This document provides an overview of SSL/TLS (Secure Sockets Layer/Transport Layer Security) and how it works to secure data transmission over the internet. It discusses why SSL is important for encrypting data and verifying identities. It then explains the basic process of how SSL works, including how a client encrypts requests using a server's public key and how the server decrypts with its private key. The document outlines the requirements to implement SSL, including generating a key and obtaining a certificate. It differentiates between self-signed and authorized certificates. Finally, it provides steps to create a certificate using OpenSSL and configure the Apache web server to use SSL.
Security is often an afterthought; configured and applied at the last minute before rolling out a new system. Instaclustr has deployed Cassandra for customers with many different requirements.
From deployments in Heroku requiring total public access through to private data centres, we will walk you through securing Cassandra the right way.
in I.T field we need secure data communication and one of the most worldwide utility is OpenSSL . In our slide you will find basic introduction of OpenSSL and how to use it with black track for local communication data encryption.
In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
This demonstrates deploying your own FIDO authentication infrastructure to your Azure. Deploy a FIDO server and describe how Windows Hello works with the FIDO server. With Windows Hello and FIDO Server, you can implement secure authentication on your infrastructure.
If people is considering passwordless system in their own cloud infrastructure, this session can provide such as their requirement. This shows how to deploy FIDO 1.0, 2 to their infra structure to implement passwordless system in their infrastructure for desktop & mobile.
Security is often an afterthought; configured and applied at the last minute before rolling out a new system. Instaclustr has deployed Cassandra for customers with many different requirements.
From deployments in Heroku requiring total public access through to private data centres, we will walk you through securing Cassandra the right way.
in I.T field we need secure data communication and one of the most worldwide utility is OpenSSL . In our slide you will find basic introduction of OpenSSL and how to use it with black track for local communication data encryption.
In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
This demonstrates deploying your own FIDO authentication infrastructure to your Azure. Deploy a FIDO server and describe how Windows Hello works with the FIDO server. With Windows Hello and FIDO Server, you can implement secure authentication on your infrastructure.
If people is considering passwordless system in their own cloud infrastructure, this session can provide such as their requirement. This shows how to deploy FIDO 1.0, 2 to their infra structure to implement passwordless system in their infrastructure for desktop & mobile.
Using Federation to Simplify Access to SharePoint, SaaS and Partner ApplicationsNovell
Identity federation has become the standard method for delivering access to services across organizational boundaries. More recently, federation has become the preferred method for managing user access within Microsoft SharePoint environments.
In this session, you will get an overview of the federation capabilities in Novell Access Manager. Specifically, the presenters will provide an introduction to identity federation, cover basic setup and configuration, and show you how to enable federated access to Microsoft SharePoint and Google applications. No previous knowledge of federation standards is required for this session.
An introduction to Kerberos technology. Find out how the negotiation process works and why it is considered secure. Learn what are Kerberos realms, how Kerberos authentication works and how authorization process looks like. Look through all the use cases. See how Kerberos is being used in a classical setting and in the HTTP world with SPNEGO protocol.
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
Oded Hareven, CEO of Akeyless.io, explains why SSH keys are not easy to manage and how using an internal certificate authority and issuer makes human-to-machine access much simple and easier to manage.
Learn more at https://www.akeyless.io/blog/eliminating-ssh-keys-is-possible/
List of Various OpenSSL Commands and KeyTool that are used to check/generate CSR, Self Sign Certificate, Private key, convert CSR, convert certificate, etc...
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTAdam Englander
Are you worried that your REST API may be the next victim of an attack by ruthless hackers? Don't fret. Utilizing the same standards implemented by OAuth 2.0 and OpenID Connect, you can secure your REST API. JSON Object Signing and Encryption (JOSE) is the core of a truly secure standards-based REST API. Let me show you how to ensure the data sent too and received from your API is as safe and secure as is reasonably possible.
Side-Channels on the Web: Attacks and DefensesTom Van Goethem
In this presentation we explore various side-channel attacks in the Web that can be used to leak information on cross-origin responses. These so-called XS-Leaks issues may allow an adversary to extract sensitive information from an unwitting visitor, ranging from personal information this victim shared with social media networks to CSRF tokens, which may lead to full account takeover.
Finally, we discuss the various defenses that can be used to harden web applications against the different types of attacks.
Kerberos is a Network Protocol that uses Secret - key cryptography to authenticate client - server applications. It provides the difference between the Firewall and kerberos. And also this slides are gives the information about how does the Kerberos works in ticket granting service and in Application server. Kerberos are work Within networks and small sets of networks.
"Let's go HTTPS" by Simone Carletti
HTTPS has gone mainstream and nowadays it's a good practice to serve a website via HTTPS. However, simply installing a TLS/SSL certificate may not be not enough to stay secure. It's important to understand how HTTPS works and how to configure it properly. In this talk we'll take a look at different types of SSL certificates, along with how to obtain a trusted SSL certificate and install it on the most common web servers/PaaS. Finally, we'll discuss the best practices surrounding HTTPS, including the HSTS headers, public key pinning, and common pitfalls such as the mixed security error.
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
As more corporations adopt Google for providing cloud services they are also inheriting the security risks associated with centralized computing, email and data storage outside the perimeter. In order for pentesters and red teamers to remain effective in analyzing security risks, they must adapt techniques in a way that brings value to the customer.
In this presentation we will begin by demonstrating adaptive techniques to crack the perimeter of Google Suite customers. Next, we will show how evasion can be accomplished by hiding in plain-sight due to failures in incident response plans. Finally, we will also show how a simple compromise could mean collateral damage for customers who are not carefully monitoring these cloud environments.
Using Federation to Simplify Access to SharePoint, SaaS and Partner ApplicationsNovell
Identity federation has become the standard method for delivering access to services across organizational boundaries. More recently, federation has become the preferred method for managing user access within Microsoft SharePoint environments.
In this session, you will get an overview of the federation capabilities in Novell Access Manager. Specifically, the presenters will provide an introduction to identity federation, cover basic setup and configuration, and show you how to enable federated access to Microsoft SharePoint and Google applications. No previous knowledge of federation standards is required for this session.
An introduction to Kerberos technology. Find out how the negotiation process works and why it is considered secure. Learn what are Kerberos realms, how Kerberos authentication works and how authorization process looks like. Look through all the use cases. See how Kerberos is being used in a classical setting and in the HTTP world with SPNEGO protocol.
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
Oded Hareven, CEO of Akeyless.io, explains why SSH keys are not easy to manage and how using an internal certificate authority and issuer makes human-to-machine access much simple and easier to manage.
Learn more at https://www.akeyless.io/blog/eliminating-ssh-keys-is-possible/
List of Various OpenSSL Commands and KeyTool that are used to check/generate CSR, Self Sign Certificate, Private key, convert CSR, convert certificate, etc...
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTAdam Englander
Are you worried that your REST API may be the next victim of an attack by ruthless hackers? Don't fret. Utilizing the same standards implemented by OAuth 2.0 and OpenID Connect, you can secure your REST API. JSON Object Signing and Encryption (JOSE) is the core of a truly secure standards-based REST API. Let me show you how to ensure the data sent too and received from your API is as safe and secure as is reasonably possible.
Side-Channels on the Web: Attacks and DefensesTom Van Goethem
In this presentation we explore various side-channel attacks in the Web that can be used to leak information on cross-origin responses. These so-called XS-Leaks issues may allow an adversary to extract sensitive information from an unwitting visitor, ranging from personal information this victim shared with social media networks to CSRF tokens, which may lead to full account takeover.
Finally, we discuss the various defenses that can be used to harden web applications against the different types of attacks.
Kerberos is a Network Protocol that uses Secret - key cryptography to authenticate client - server applications. It provides the difference between the Firewall and kerberos. And also this slides are gives the information about how does the Kerberos works in ticket granting service and in Application server. Kerberos are work Within networks and small sets of networks.
"Let's go HTTPS" by Simone Carletti
HTTPS has gone mainstream and nowadays it's a good practice to serve a website via HTTPS. However, simply installing a TLS/SSL certificate may not be not enough to stay secure. It's important to understand how HTTPS works and how to configure it properly. In this talk we'll take a look at different types of SSL certificates, along with how to obtain a trusted SSL certificate and install it on the most common web servers/PaaS. Finally, we'll discuss the best practices surrounding HTTPS, including the HSTS headers, public key pinning, and common pitfalls such as the mixed security error.
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
As more corporations adopt Google for providing cloud services they are also inheriting the security risks associated with centralized computing, email and data storage outside the perimeter. In order for pentesters and red teamers to remain effective in analyzing security risks, they must adapt techniques in a way that brings value to the customer.
In this presentation we will begin by demonstrating adaptive techniques to crack the perimeter of Google Suite customers. Next, we will show how evasion can be accomplished by hiding in plain-sight due to failures in incident response plans. Finally, we will also show how a simple compromise could mean collateral damage for customers who are not carefully monitoring these cloud environments.
It is about the SET that how it was launched and what were the problems which it faced after launched and what was new after it as a solution of the problems as the security experts found.
Overview of VPN protocols.
VPNs (Virtual Private Networks) are often viewed from the perspective of security with the goal of providing authentication and confidentiality.
However, the primary purpose of VPNs is to connect 2 topologically separated private networks over a public network (typically the Internet).
VPNs basically hook a network logically into another network so that both appear as one private local network.
Security is a possible add-on to VPNs. In many cases it makes perfectly sense to secure the VPNs communication over the unsecure public network.
VPN protocols typically employ a tunnel where data packets of the local network are encapsulated in an outer protocol for transmission over the public network.
The most important VPN protocols are IPSec, PPTP and L2TP. In recent years SSL/TLS based VPNs such as OpenVPN have gained widespread adoption.
Certificate pinning in android applicationsArash Ramez
How to do cryptography right in android
Part #4 / How to mitigate MITM attacks in SSL/TLS channels using server certification validation
watch it on youtube:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gZ0mtoAA8JrfFrvOKr1Qlp
SSL Certificate is a very common term that we definitely heard but there is only limited number of people who know it is meaning or what is it? Actually SSL stands for Secure Socket Layer Protocol which helps to secure more safety in the internet world. it was developed by Netscape and issued by the Certificate Authorities.
Stands for "Secure Sockets Layer." SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to "log in" on a website, the resulting page is secured by SSL.
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
White paper - Full SSL automation with OneClickSSLGlobalSign
SSL Automation from application to installation
GlobalSign has designed, developed and patented OneClickSSL™, a revolutionary technology that simplifies the process from SSL application to installation with levels of automation previously considered impossible – eliminating support fees and minimizing time spent supporting customers.
Learn how the OneClickSSL technology works, the deployment options and use cases and how to generate new revenues with OneClickSSL.
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
If you own a website, specifically a WordPress site, it's time to move from HTTP to HTTPS. Google is implementing a Carrot-and-Stick plan to get you there. This WordCamp talk touched on the basics of HTTPS/SSL/TLS and Google's plan to make the web more secure. These slides cite links with supporting information.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
4. Contents
Introduction
SSL/TLS
Why SSL?
How does SSL works?
Requirements
Self signed certificate
Authorized certificate
How to create certificate
Terms to know about
Practice
5. Introduction
What Business Opportunities does internet provides?
• Online Commerce .
• Online Shopping .
• Online Resource Sharing.
• Email and Messaging.
• Data Transfer.
Benefits.
• Cost effectiveness of online operations and delivery
• Open global markets - gain customers from all over the world.
• New and exciting ways of marketing directly to your customers
• Offer new data products and services via the Web
6. Cont ...
Improvement needs concentration and security
What is important to be secure?
• Important and Secret Data Transfer
• Username and Passwords.
• Bank Account Numbers .
• Credit Cards.
Unsecure Data Threats and challenges
• Hack
• Data stealing
• ID misuse
7. SSL / TLS
SSL ( Secure Socket Layer )
TLS ( Transport layer Security )
It is a protocol used along with http in order to provide
• Identity assurance
• Encryption
When we implement the SSL protocol
along with http it turns into https , which
Indicates the Secure Socket layer
Protocol
8. Why SSL ?
1.Encryption:
• Process of hiding what is sent from one computer to another.
• Encrypting and securing the data that we want to send to a host.
2.Identity assurance
• Making sure that the computer we are speaking to is the one we trust.
• Assurance for validation of the remote server by issuing a certificate.
9. Identity Assurance
Request: www.gmail.com
Responding https://gmail.com
• The server authenticates us and gives us assurance that the server we
are trying to connect with is a real server.
10. Plain Text Data transfer with No Secure Socket Layer
Hello
H
e
l
l
o
Hello
12. How does SSL Work?
Client Request for page
Server responds with a Public key for encryption
Request http:// www.gmail.com
Response https:// www.gmail.com
Request GET index.html
Client Encrypts Request using Server Public Key
Server Decrypts Request using Private Key
13. What do we need?
• We need a Key
• Crete a Certificate using that key
We have two types of certificate
Self signed Certificate.
Authorized certificate.
14. Self Signed Certificate
A self signed certificate is a certificate that is signed by the person creating
it rather than a trusted authority .
It has major Disadvantage:
A visitor's connection could be hijacked allowing an attacker view all the
data sent and the certificate cannot be revoked like a trusted certificate can.
We're going to explain when a self signed certificate should and shouldn't
be used .
We can generate a self signed certificate for common platforms like
Microsoft IIS, Apache, and Java Keytool or openssl .
15. Self signed Certificate Usage
In a local Network.
When clients only have to go through a local Intranet to get to the server,
there is virtually no chance of a man-in-the-middle attack.
A Development Server.
There is no need to spend extra cash buying a trusted certificate when
you are just developing or testing an application.
Personal sites with few visitors.
If you have a small personal site that transfers non-critical information,
there is very little incentive for someone to attack the connections.
16. Authorized Certificate
The certificate which is signed by an authorized vendor.
SSL Certificate will contain
• your domain name.
• your company name
• your address
• your city
• your state and your country.
It will also contain the expiration date of the Certificate and
details of the Certification Authority responsible for the issuance
of the Certificate.
17. How to create Certificate?
We can create our Certificate using Utilities that we have here.
OPENSSL
It’s a utility used to create a SSL Certificate.
It comes with apache binary package .
TOOLKIT
This is also a utility used to create SSL Certificate
It comes with java package inside the /bin Directory
18. Terms to know about
RSA Algorithm
The RSA algorithm is named after Ron Rivest, Adi Shamir and Len
Adleman, who invented it in 1977. The basic technique was first
discovered in 1973 by Clifford Cocks (part of the British GCHQ) but this
was a secret until 1997.
The RSA cryptosystem is the most widely-used public key cryptography
algorithm in the world.
The RSA algorithm can be used for both public key encryption and digital
signatures. Its security is based on the difficulty of factoring large
integers.
19. Terms to know about
Des3 Algorithm
The Data Encryption Standard (DES) was developed by an IBM team
around 1974 and adopted as a national standard in 1977. Triple DES is
a minor variation of this standard. It is three times slower than regular
DES but can be billions of times more secure if used properly. Triple
DES enjoys much wider use than DES because DES is so easy to
break with today's rapidly advancing technology.
20. Terms to know about
The OSI X.509 standard2.
X.509 uses a centralized hierarchy with at most a few trusted entities
at its core.
These trusted entities issue files which are used to distribute public
keys and certify that the bearer of the file is who or what he or she
claims to be.
23. Apache Installation
You can install the setup file of apache server or the Binary
File as we are using it in here.
Copy the Binary File in to a drive (C:) .
Follow the path using the command line “C:apache2bin”
Use this command to install apache “httpd –k install”
Type localhost in your browser to see if your apache server works.
24. Openssl environment
To use the openssl utility in order to create certificate , we can copy the path
and past it to the windows environment to use it in any where with out every
time typing the path to its location .
The Openssl utility exists in your “c:apache2bin” directory.
Copy the above path and go to the windows environment shown below
My Computer Properties > Advanced System Settings > Environment
Variable
In the Environment Variable choose new path ,give it the name path in
variable path and past the path in to the variable value .
26. Running Openssl Utility
Now that you introduce the Openssl Utility to the windows environment you
Can run it using your CMD in any where you want to make your certificate .
27. Creating certificate
Use the following commands to create your certificate using openssl and
provide information during certificate creation as it asks for it.
To create Certificate Signing Request:
genrsa -des3 -out server.key 1024
To Create Unencrypted Key:
rsa -in server.key -out server.pem
It gives an error when typing this code . We have to read the error and solve it
It says to copy the openssl.conf file to a directory in your (C:) . Follow the exact
name for the directory as it says in the error.
To Generate Unsigned Certificate:
req -new -key server.key -out server.csr
To create or sign a 30 day certificate:
x509 -req -days 30 -in server.csr -signkey server.key -out server.crt
28. This is the process of
how to create a key
and a certificate.
During creation it asks
for “Passphrase”
And info about the
Web site we are
creating this certificate
for.
Provide your FQDN if
your going to create it
for your website , but
here we are working
locally so we provide
localhost for our FQDN
You can ignore the
optional [] options as
we did some by just
hitting ENTER
29. Changing Apache Configuration Files
We have to bring changes in the following configuration files of apache server.
To enable the below modules in httpd.conf file see “C:apacheconf” and enable.
#Loadmodule ssl_module modules/mod_ssl.so
#LoadModule socache_shmcb_module
#modules/mod_socache_shmcb.so
#Include conf/extra/httpd-default.conf
#Include conf/extra/httpd-ssl.con
Specify the certificate and key path in the httpd-ssl in C:apache2confextrsas
SSLCertificateFile "c:/Apache24/conf/localhost.crt"
SSLCertificateKeyFile "c:/Apache24/conf/localhost.pem“
RESTART YOUR APACHE SERVER TO TO GET YOUR CONFIGURATION DONE !
30. Now you are ready to use the https protocol or Secure Socket Layer