Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

https

686 views

Published on

Så kommer du igång med https och TLS

  • Be the first to comment

  • Be the first to like this

https

  1. 1. https
  2. 2. Jonas Lejon @kryptera www.kryptera.se
  3. 3. Varför https?
  4. 4. https://
  5. 5. Privat nyckel ! $ openssl genrsa -out triop.key 2048 CSR (Certificate Signing Request) ! $ openssl req -new -key triop.key -out domain.csr Common Name (e.g. server FQDN or YOUR name) []: -----BEGIN RSA PRIVATE KEY----- -----BEGIN CERTIFICATE REQUEST-----
  6. 6. •EV •Wildcard •Vanliga •Självsignerade
  7. 7. Vad gör jag nu?
  8. 8. administrator@triop.se Länk
  9. 9. -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgIDEWPFMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew HhcNMTQwMzIwMDEwOTAyWhcNMTUwMzIzMDIxMDU5WjCBtzEpMCcGA1UEBRMgZmFC UTlNVGI0ZmRra0hIY2p5UjJNYi1FZVplMG1HQTkxEzARBgNVBAsTCkdUMDIwNDk5 NTgxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk U1NMKFIpMREwDwYDVQQDEwhodHRwcy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAOKUOLiES1K0bymI03oesm9i/qgb4p+85aIoxHysl9Pjq7VZFd4V tqGF9BaS510LYr2gDznL5B9Dj42DjUVn+MTM1ZMGpUA8axPKd+pkRwBjenxi4Yo6 FHm0lvuAByFpIalISyjc2+0sbb84r0ttzsUgl85hZg2X6Y9qd6BmiyQ6xqeM8Q+0 hAtCf9XOcG+Te3VD4WDwW+rVJoUtOB+QTuy+1Hroon1WgGm6/BjZpH1A6vwoYl6K +Pmx9ZucEyhlO0lnyaGYZKzKkKUrcJw9AGH8OU0faB8Tv236MXTqE/7iajggvQ95 yW4ftTfAzonWZ2sOeFfXwl6AMILrSpQoCjcCAwEAAaOCAaMwggGfMB8GA1UdIwQY MBaAFGtpPWoYQkrdjwJlOf01JIZ4kRYwMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0RBAwwCoIIaHR0cHMuc2UwQwYD VR0fBDwwOjA4oDagNIYyaHR0cDovL3JhcGlkc3NsLWNybC5nZW90cnVzdC5jb20v Y3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFA8D06sow2GcuiLQHKwOSFZPli2r MAwGA1UdEwEB/wQCMAAweAYIKwYBBQUHAQEEbDBqMC0GCCsGAQUFBzABhiFodHRw Oi8vcmFwaWRzc2wtb2NzcC5nZW90cnVzdC5jb20wOQYIKwYBBQUHMAKGLWh0dHA6 Ly9yYXBpZHNzbC1haWEuZ2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDBMBgNVHSAE RTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90 cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQUFAAOCAQEAGNDRNeeG icb6CFTMF7YJwj21wksTmfKb0pwyo5hnKumIpUrx7ReUtvr1nEpfdNFsmUmamZMn UoRi9Z9mOV/gS6qsgZxmXpRHm34eBy68S2owo7h9cqK2reS1xeVUcETd+UsSRkVT o3KwMOJZ2yMEo87pD717yZAf7UOJvBJTA0ANy96J90kLaGEHJE7MFOtKuwPHVzW3 pyYK6w5gC80crPRDevGseIokMKRNJnoeaBHCYBfP3wm8VqBG2fBHJnq4znrkqJiU uAhYdgf2eeZ8hUVSPjbP5AszExqesG2Gib/CX3h/+Fz4QegXY3AEry63X273cW9i 7Ukmx2HpiHnU3A== -----END CERTIFICATE----- openssl x509 -in triop.crt -noout -text openssl asn1parse -in triop.crt -dump openssl s_client -showcerts -connect https.se:443 < /dev/null 2>/dev/null | openssl x509 -noout -dates notBefore=Mar 20 01:09:02 2014 GMT notAfter=Mar 23 02:10:59 2015 GMT
  10. 10. -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgIDEWPFMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew HhcNMTQwMzIwMDEwOTAyWhcNMTUwMzIzMDIxMDU5WjCBtzEpMCcGA1UEBRMgZmFC UTlNVGI0ZmRra0hIY2p5UjJNYi1FZVplMG1HQTkxEzARBgNVBAsTCkdUMDIwNDk5 NTgxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk U1NMKFIpMREwDwYDVQQDEwhodHRwcy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAOKUOLiES1K0bymI03oesm9i/qgb4p+85aIoxHysl9Pjq7VZFd4V tqGF9BaS510LYr2gDznL5B9Dj42DjUVn+MTM1ZMGpUA8axPKd+pkRwBjenxi4Yo6 FHm0lvuAByFpIalISyjc2+0sbb84r0ttzsUgl85hZg2X6Y9qd6BmiyQ6xqeM8Q+0 hAtCf9XOcG+Te3VD4WDwW+rVJoUtOB+QTuy+1Hroon1WgGm6/BjZpH1A6vwoYl6K +Pmx9ZucEyhlO0lnyaGYZKzKkKUrcJw9AGH8OU0faB8Tv236MXTqE/7iajggvQ95 yW4ftTfAzonWZ2sOeFfXwl6AMILrSpQoCjcCAwEAAaOCAaMwggGfMB8GA1UdIwQY MBaAFGtpPWoYQkrdjwJlOf01JIZ4kRYwMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0RBAwwCoIIaHR0cHMuc2UwQwYD VR0fBDwwOjA4oDagNIYyaHR0cDovL3JhcGlkc3NsLWNybC5nZW90cnVzdC5jb20v Y3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFA8D06sow2GcuiLQHKwOSFZPli2r MAwGA1UdEwEB/wQCMAAweAYIKwYBBQUHAQEEbDBqMC0GCCsGAQUFBzABhiFodHRw Oi8vcmFwaWRzc2wtb2NzcC5nZW90cnVzdC5jb20wOQYIKwYBBQUHMAKGLWh0dHA6 Ly9yYXBpZHNzbC1haWEuZ2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDBMBgNVHSAE RTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90 cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQUFAAOCAQEAGNDRNeeG icb6CFTMF7YJwj21wksTmfKb0pwyo5hnKumIpUrx7ReUtvr1nEpfdNFsmUmamZMn UoRi9Z9mOV/gS6qsgZxmXpRHm34eBy68S2owo7h9cqK2reS1xeVUcETd+UsSRkVT o3KwMOJZ2yMEo87pD717yZAf7UOJvBJTA0ANy96J90kLaGEHJE7MFOtKuwPHVzW3 pyYK6w5gC80crPRDevGseIokMKRNJnoeaBHCYBfP3wm8VqBG2fBHJnq4znrkqJiU uAhYdgf2eeZ8hUVSPjbP5AszExqesG2Gib/CX3h/+Fz4QegXY3AEry63X273cW9i 7Ukmx2HpiHnU3A== -----END CERTIFICATE----- <VirtualHost 192.168.0.1:443> DocumentRoot /var/www/html ServerName www.triop.se SSLEngine on SSLCertificateFile /path/to/triop.crt SSLCertificateKeyFile /path/to/triop.key SSLCertificateChainFile /path/to/DigiCertCA.crt </VirtualHost> -----BEGIN RSA PRIVATE KEY—— SDFSDFSFS33FTHIS IS NOT A REAL PRIVATE KEY/6gADxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew HhcNMTQwMzIwMDEwOTAyWhcNMTUwMzIzMDIxMDU5WjCBtzEpMCcGA1UEBRMgZmFC UTlNVGI0ZmRra0hIY2p5UjJNYi1FZVplMG1HQTkxEzARBgNVBAsTCkdUMDIwNDk5 NTgxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk U1NMKFIpMREwDwYDVQQDEwhodHRwcy5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAOKUOLiES1K0bymI03oesm9i/qgb4p+85aIoxHysl9Pjq7VZFd4V tqGF9BaS510LYr2gDznL5B9Dj42DjUVn+MTM1ZMGpUA8axPKd+pkRwBjenxi4Yo6 FHm0lvuAByFpIalISyjc2+0sbb84r0ttzsUgl85hZg2X6Y9qd6BmiyQ6xqeM8Q+0 hAtCf9XOcG+Te3VD4WDwW+rVJoUtOB+QTuy+1Hroon1WgGm6/BjZpH1A6vwoYl6K +Pmx9ZucEyhlO0lnyaGYZKzKkKUrcJw9AGH8OU0faB8Tv236MXTqE/7iajggvQ95 yW4ftTfAzonWZ2sOeFfXwl6AMILrSpQoCjcCAwEAAaOCAaMwggGfMB8GA1UdIwQY MBaAFGtpPWoYQkrdjwJlOf01JIZ4kRYwMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0RBAwwCoIIaHR0cHMuc2UwQwYD VR0fBDwwOjA4oDagNIYyaHR0cDovL3JhcGlkc3NsLWNybC5nZW90cnVzdC5jb20v Y3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFA8D06sow2GcuiLQHKwOSFZPli2r MAwGA1UdEwEB/wQCMAAweAYIKwYBBQUHAQEEbDBqMC0GCCsGAQUFBzABhiFodHRw Oi8vcmFwaWRzc2wtb2NzcC5nZW90cnVzdC5jb20wOQYIKwYBBQUHMAKGLWh0dHA6 Ly9yYXBpZHNzbC1haWEuZ2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDBMBgNVHSAE RTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90 Y3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFA8D06sow2GcuiLQHKwOSFZPli2r Y3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFA8D06sow2GcuiLQHKwOSFZPli2r MAwGA1UdEwEB/wQCMAAweAYIKwYBBQUHAQEEbDBqMC0GCCsGAQUFBzABhiFodHRw Oi8vcmFwaWRzc2wtb2NzcC5nZW90cnVzdC5jb20wOQYIKwYBBQUHMAKGLWh0dHA6 Ly9yYXBpZHNzbC1haWEuZ2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDBMBgNVHSAE RTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90 MAwGA1UdEwEB/wQCMAAweAYIKwYBBQUHAQEEbDBqMC0GCCsGAQUFBzABhiFodHRw Oi8vcmFwaWRzc2wtb2NzcC5nZW90cnVzdC5jb20wOQYIKwYBBQUHMAKGLWh0dHA6 Ly9yYXBpZHNzbC1haWEuZ2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDBMBgNVHSAE RTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90 Y3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFA8D06sow2GcuiLQHKwOSFZPli2r MAwGA1UdEwEB/wQCMAAweAYIKwYBBQUHAQEEbDBqMC0GCCsGAQUFBzABhiFodHRw Oi8vcmFwaWRzc2wtb2NzcC5nZW90cnVzdC5jb20wOQYIKwYBBQUHMAKGLWh0dHA6 Ly9yYXBpZHNzbC1haWEuZ2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDBMBgNVHSAE RTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90 cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQUFAAOCAQEAGNDRNeeG icb6CFTMF7YJwj21wksTmfKb0pwyo5hnKumIpUrx7ReUtvr1nEpfdNFsmUmamZMn UoRi9Z9mOV/gS6qsgZxmXpRHm34eBy68S2owo7h9cqK2reS1xeVUcETd+UsSRkVT o3KwMOJZ2yMEo87pD717yZAf7UOJvBJTA0ANy96J90kLaGEHJE7MFOtKuwPHVzW3 pyYK6w5gC80crPRDevGseIokMKRNJnoeaBHCYBfP3wm8VqBG2fBHJnq4znrkqJiU uAhYdgf2eeZ8hUVSPjbP5AszExqesG2Gib/CX3h/+Fz4QegXY3AEry63X273cW9i 7Ukmx2HpiHnU3A== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIG5jCCBc6gAwIBAgIQAze5KDR8YKauxa2xIX84YDANBgkqhkiG9w0BAQUFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBFViBSb290IENBMB4XDTA3MTEwOTEyMDAwMFoXDTIxMTExMDAwMDAwMFowaTEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEoMCYGA1UEAxMfRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug RVYgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPOWYth1bhn/ PzR8SU8xfg0ETpmB4rOFVZEwscCvcLssqOcYqj9495BoUoYBiJfiOwZlkKq9ZXbC 7L4QWzd4g2B1Rca9dKq2n6Q6AVAXxDlpufFP74LByvNK28yeUE9NQKM6kOeGZrzw PnYoTNF1gJ5qNRQ1A57bDIzCKK1Qss72kaPDpQpYSfZ1RGy6+c7pqzoC4E3zrOJ6 4GAiBTyC01Li85xH+DvYskuTVkq/cKs+6WjIHY9YHSpNXic9rQpZL1oRIEDZaARo LfTAhAsKG3jf7RpY3PtBWm1r8u0c7lwytlzs16YDMqbo3rcoJ1mIgP97rYlY1R4U pPKwcNSgPqcCAwEAAaOCA4UwggOBMA4GA1UdDwEB/wQEAwIBhjA7BgNVHSUENDAy BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUH AwgwggHEBgNVHSAEggG7MIIBtzCCAbMGCWCGSAGG/WwCATCCAaQwOgYIKwYBBQUH AgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5o dG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0 AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdAB1 AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAARABp AGcAaQBDAGUAcgB0ACAARQBWACAAQwBQAFMAIABhAG4AZAAgAHQAaABlACAAUgBl AGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBo AGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAg AGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAg AGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wEgYDVR0TAQH/BAgwBgEB/wIBADCB gwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy dC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NBQ2Vy dHMvRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3J0MIGPBgNVHR8EgYcw gYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hB c3N1cmFuY2VFVlJvb3RDQS5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0 LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwHQYDVR0OBBYE FExYyyXwQU9S9CjIgUObpqig5pLlMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoI Au9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQBMeheHKF0XvLIyc7/NLvVYMR3wsXFU nNabZ5PbLwM+Fm8eA8lThKNWYB54lBuiqG+jpItSkdfdXJW777UWSemlQk808kf/ roF/E1S3IMRwFcuBCoHLdFfcnN8kpCkMGPAc5K4HM+zxST5Vz25PDVR708noFUjU xbvcNRx3RQdIRYW9135TuMAW2ZXNi419yWBP0aKb49Aw1rRzNubS+QOy46T15bg+ BEkAui6mSnKDcp33C4ypieez12Qf1uNgywPE3IjpnSUBAHHLA7QpYCWP+UbRe3Gu zVMSW4SOwg/H7ZMZ2cn6j1g0djIvruFQFGHUqFijyDATI+/GJYw2jxyA -----END CERTIFICATE-----
  11. 11. Testa testa testa
  12. 12. Revokering, förnyelse och återutgivning
  13. 13. Tack för mig!

×