Openssl

From docwiki
Revision as of 16:25, 1 April 2020 by Mond (talk | contribs) (SSL Terminology)
Jump to: navigation, search


Motivation

As we know: The traffic on the internet is constantly monitored and there are a lot of bad guys out there who want to hack into your systems. Encrypting the information is thus a must. With openssl we have a general purpose tool that helps you with all tasks regarding SSL encryption.

Here you get a quick overview of how to handle certificate with openssl.

SSL Terminology

When you build a service that is protected with SSL there are 2 options:

  1. Only the server has a certificate and anyone can connect, yet the traffic is encrypted.
  2. The Client also presents a certificate to the server and the server can allow or deny access based on that certificate.

Let's first try to understand the first case:

SSL/TLS works with public key encryption. The server has a public and a private key. When a client connects the public key is sent and that can be used to encrypt the information so that only the server can decypher it with its public key. In reality this is only used to negotiate an additional symmetric key that is only used during the session.

Now this works but there is one major weakness in this: 

The public key will be stored in a certificate. This certificate contains public key, the name of the server, information about the owner and the period of validity, a reference to a certificate authority that has signed this key and the digital signature of that authority.

openssl

Retrieved from "https://mond.at/docwiki/index.php?title=Openssl&oldid=469"