SlideShare a Scribd company logo

https

Jonas Lejon
Jonas Lejon
Jonas LejonSenior Cyber Security Specialist 🔒 at Triop AB

Så kommer du igång med https och TLS

https

1 of 15
Download to read offline
https
Jonas Lejon
@kryptera
www.kryptera.se
https
Varför https?
https://
Privat nyckel
!
$ openssl genrsa -out triop.key 2048
CSR (Certificate Signing Request)
!
$ openssl req -new -key triop.key -out domain.csr
Common Name (e.g. server FQDN or YOUR name) []:
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----

Recommended

Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basicMksYi
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.SecuRing
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...APNIC
 
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Security B-Sides
 

More Related Content

What's hot

strace for Perl Mongers
strace for Perl Mongersstrace for Perl Mongers
strace for Perl MongersNaosuke Yokoe
 
TopicModelingNLPHandsOnML
TopicModelingNLPHandsOnMLTopicModelingNLPHandsOnML
TopicModelingNLPHandsOnMLSamir Aryamane
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz -  Encrypted Search: from Research to Real-World SystemsTarik Moataz -  Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsCSNP
 
Finding Evil In DNS Traffic
Finding  Evil In DNS TrafficFinding  Evil In DNS Traffic
Finding Evil In DNS Trafficreal_slacker007
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
 
Profiling Web Archives IIPC GA 2015
Profiling Web Archives IIPC GA 2015Profiling Web Archives IIPC GA 2015
Profiling Web Archives IIPC GA 2015Sawood Alam
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
Harlemfur.com
Harlemfur.comHarlemfur.com
Harlemfur.comJohn Lenn
 
Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015GregMefford
 
Keywesthideaways.com
Keywesthideaways.comKeywesthideaways.com
Keywesthideaways.comJohn Lenn
 

What's hot (13)

strace for Perl Mongers
strace for Perl Mongersstrace for Perl Mongers
strace for Perl Mongers
 
TopicModelingNLPHandsOnML
TopicModelingNLPHandsOnMLTopicModelingNLPHandsOnML
TopicModelingNLPHandsOnML
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz -  Encrypted Search: from Research to Real-World SystemsTarik Moataz -  Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
 
Finding Evil In DNS Traffic
Finding  Evil In DNS TrafficFinding  Evil In DNS Traffic
Finding Evil In DNS Traffic
 
Cqcon
CqconCqcon
Cqcon
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
 
Profiling Web Archives IIPC GA 2015
Profiling Web Archives IIPC GA 2015Profiling Web Archives IIPC GA 2015
Profiling Web Archives IIPC GA 2015
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
 
Top X OAuth 2 Hacks
Top X OAuth 2 HacksTop X OAuth 2 Hacks
Top X OAuth 2 Hacks
 
Harlemfur.com
Harlemfur.comHarlemfur.com
Harlemfur.com
 
Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015
 
Keywesthideaways.com
Keywesthideaways.comKeywesthideaways.com
Keywesthideaways.com
 

Viewers also liked

WordPress prestanda
WordPress prestandaWordPress prestanda
WordPress prestandaJonas Lejon
 
Presentazione scuola dell'infanzia
Presentazione scuola dell'infanziaPresentazione scuola dell'infanzia
Presentazione scuola dell'infanziaDaniela Idili
 
Presentazione scuola dell'infanzia paulo freire
Presentazione scuola dell'infanzia  paulo freirePresentazione scuola dell'infanzia  paulo freire
Presentazione scuola dell'infanzia paulo freireDaniela Idili
 
Presentazione Scuola dell'Infanzia "Paolo Freire" - Cagliari
Presentazione Scuola dell'Infanzia  "Paolo Freire" - CagliariPresentazione Scuola dell'Infanzia  "Paolo Freire" - Cagliari
Presentazione Scuola dell'Infanzia "Paolo Freire" - CagliariDaniela Idili
 
Advanced Exfiltration Techniques
Advanced Exfiltration TechniquesAdvanced Exfiltration Techniques
Advanced Exfiltration TechniquesJonas Lejon
 
Comp3530 tutorialfacilitation
Comp3530 tutorialfacilitationComp3530 tutorialfacilitation
Comp3530 tutorialfacilitationu5015565
 
Exfiltration av data (information)
Exfiltration av data (information)Exfiltration av data (information)
Exfiltration av data (information)Jonas Lejon
 
Ginaren txupetea
Ginaren txupeteaGinaren txupetea
Ginaren txupeteaArtekoprofe
 
Earth day by 4th form
Earth day by 4th formEarth day by 4th form
Earth day by 4th formmisslausola
 
EXPERIENCE DURING ' AS-BUILT ' SERVICES IN INDUSTRIAL PROJECT USING LASER 3D ...
EXPERIENCE DURING ' AS-BUILT ' SERVICES IN INDUSTRIAL PROJECT USING LASER 3D ...EXPERIENCE DURING ' AS-BUILT ' SERVICES IN INDUSTRIAL PROJECT USING LASER 3D ...
EXPERIENCE DURING ' AS-BUILT ' SERVICES IN INDUSTRIAL PROJECT USING LASER 3D ...Behzad Katirachi
 
Flyworld Corporation
Flyworld CorporationFlyworld Corporation
Flyworld CorporationMuhammad Baig
 

Viewers also liked (15)

WordPress prestanda
WordPress prestandaWordPress prestanda
WordPress prestanda
 
Pps resume
Pps resumePps resume
Pps resume
 
Presentazione scuola dell'infanzia
Presentazione scuola dell'infanziaPresentazione scuola dell'infanzia
Presentazione scuola dell'infanzia
 
question 1
question 1question 1
question 1
 
Presentazione scuola dell'infanzia paulo freire
Presentazione scuola dell'infanzia  paulo freirePresentazione scuola dell'infanzia  paulo freire
Presentazione scuola dell'infanzia paulo freire
 
Presentazione Scuola dell'Infanzia "Paolo Freire" - Cagliari
Presentazione Scuola dell'Infanzia  "Paolo Freire" - CagliariPresentazione Scuola dell'Infanzia  "Paolo Freire" - Cagliari
Presentazione Scuola dell'Infanzia "Paolo Freire" - Cagliari
 
Advanced Exfiltration Techniques
Advanced Exfiltration TechniquesAdvanced Exfiltration Techniques
Advanced Exfiltration Techniques
 
Quimica proyecto
Quimica  proyectoQuimica  proyecto
Quimica proyecto
 
Comp3530 tutorialfacilitation
Comp3530 tutorialfacilitationComp3530 tutorialfacilitation
Comp3530 tutorialfacilitation
 
Exfiltration av data (information)
Exfiltration av data (information)Exfiltration av data (information)
Exfiltration av data (information)
 
Aritz eta alex
Aritz eta alexAritz eta alex
Aritz eta alex
 
Ginaren txupetea
Ginaren txupeteaGinaren txupetea
Ginaren txupetea
 
Earth day by 4th form
Earth day by 4th formEarth day by 4th form
Earth day by 4th form
 
EXPERIENCE DURING ' AS-BUILT ' SERVICES IN INDUSTRIAL PROJECT USING LASER 3D ...
EXPERIENCE DURING ' AS-BUILT ' SERVICES IN INDUSTRIAL PROJECT USING LASER 3D ...EXPERIENCE DURING ' AS-BUILT ' SERVICES IN INDUSTRIAL PROJECT USING LASER 3D ...
EXPERIENCE DURING ' AS-BUILT ' SERVICES IN INDUSTRIAL PROJECT USING LASER 3D ...
 
Flyworld Corporation
Flyworld CorporationFlyworld Corporation
Flyworld Corporation
 

Similar to https

Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwordsFrancois Marier
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
 
An Introduction to PASETO Tokens
An Introduction to PASETO TokensAn Introduction to PASETO Tokens
An Introduction to PASETO TokensAll Things Open
 
Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Martin Vigo
 
We-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooWe-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooChristiaan Beek
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNIJisc
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
F2e security
F2e securityF2e security
F2e securityjay li
 
Log files: The Overlooked Source of SEO Opportunities
Log files: The Overlooked Source of SEO OpportunitiesLog files: The Overlooked Source of SEO Opportunities
Log files: The Overlooked Source of SEO OpportunitiesRobin Rozhon
 

Similar to https (14)

Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
 
I See You
I See YouI See You
I See You
 
An Introduction to PASETO Tokens
An Introduction to PASETO TokensAn Introduction to PASETO Tokens
An Introduction to PASETO Tokens
 
Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!
 
We-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooWe-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-too
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
 
2FA WTF
2FA WTF2FA WTF
2FA WTF
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNI
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby Robots
 
F2e security
F2e securityF2e security
F2e security
 
Log files: The Overlooked Source of SEO Opportunities
Log files: The Overlooked Source of SEO OpportunitiesLog files: The Overlooked Source of SEO Opportunities
Log files: The Overlooked Source of SEO Opportunities
 

https