The definitive guide to using the OpenSSL command line for configuration and testing, by Ivan Ristić
For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI. Written by Ivan Ristić, a security researcher and author of SSL Labs, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. This book has been read by more than 100,000 registered users.
For all its warts, OpenSSL is one of the most successful and most important open source projects. It’s successful because it’s so widely used; it’s important because the security of large parts of the Internet infrastructure relies on it. The project consists of a high-performance implementation of key cryptographic algorithms, a complete TLS and PKI stack, and a command-line toolkit. I think it’s safe to say that if your job has something to do with security, web development, or system administration, you can’t avoid having to deal with OpenSSL on at least some level. The majority of the Internet is powered by open source products, and most of them rely on OpenSSL.
This book focuses on the command-line aspects of OpenSSL. Chapter 1, OpenSSL Command Line, will help users who need to perform routine tasks of key and certificate generation, and configure programs that rely on OpenSSL for TLS functionality. This chapter also discusses how to create a complete private CA, which is useful for development and similar internal environments. Chapter 2, Testing TLS with OpenSSL, focuses on server security testing using OpenSSL. Although sometimes time consuming, this type of low-level testing can’t be avoided when you wish to know exactly what’s going on.
Both chapters are borrowed from my larger work, called Bulletproof TLS and PKI. In fact, I started to write that book by first writing the OpenSSL chapters, releasing them as OpenSSL Cookbook in 2013. I wanted to do this because there is a serious lack of good and up to date documentation. As is often true complex and long-lived projects, the OpenSSL documentation you can find across the Internet is often wrong and outdated.
Ivan Ristić writes computer security books and builds security products. His book Bulletproof TLS and PKI, the result of more than a decade of research and study, is widely recognised as the de facto SSL/TLS and PKI reference manual. His work on SSL Labs made millions of web sites more secure. Before that, he created ModSecurity, a leading open-source web application firewall.
More recently, Ivan founded Hardenize—now part of Red Sift—as a platform for continuous discovery and monitoring of network infrastructure. He now works as Chief Scientist at Red Sift.