OpenSSL Cookbook book cover
Free: Read Now
Release date: February 2021
Language: English (84 pages)
Formats: PDF, EPUB, Online
OpenSSL Cookbook
A short and free book that covers the most frequently used
OpenSSL features and commands, by Ivan Ristić
  • Provides OpenSSL documentation that covers installation, configuration,
    and key and certificate management
  • Includes instructions and templates for how to build a private CA
  • The second chapter focuses on TLS server configuration testing
  • Written by the author of SSL Labs and the SSL/TLS configuration assessment tool
  • Available in a variety of digital formats (PDF, EPUB); no DRM

OpenSSL Cookbook is a free ebook built around two OpenSSL chapters from Bulletproof SSL and TLS, a larger work that teaches how to deploy secure servers and web applications.



Table of Contents
Preface      
        Feedback
        Acknowledgments
        About Bulletproof SSL and TLS
        About the Author

Chapter 1. OpenSSL Command Line
Getting Started Determine OpenSSL Version and Configuration Building OpenSSL Examine Available Commands Building a Trust Store Key and Certificate Management Key Generation Creating Certificate Signing Requests Creating CSRs from Existing Certificates Unattended CSR Generation Signing Your Own Certificates Creating Certificates Valid for Multiple Hostnames Examining Certificates Examining Public Certificates Key and Certificate Conversion Configuration Obtaining Supported Suites Understanding Security Levels Configuring TLS 1.3 Configuring OpenSSL Defaults Recommended Suite Configuration Generating DH Parameters Legacy Suite Configuration Performance Creating a Private Certification Authority Features and Limitations Creating a Root CA Creating a Subordinate CA
Chapter 2. Testing with OpenSSL
Custom-Compile OpenSSL for Testing Connecting to SSL Services Certificate Verification Testing Protocols that Upgrade to SSL Extracting Remote Certificates Testing Protocol Support Testing Cipher Suite Preference Testing Named Groups Testing DANE Testing Session Resumption Keeping Session State across Connections Checking OCSP Revocation Checking CRL Revocation Testing Renegotiation Testing for Heartbleed Determining the Strength of Diffie-Hellman Parameters

About the Author

Ivan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.

He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. His latest project, Hardenize, is a security posture analysis service that makes security fun again.