Secure Sockets Layer (SSL) FundamentalsCourse Navigation

Get t ing St ar t edSection 1

Real-Wor ld Use CasesSection 3

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Getting Started

Back t o Main

Get t ing St ar t edSection 1

Course Navigation

Introduction to Public Key Infrastructure (PKI)

Introduction to Cryptography

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Real-Wor ld Use CasesSection 3

Introduction to Asymmetric Encryption

Introduction

Before we can get into the meat and potatoes of SSL, it 's important to first get a good understanding of what encrypt ion is and why it is used in today's computing environment.

In our Get t ing St ar t ed section, we're going to establish the following principles:

Crypt ography

Asym m et r ic Encrypt ion

PKI

Next

1

2

3

Getting Started

Back t o Main

Get t ing St ar t edSection 1

Course Navigation

Introduction to Public Key Infrastructure (PKI)

Introduction to Cryptography

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Real-Wor ld Use CasesSection 3

Introduction to Asymmetric Encryption

Int roduct ion t o Asym m et r ic Encrypt ion

Int roduct ion t o Asym m et r ic Encrypt ion

NextBack

Dr. Whitfield Diffie and Dr. Martin Hellman came together to try to solve t he issues associated with symmetric encryption: key dist r ibut ion .

They developed the first asymmetric key exchange, which later became known as the Dif f ie-Hellm an Key Exchange.

To facil i t at e this, both users in an exchange agree on a shared private key. There's a complex algorithm associated with it, but the basis is that if you know your key, you can then decrypt that message.

For inst ance, if my key is 367 and yours is 235, then we end up with:

367 x 235 = 86245

Int roduct ion t o Crypt ography

Dif f ie-Hellm an

Getting Started

Back t o Main

Get t ing St ar t edSection 1

Course Navigation

Introduction to Public Key Infrastructure (PKI)

Introduction to Cryptography

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Real-Wor ld Use CasesSection 3

Introduction to Asymmetric Encryption - Ron Rivest

- Adi Shamir- Leonard Adleman

Widely used today for secure dat a t ransm issions

In RSA, each user has a widely available public key as well as a secret pr ivat e key.

When sending a message, the sender uses the receiver 's public key to encrypt that message.

The only key that can be used to decrypt that message is the receiver 's pr ivat e key.

Int roduct ion t o Asym m et r ic Encrypt ion

Int roduct ion t o Asym m et r ic Encrypt ion

NextBack

Int roduct ion t o Crypt ography

RSA

Creat ed By

Getting Started

Back t o Main

Get t ing St ar t edSection 1

Course Navigation

Introduction to Public Key Infrastructure (PKI)

Introduction to Cryptography

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Real-Wor ld Use CasesSection 3

Introduction to Asymmetric Encryption

Int roduct ion t o Public Key Inf rast ruct ure (PKI)

Int roduct ion t o Public Key Inf rast ruct ure (PKI)

Int roduct ion t o Asym m et r ic Encrypt ion

NextBack

Used for t ransact ional exchanges Not any specific technology but rather a f ram ework based on asymmetric technologies

Int roduct ion t o Crypt ography

PKI (Public Key Inf rast ruct ure)

Asym m et r ic Encrypt ion

Cer t if icat es

Issued by a cer t if icat e aut hor it y (CA)

Provides

Conf ident ial i t y, aut hent icit y, int egr it y, and nonrepudiat ion

Getting Started

Back t o Main

Get t ing St ar t edSection 1

Course Navigation

Introduction to Public Key Infrastructure (PKI)

Introduction to Cryptography

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Real-Wor ld Use CasesSection 3

Introduction to Asymmetric Encryption

Int roduct ion t o Public Key Inf rast ruct ure (PKI)

Int roduct ion t o Asym m et r ic Encrypt ion

Back

Regist rat ion Aut hor it y (RA)

Int roduct ion t o Crypt ography

Web Server

Web Server SSL Request

Cer t if icat e Aut hor it y (CA)

Could be: - DigiCert- Verisign- Comodo- GoDaddy- Etc.

Int roduct ion t o Public Key Inf rast ruct ure (PKI)

Using Encryption to Protect Network Communications

Back t o Main

Get t ing St ar t edSection 1

Course Navigation

The Use of Hybrid Encryption in SSL

Secure Protocols Overview

How a Public Key Exchange (PKE) Works

How (and Why) TLS Superseded SSL

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Real-Wor ld Use CasesSection 3

Introduction

Now that we have a basic understanding of what crypt ography is and what it 's used for, let 's discuss how we use it today to secure our net work com m unicat ions.

In this section, we'll look at the following:

Secure Prot ocols Overview

The Use of Hybr id Encrypt ion

How a Public Key Exchange (PKE) Works

How (and Why) TLS Superseded SSL

Next

1

2

3

4

Using Encryption to Protect Network Communications

Back t o Main

Get t ing St ar t edSection 1

Course Navigation

The Use of Hybrid Encryption in SSL

Secure Protocols Overview

How a Public Key Exchange (PKE) Works

How (and Why) TLS Superseded SSL

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Real-Wor ld Use CasesSection 3

HTTP Applicat ion

Present at ion

Secure Prot ocols Overview

Secure Prot ocols Overview

NextBack

Com m unicat ion via SSL

FTP

FTP, SMTP, and HTTP operate at the Applicat ion layer of the OSI model.

When we're securing these with SSL/TLS, we put a crypt ographic wrapper around the communication at the Transpor t layer.

Session

Transpor t

Net work

Dat a Link

Physical

SSL Wrapper

SMTP

Back t o Main

Course Navigation

Requesting and Setting Up a Web Server Cert

Setting Up a Private Docker Registry Using SSL

Encrypting File System (EFS) Overview

Real-Wor ld Use CasesSection 3

Get t ing St ar t edSection 1

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Setting Up OpenLDAP to Use SSL/TLS

Real-World Use CasesReal Wor ld Use Cases

NextNext

Introduction

Now that we know the t heory behind SSL and TLS, let 's dive into some of the real-wor ld applicat ions of SSL cer t if icat es.

In this section, we'll walk through im plem ent at ions of the following:

Set t ing Up a Web Server Cer t

Set t ing Up a Pr ivat e Docker Regist ry Using SSL

Encrypt ing File Syst em (EFS) Overview

Set t ing Up OpenLDAP Using SSL/TLS

1

2

3

4

Back t o Main

Course Navigation

Requesting and Setting Up a Web Server Cert

Setting Up a Private Docker Registry Using SSL

Encrypting File System (EFS) Overview

Real-Wor ld Use CasesSection 3

Get t ing St ar t edSection 1

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Setting Up OpenLDAP to Use SSL/TLS

Real-World Use CasesRequest ing and Set t ing Up a Web Server Cer t if icat e

Request ing and Set t ing Up a Web Server Cer t

NextBack

1

2

3

4

NGINX

Request certificate from CA.

Place certificate on server.

Modify NGINX conf file to listen on port 443.

Add certificate location to NGINX conf file.

Back t o Main

Course Navigation

Requesting and Setting Up a Web Server Cert

Setting Up a Private Docker Registry Using SSL

Encrypting File System (EFS) Overview

Real-Wor ld Use CasesSection 3

Get t ing St ar t edSection 1

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Setting Up OpenLDAP to Use SSL/TLS

Real-World Use Cases

Request ing and Set t ing Up a Web Server Cer t

NextBack

1

2

3

4

Install Docker Engine on server and host.

Get certificate (or, in our case, create certificate).

Add certificate to Docker 's trusted certificates. This makes Docker trust our X.509 cert.

Create the Docker Registry.

Set t ing Up a Pr ivat e Docker Regist ry Using SSL

Set t ing Up a Pr ivat e Docker Regist ry Using SSL

Pr ivat e Docker Regist ry

5

Add server IP to OpenSSL configuration file before creating certificates.

Back t o Main

Course Navigation

Requesting and Setting Up a Web Server Cert

Setting Up a Private Docker Registry Using SSL

Encrypting File System (EFS) Overview

Real-Wor ld Use CasesSection 3

Get t ing St ar t edSection 1

Using Encrypt ion t o Prot ect Net work Com m unicat ions

Section 2

Setting Up OpenLDAP to Use SSL/TLS

Real-World Use CasesSet t ing Up OpenLDAP t o Use SSL

Set t ing Up OpenLDAP t o Use SSL

Back

Encrypt ing File Syst em (EFS) Overview

Set t ing Up a Pr ivat e Docker Regist ry Using SSL

Request ing and Set t ing Up a Web Server Cer t

OpenLDAP

Provides an LDAP service.

Out of the box, the server communicates over an insecure connect ion .

There are two major secur it y issues with this:

- The server remains unaut hent icat ed to the client, so an at t acker could establish and redirect traffic to a rogue server.

- The traffic could be in t ercept ed.

Introducing an SSL certificate into the approach allows us to m it igat e these concerns.

Tradit ionally, secure com m unicat ions were handled via LDAPS protocol (port 636) ? however, this has been deprecat ed and replaced with the STARTTLS function.