Joomla! & SSL

Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yir...
Myself
Co-founder of Yireo, loving both Joomla! as Magento
Developer of MageBridge, Dynamic404 (+ some more)
Author of Joo...
Joomla! & SSL
Part I - Basics of SSL
Part II - Usage in Joomla!
Part III - Advanced topics

Slides: http://slideshare.net/...
Part I
Basics of SSL

Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitt...
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
About HTTPS and SSL
HTTPS = HTTP Secure
SSL = Secure Socket Layer
Most common implementation is OpenSSL

Presentation “Joo...
SSL and encryption
Two types of encryption
Authentication of server (certificate)
Encryption of traffic (key-exchange)

Fa...
Certificate Authorities (CA)
Root CAs = Trusted by your browser
Intermediate CAs = Trusted by Root CAs (used in chain)
You...
What do you need?
SSL-certificate
CommonName (sometimes Chamber-of-Commerce check)
Is valid for 1 or multiple domainnames ...
Part II
Usage in Joomla!

Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - T...
Joomla! Global Configuration

Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com)...
What about partial SSL?
Enforce HTTPS on those pages needed
Enforce non-HTTPS (HTTP) on all other pages
Slight performance...
Yireo SSLRedirect plugin

Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - T...
SSL in your code
Using the // protocol-prefix
//domain/path/ (instead of https://domain/path/)

Simply use Joomla! calls
J...
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
Part III
Advanced Topics

Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - T...
Getting an official SSL-cert
Generate a private SSL-key + CSR
Use CSR to purchase a new SSL-certificate
Install the new SS...
Getting a self-signed SSL-cert
Generate a private SSL-key and a self-signed SSL-certificate
Install the new SSL-certificat...
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
Installing the SSL-cert
Apache
Nginx
Control panels
DirectAdmin
Plesk
CPanel

Presentation “Joomla! and SSL” - http://slid...
OpenSSL commands
Generate a private SSL-key + CSR
openssl req -out foobar.csr -pubkey -new -keyout foobar.key
Inspect a ce...
Common Apache-directives
SSLEngine on
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateFile /etc/htt...
Chain-workaround
Tip: Instead of using seperate files, you can also copy all SSLcertificates to 1 single certificate-file:...
Extended Validation (EV)
Validation of your company by CA
Registry in Chamber of Commerce
Check for financial behaviour (o...
Is SSL actually safe?
Hacking of CA-servers
DNS hijacking
Decryption-attacks (SSLstrip, BREACH)

Presentation “Joomla! and...
TLS: Multiple certs with 1 IP
TLS Extension Server Name Indication (SNI)
Apache 2.2.12 >
OpenSSL 0.9.8j

Presentation “Joo...
About SPDY and HTTP 2.0
SPDY
Developed by Google
Does not work without HTTPS (TLS)
Requires additional modules in webserve...
thanks

Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
Upcoming SlideShare
Loading in...5
×

Joomla! and SSL

1,044

Published on

JWC2013 presentation on using SSL with Joomla!, covering CAs, encryption-types, Apache commands, SPDY and our own Yireo SSL Redirection plugin.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,044
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Joomla! and SSL

  1. 1. Joomla! & SSL Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  2. 2. Myself Co-founder of Yireo, loving both Joomla! as Magento Developer of MageBridge, Dynamic404 (+ some more) Author of Joomla! 1.5 templating book (2009, Dutch only) Trainings for VMware ESX, HP-UX, Linux (<2007) Trainings for Tibetan Government in Exile (TCRC) Cycled from Holland to Spain (2012, 2500+ kms) Favorite dish Ayam Percik (chicken in coconut-curry, Malay) Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  3. 3. Joomla! & SSL Part I - Basics of SSL Part II - Usage in Joomla! Part III - Advanced topics Slides: http://slideshare.net/yireo Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  4. 4. Part I Basics of SSL Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  5. 5. Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  6. 6. About HTTPS and SSL HTTPS = HTTP Secure SSL = Secure Socket Layer Most common implementation is OpenSSL Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  7. 7. SSL and encryption Two types of encryption Authentication of server (certificate) Encryption of traffic (key-exchange) Factors Numbers of bits: 128, 256, 512, 1024, 2048 Ciphers: Diffie-Helman (cert), HMAC (TLS), SHA / MD5 (SSL) Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  8. 8. Certificate Authorities (CA) Root CAs = Trusted by your browser Intermediate CAs = Trusted by Root CAs (used in chain) Your certificate = Trusted by the commercial CAs Self-signed certificate = Trusted by no one by you Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  9. 9. What do you need? SSL-certificate CommonName (sometimes Chamber-of-Commerce check) Is valid for 1 or multiple domainnames (wildcard) Expires after a certain date Vendors: GeoTrust, GlobalSign, Comodo, Thawte, TrustWave Dedicated IP-address Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  10. 10. Part II Usage in Joomla! Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  11. 11. Joomla! Global Configuration Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  12. 12. What about partial SSL? Enforce HTTPS on those pages needed Enforce non-HTTPS (HTTP) on all other pages Slight performance gain Secure pages Shop (VirtueMart, MageBridge, HikaShop, Tienda) Contact-form Forum-pages Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  13. 13. Yireo SSLRedirect plugin Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  14. 14. SSL in your code Using the // protocol-prefix //domain/path/ (instead of https://domain/path/) Simply use Joomla! calls JHTML::stylesheet() / JHTML::script() $document = JFactory::getDocument() JRoute::_() Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  15. 15. Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  16. 16. Part III Advanced Topics Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  17. 17. Getting an official SSL-cert Generate a private SSL-key + CSR Use CSR to purchase a new SSL-certificate Install the new SSL-certificate in your webserver SSL-key SSL-certificate SSL Root CA certificate SSL chain-certificate (optional) for intermediate CAs Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  18. 18. Getting a self-signed SSL-cert Generate a private SSL-key and a self-signed SSL-certificate Install the new SSL-certificate in your webserver SSL-key SSL-certificate Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  19. 19. Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  20. 20. Installing the SSL-cert Apache Nginx Control panels DirectAdmin Plesk CPanel Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  21. 21. OpenSSL commands Generate a private SSL-key + CSR openssl req -out foobar.csr -pubkey -new -keyout foobar.key Inspect a certificate openssl x509 -inform pem -in foobar.crt -noout -text Creating a self-signed certificate openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout foobar.key -out foobar.crt Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  22. 22. Common Apache-directives SSLEngine on SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-rootca.crt Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  23. 23. Chain-workaround Tip: Instead of using seperate files, you can also copy all SSLcertificates to 1 single certificate-file: Personal SSL-certificate Intermediate SSL-certificate 1 Intermediate SSL-certificate 2 Intermediate SSL-certificate 3 Root SSL-certificate Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  24. 24. Extended Validation (EV) Validation of your company by CA Registry in Chamber of Commerce Check for financial behaviour (outstanding payments) Check for legal problems Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  25. 25. Is SSL actually safe? Hacking of CA-servers DNS hijacking Decryption-attacks (SSLstrip, BREACH) Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  26. 26. TLS: Multiple certs with 1 IP TLS Extension Server Name Indication (SNI) Apache 2.2.12 > OpenSSL 0.9.8j Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  27. 27. About SPDY and HTTP 2.0 SPDY Developed by Google Does not work without HTTPS (TLS) Requires additional modules in webserver (Apache, Nginx) HTTP 2.0 Using SPDY as starting point Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  28. 28. thanks Presentation “Joomla! and SSL” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×