Professional Documents
Culture Documents
Jeong Chul
tland12.wordpress.com
Step 1 Secure Socket Layer Step 2 SSL Record Protocol Operation Step 3 SSL Handshake Protocol Step 4 Digital Certificates Step 5 X.509 Certificates Step 6 HTTPS
Step 7 Installation and startup Step 8 Https configuration Step 9 Packet Capture using Wireshark
SSL Record Protocol Service 1.Confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption 2. Message integrity using a MAC (Message Authentication Code) with shared secret key similar to HMAC but with different padding
2. Digital Certificates
2.1 Trusted third party digitally signs public key Certificate Authority (CA) has a public key that is known by everyone involved 2.2 The resulting digital certificate contains Server's public key and expiration date Information about the owner of the key Information about the CA and the CA's signature Information on how the certificate may be used Package installation
Step 6 HTTPS
1. HTTPS (HTTP over SSL) combination of HTTP & SSL/TLS to secure communications between browser & server documented in RFC2818 no fundamental change using either SSL or TLS 2. Use https:// URL rather than http:// and port 443 rather than 80 3. Encrypts URL, document contents, form data, cookies, HTTP headers
# rpm qa | grep httpd # rpm qa | grep mod_ssl # rpm qa | grep openssl # yum install httpd httpd-manual httpd-devel # yum install mod_ssl openssl
# openssl ca in linux-ca.csr out linux-ca.crt # cp linux-ca.key /etc/httpd/conf # cp linux-ca.crt /etc/httpd/conf/ # cp linux-ca.crt /var/www/html/certs/ // download certificate for users
7. SSL configuration
# vim /etc/httpd/conf.d/ssl.conf SSL Engine on SSL CertificateFile /etc/httpd/conf/linux-ca.crt SSL CertificatKeyFile /etc/httpd/conf/linux-ca.key
Thank you !!
See you again on Kerberos, next video tland12.wordpress.com