OpenSSL Cookbook
Third edition (build 781). Published in May 2022.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of the publisher.
The author and publisher have taken care in preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
First edition published in May 2013.
Feisty Duck Limited
www.feistyduck.com
contact@feistyduck.com
Technical reviewer: Matt Caswell
Production editor: Jelena Girić-Ristić
Copyeditors: Melinda Rankin, Nancy Wolfe Kotary
- Preface
- Chapter 1. OpenSSL Command Line
- 1.1 Getting Started
- 1.2 Key and Certificate Management
- 1.2.1 Key Generation
- 1.2.2 Creating Certificate Signing Requests
- 1.2.3 Creating CSRs from Existing Certificates
- 1.2.4 Unattended CSR Generation
- 1.2.5 Signing Your Own Certificates
- 1.2.6 Creating Certificates Valid for Multiple Hostnames
- 1.2.7 Examining Certificates
- 1.2.8 Examining Public Certificates
- 1.2.9 Key and Certificate Conversion
- 1.3 Configuration
- 1.4 Performance
- 1.5 Creating a Private Certification Authority
- Chapter 2. Testing TLS with OpenSSL
- 2.1 Custom-Compile OpenSSL for Testing
- 2.2 Connecting to TLS Services
- 2.3 Certificate Verification
- 2.4 Testing Protocols That Upgrade to TLS
- 2.5 Extracting Remote Certificates
- 2.6 Testing Protocol Support
- 2.7 Testing Cipher Suite Configuration
- 2.8 Testing Cipher Suite Preference
- 2.9 Testing Named Groups
- 2.10 Testing DANE
- 2.11 Testing Session Resumption
- 2.12 Keeping Session State across Connections
- 2.13 Checking OCSP Revocation
- 2.14 Testing OCSP Stapling
- 2.15 Checking CRL Revocation
- 2.16 Testing Renegotiation
- 2.17 Testing for Heartbleed
- 2.18 Determining the Strength of Diffie-Hellman Parameters