Contents Introduction SSL/TLS Why SSL? How does SSL works? Requirements Self signed certificate Authorized certificate How to create certificate Terms to know about Practice
IntroductionWhat Business Opportunities does internet provides?• Online Commerce .• Online Shopping .• Online Resource Sharing.• Email and Messaging.• Data Transfer.Benefits.• Cost effectiveness of online operations and delivery• Open global markets - gain customers from all over the world.• New and exciting ways of marketing directly to your customers• Offer new data products and services via the Web
Cont ...Improvement needs concentration and securityWhat is important to be secure?• Important and Secret Data Transfer• Username and Passwords.• Bank Account Numbers .• Credit Cards.Unsecure Data Threats and challenges• Hack• Data stealing• ID misuse
SSL / TLSSSL ( Secure Socket Layer )TLS ( Transport layer Security )It is a protocol used along with http in order to provide• Identity assurance• EncryptionWhen we implement the SSL protocolalong with http it turns into https , whichIndicates the Secure Socket layerProtocol
Why SSL ?1.Encryption:• Process of hiding what is sent from one computer to another.• Encrypting and securing the data that we want to send to a host.2.Identity assurance• Making sure that the computer we are speaking to is the one we trust.• Assurance for validation of the remote server by issuing a certificate.
Identity Assurance Request: www.gmail.com Responding https://gmail.com• The server authenticates us and gives us assurance that the server we are trying to connect with is a real server.
Plain Text Data transfer with No Secure Socket Layer Hello H e l l o Hello
Encrypted Data transfer With Secure Socket Layer @$%^$&#!? @ $ % # &
How does SSL Work? Client Request for page Server responds with a Public key for encryption Request http:// www.gmail.com Response https:// www.gmail.com Request GET index.html Client Encrypts Request using Server Public Key Server Decrypts Request using Private Key
What do we need?• We need a Key• Crete a Certificate using that keyWe have two types of certificate Self signed Certificate. Authorized certificate.
Self Signed CertificateA self signed certificate is a certificate that is signed by the person creatingit rather than a trusted authority .It has major Disadvantage:A visitors connection could be hijacked allowing an attacker view all thedata sent and the certificate cannot be revoked like a trusted certificate can.Were going to explain when a self signed certificate should and shouldntbe used .We can generate a self signed certificate for common platforms likeMicrosoft IIS, Apache, and Java Keytool or openssl .
Self signed Certificate UsageIn a local Network.When clients only have to go through a local Intranet to get to the server,there is virtually no chance of a man-in-the-middle attack.A Development Server.There is no need to spend extra cash buying a trusted certificate whenyou are just developing or testing an application.Personal sites with few visitors.If you have a small personal site that transfers non-critical information,there is very little incentive for someone to attack the connections.
Authorized CertificateThe certificate which is signed by an authorized vendor.SSL Certificate will contain• your domain name.• your company name• your address• your city• your state and your country.It will also contain the expiration date of the Certificate anddetails of the Certification Authority responsible for the issuanceof the Certificate.
How to create Certificate? We can create our Certificate using Utilities that we have here. OPENSSL It’s a utility used to create a SSL Certificate. It comes with apache binary package . TOOLKIT This is also a utility used to create SSL Certificate It comes with java package inside the /bin Directory
Terms to know aboutRSA AlgorithmThe RSA algorithm is named after Ron Rivest, Adi Shamir and LenAdleman, who invented it in 1977. The basic technique was firstdiscovered in 1973 by Clifford Cocks (part of the British GCHQ) but thiswas a secret until 1997.The RSA cryptosystem is the most widely-used public key cryptographyalgorithm in the world.The RSA algorithm can be used for both public key encryption and digitalsignatures. Its security is based on the difficulty of factoring largeintegers.
Terms to know aboutDes3 AlgorithmThe Data Encryption Standard (DES) was developed by an IBM teamaround 1974 and adopted as a national standard in 1977. Triple DES isa minor variation of this standard. It is three times slower than regularDES but can be billions of times more secure if used properly. TripleDES enjoys much wider use than DES because DES is so easy tobreak with todays rapidly advancing technology.
Terms to know aboutThe OSI X.509 standard2.X.509 uses a centralized hierarchy with at most a few trusted entitiesat its core.These trusted entities issue files which are used to distribute publickeys and certify that the bearer of the file is who or what he or sheclaims to be.
Lets see code in a glanceCertificate Signing Request:genrsa -des3 -out server.key 1024Create Unencrypted Key:rsa -in server.key -out server.pemGenerate Unsigned Certificate:req -new -key server.key -out server.csr30 day certificate:x509 -req -days 30 -in server.csr -signkey server.key -out server.crt
Apache InstallationYou can install the setup file of apache server or the BinaryFile as we are using it in here. Copy the Binary File in to a drive (C:) . Follow the path using the command line “C:apache2bin” Use this command to install apache “httpd –k install” Type localhost in your browser to see if your apache server works.
Openssl environmentTo use the openssl utility in order to create certificate , we can copy the pathand past it to the windows environment to use it in any where with out everytime typing the path to its location . The Openssl utility exists in your “c:apache2bin” directory. Copy the above path and go to the windows environment shown below My Computer Properties > Advanced System Settings > Environment Variable In the Environment Variable choose new path ,give it the name path in variable path and past the path in to the variable value .
Running Openssl UtilityNow that you introduce the Openssl Utility to the windows environment youCan run it using your CMD in any where you want to make your certificate .
Creating certificateUse the following commands to create your certificate using openssl andprovide information during certificate creation as it asks for it.To create Certificate Signing Request:genrsa -des3 -out server.key 1024To Create Unencrypted Key:rsa -in server.key -out server.pemIt gives an error when typing this code . We have to read the error and solve itIt says to copy the openssl.conf file to a directory in your (C:) . Follow the exactname for the directory as it says in the error.To Generate Unsigned Certificate: req -new -key server.key -out server.csrTo create or sign a 30 day certificate:x509 -req -days 30 -in server.csr -signkey server.key -out server.crt
This is the process ofhow to create a keyand a certificate.During creation it asksfor “Passphrase”And info about theWeb site we arecreating this certificatefor.Provide your FQDN ifyour going to create itfor your website , buthere we are workinglocally so we providelocalhost for our FQDNYou can ignore theoptional  options aswe did some by justhitting ENTER
Changing Apache Configuration FilesWe have to bring changes in the following configuration files of apache server.To enable the below modules in httpd.conf file see “C:apacheconf” and enable.#Loadmodule ssl_module modules/mod_ssl.so#LoadModule socache_shmcb_module#modules/mod_socache_shmcb.so#Include conf/extra/httpd-default.conf#Include conf/extra/httpd-ssl.conSpecify the certificate and key path in the httpd-ssl in C:apache2confextrsasSSLCertificateFile "c:/Apache24/conf/localhost.crt"SSLCertificateKeyFile "c:/Apache24/conf/localhost.pem“RESTART YOUR APACHE SERVER TO TO GET YOUR CONFIGURATION DONE !
Now you are ready to use the https protocol or Secure Socket Layer