ssl implementation guide onno w. purbo [email protected]
TRANSCRIPT
SSL Implementation Guide
Onno W. [email protected]
Reference http://www.verisign.com http://www.openssl.org
Implementation Steps Obtain and install a server Digital ID
from VeriSign. Defines your Access Control List (ACL). Set server options to restrict access to
clients presenting certificates. Set options to enable SSL on your
server for secure, authenticated transactions.
Read certificate information to provide customized services (optional).
Port HTTP = 80 HTTP + SSL = 443
Cryptography Algorithm SYMMETRIC CIPHERS
blowfish, cast, des, idea, rc2, rc4, rc5 Public Key Cryptography & Key Agreement
dsa, dh, rsa Certificates
x509, x509v3 Authentication Codes, Hash Functions
hmac, md2, md4, md5, mdc2, ripemd, sha Input/Output, Data Encoding
asn1, bio, evp, pem, pkcs7, pkcs12
SSL Process establish private communications perform client authentication
If insecure ..
If secure ..
Client Hello
Server Hello
Client Master Key
Client Finish
Server Verify
Request Client Certificate
Client Certificate If client does not have certificate
Error Message If not ….
Client Certificate
Server verifies Client Authenticity Check it to root CA Check by rehashing the
certificate ..
Server verifies Client
Server Finish
Enabling SSL at Server Generate your server's key pair
(public and private keys) using your server's built-in software
Request a certificate from VeriSign Install the certificate VeriSign
sends you Activate SSL for your server
Request Secure Server Cert Create a Certificate Signing Request (CSR)
from the server. This process is detailed in the server documentation.
Complete the online enrollment form at VeriSign's Digital ID center at http://digitalid.verisign.com.
If your organization is new, mail or fax your company's articles of incorporation or other proof-of-right documents to VeriSign at 650.961.8870. These documents are used to verify your company's authenticity if you are not listed with Dun and Bradstreet.