- Cert check
- Cryptography
- Key exchange or key establishment
- cipher or cypher
- Cryptography libraries compare
- X.509
- Certificate Revocation List (or CRL)
- TLS Extensions - Certificate Status Request
- Certificate formats
- ECDSA vs RSA
- SSL
- Private Key
- Let’s Encrypt
- OpenSSL
- PEM (.pem, .crt, .cer) to PFX
- Mozilla SSL Configuration Generator
- Nginx
- SSL
Cert check¶
443: https://www.ssllabs.com/ssltest/
non-443: https://www.immuniweb.com/ssl/
openssl s_client -showcerts -connect ${URL}:${PORT}
apt-get install -y bsdmainutils
Cryptography¶
Key exchange or key establishment¶
https://en.wikipedia.org/wiki/Key_exchange
any method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.
Diffie–Hellman key exchange (DH)
is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols
The D–H key exchange protocol, however, does not by itself address authentication
Google Chrome Intent to deprecate DHE-based cipher suites
Public key infrastructures (PKIs)
have been proposed as a way around this problem of identity authentication.
https://en.wikipedia.org/wiki/Public_key_infrastructure
registration authority (RA)
: assures valid and correct registration. In a Microsoft PKI, a RA is usually called asubordinate CA
.- An entity must be uniquely identifiable within each
certificate authority (CA)
domain on the basis of information about that entity. A third-partyvalidation authority (VA)
can provide this entity information on behalf of the CA.
cipher or cypher¶
an algorithm for performing encryption or decryption
A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream).
https://en.wikipedia.org/wiki/Stream_cipher#Comparison_of_stream_ciphers
Salsa20 is a stream cipher.
Poly1305 is a cryptographic message authentication code (MAC),can be used to verify the data integrity and the authenticity of a message.
In NaCl Poly1305 is used with Salsa20 instead of AES, in TLS and SSH it is used with ChaCha20 keystream.
“Networking and Cryptography library”/NaCl (pronounced “salt”): high-speed software library for network communication, encryption, decryption, signatures, etc
Libsodium: a portable, cross-compilable, installable, packageable, API-compatible version of NaCl.
macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris
Cryptography libraries compare¶
https://en.wikipedia.org/wiki/Comparison_of_cryptography_libraries
GnuTLS vs libsodium vs NaCL vs OpenSSL vs …
X.509¶
https://www.ietf.org/rfc/rfc5280.txt
https://en.wikipedia.org/wiki/X.509
X.509 is a standard that defines the format of public key certificates.
used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS
contains a public key and an identity (a hostname, or an organization, or an individual)
Certificate Revocation List (or CRL)¶
“a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted.”
TLS Extensions - Certificate Status Request¶
https://tools.ietf.org/html/rfc4366#section-3.6
Constrained clients may wish to use a certificate-status protocol such as Online Certificate Status Protocol - OCSP to check the validity of server certificates, in order to avoid transmission of CRLs and therefore save bandwidth on constrained networks.
This extension allows for such information to be sent in the TLS handshake, saving roundtrips and resources.
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
Certificate formats¶
https://serverfault.com/questions/9708
PEM
Governed by RFCs can have a variety of extensions (.pem, .key, .cer, .cert, more)
DER
, a binary version of the base64-encoded PEM file.
PKCS7
An open standard used by Java (E.g. Tomcat) and supported by Windows. Does not contain private key material.
PKCS12
, enhanced security versus the plain-text PEM format. can contain private key material.
certmgr.msc # Windows
openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.pem # Gen self-signed cert
openssl x509 -noout -text -in cerfile.cer/.pem/.crt [-inform pem/der] # Show Info
openssl x509 -out converted.pem -inform der -in to-convert.der # Convert
openssl pkcs12 -in file-to-convert..pkcs12/.pfx/.p12 -out converted-file.pem -nodes
ECDSA vs RSA¶
https://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/
with ECDSA you can get the same level of security as RSA but with smaller keys.
legacy browsers may not support
SSL¶
Private Key¶
https://info.ssl.com/faq-what-is-a-private-key/
private key is a text file used initially to generate a Certificate Signing Request (CSR), and later to secure and verify connections using the certificate created per that request. The private key is used to create a digital signature As you might imagine from the name.
Let’s Encrypt¶
./certbot-auto certonly --webroot -w /usr/share/nginx/www/ -d example.com -d www.example.com
/etc/letsencrypt/live/example.com/ -> /etc/letsencrypt/archive/example.com/
cert.pem chain.pem fullchain.pem privkey.pem
-> cert1.pem chain1.pem fullchain1.pem privkey1.pem
Wildcard¶
https://github.com/Neilpang/acme.sh#10-issue-wildcard-certificates
curl https://get.acme.sh | sh -s [email protected]
CF_Key= && CF_Email=
acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf
https://community.letsencrypt.org/t/wildcard-domain-step-by-step/58250/4
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns \
-d 'yourdomain.tld,*.yourdomain.tld'
OpenSSL¶
PEM (.pem, .crt, .cer) to PFX¶
https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt
Mozilla SSL Configuration Generator¶
https://mozilla.github.io/server-side-tls/ssl-config-generator/
Apache / Nginx / Lighttpd / HAProxy / AWS ELB
Modern compatibility: IE 11 on Windows 7, Android 5.0
Intermediate compatibility (default): IE 7
Nginx¶
SSL¶
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d; # default 5m
ssl_session_cache shared:SSL:50m; # *none = lie | off = reject | builtin[:size] = 1 worker| shared:name:size
ssl_session_tickets off; # default on. session resumption https://tools.ietf.org/html/rfc5077
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on; # Default off. stapling of OCSP responses
resolver <IP DNS resolver>;
ssl_stapling_verify on; # Default off. verification of OCSP responses
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;