OpenSSL Cookbook book cover
Free: Read Now
Release date: February 2021
Language: English (84 pages)
Formats: PDF, EPUB, Online
OpenSSL Cookbook
A short and free book that covers the most frequently used
OpenSSL features and commands, by Ivan Ristić
  • Provides OpenSSL documentation that covers installation, configuration,
    and key and certificate management
  • Includes instructions and templates for how to build a private CA
  • The second chapter focuses on TLS server configuration testing
  • Written by the author of SSL Labs and the SSL/TLS configuration assessment tool
  • Available in a variety of digital formats (PDF, EPUB); no DRM

OpenSSL Cookbook is a free ebook built around two OpenSSL chapters from Bulletproof SSL and TLS, a larger work that teaches how to deploy secure servers and web applications.



Table of Contents 
Preface      
        Feedback
        Acknowledgments
        About Bulletproof SSL and TLS
        About the Author


Chapter 1. OpenSSL Command Line

        Getting Started
                Determine OpenSSL Version and Configuration
                Building OpenSSL
                Examine Available Commands
                Building a Trust Store
                
        Key and Certificate Management
                Key Generation
                Creating Certificate Signing Requests
                Creating CSRs from Existing Certificates
                Unattended CSR Generation
                Signing Your Own Certificates
                Creating Certificates Valid for Multiple Hostnames
                Examining Certificates
                Examining Public Certificates
                Key and Certificate Conversion                
                
        Configuration
                Obtaining Supported Suites
                Understanding Security Levels
                Configuring TLS 1.3
                Configuring OpenSSL Defaults
                Recommended Suite Configuration
                Generating DH Parameters
                Legacy Suite Configuration
                Performance      
        	
        Creating a Private Certification Authority
                Features and Limitations
                Creating a Root CA
                Creating a Subordinate CA
                

Chapter 2. Testing with OpenSSL

        Custom-Compile OpenSSL for Testing
        Connecting to SSL Services
        Certificate Verification
        Testing Protocols that Upgrade to SSL
        Extracting Remote Certificates
        Testing Protocol Support
        Testing Cipher Suite Preference
        Testing Named Groups
        Testing DANE
        Testing Session Resumption
        Keeping Session State across Connections
        Checking OCSP Revocation
        Checking CRL Revocation
        Testing Renegotiation
        Testing for Heartbleed
        Determining the Strength of Diffie-Hellman Parameters

About the Author

Ivan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.

He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. His latest project, Hardenize, is a security posture analysis service that makes security fun again.