no DRM
OpenSSL Cookbook
is a free ebook built around two OpenSSL chapters from Bulletproof SSL and TLS,
a larger work that teaches how to deploy secure servers and web applications.
Preface
Feedback
Acknowledgments
About Bulletproof SSL and TLS
About the Author
Chapter 1. OpenSSL Command Line
Getting Started
Determine OpenSSL Version and Configuration
Building OpenSSL
Examine Available Commands
Building a Trust Store
Key and Certificate Management
Key Generation
Creating Certificate Signing Requests
Creating CSRs from Existing Certificates
Unattended CSR Generation
Signing Your Own Certificates
Creating Certificates Valid for Multiple Hostnames
Examining Certificates
Examining Public Certificates
Key and Certificate Conversion
Configuration
Obtaining Supported Suites
Understanding Security Levels
Configuring TLS 1.3
Configuring OpenSSL Defaults
Recommended Suite Configuration
Generating DH Parameters
Legacy Suite Configuration
Performance
Creating a Private Certification Authority
Features and Limitations
Creating a Root CA
Creating a Subordinate CA
Chapter 2. Testing with OpenSSL
Custom-Compile OpenSSL for Testing
Connecting to SSL Services
Certificate Verification
Testing Protocols that Upgrade to SSL
Extracting Remote Certificates
Testing Protocol Support
Testing Cipher Suite Preference
Testing Named Groups
Testing DANE
Testing Session Resumption
Keeping Session State across Connections
Checking OCSP Revocation
Checking CRL Revocation
Testing Renegotiation
Testing for Heartbleed
Determining the Strength of Diffie-Hellman Parameters
About the Author
|
Ivan Ristić is a security researcher, engineer, and author, known especially for his
contributions to the web application firewall field and development of ModSecurity, an open source web application firewall,
and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.
He is the author of two books, Apache Security and
ModSecurity Handbook, which he publishes via Feisty Duck, his own platform
for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking
at security conferences such as Black Hat, RSA, OWASP AppSec, and others. His latest project, Hardenize, is a security posture analysis service that makes security fun again.
|
Ivan's SSL Work
Below are links to some of Ivan's SSL work:
Qualys SSL Test
Detailed SSL configuration test of any public SSL server. Click here to test yours.
|
|