apache ssl
DESCRIPTION
Apache SslTRANSCRIPT
-
Apache and SSL
Presented by Paul Weinstein,Waubonsie Consulting,
OReilly Open Source ConventionJuly 24, 2002
-
Apache and SSL - Paul Weinstein - - 2
Hello World Introduction What Will Be Covered
o Review of SSLo Quick History of Apache and SSLo Apache 1.3.xo Apache 2.0.xo Cool Tricks of Apache and SSL
What Wont Be Covered
-
Apache and SSL - Paul Weinstein - - 3
Disclaimer
It should be noted that this presentationdoes not cover all issues relating to
securing networked based machines andtheir content. This presentation is
designed only to introduce basic conceptsand configuration of Apache and SSL.
-
Apache and SSL - Paul Weinstein - - 4
SSL and TLS:
Secure Sockets Layer (SSL), developed byNetscape Communications, and Transport
Layer Security (TLS), the open-standardreplacement for SSL from the InternetEngineering Task Force, are the twoprotocols that add encryption and
authentication to TCP/IP.
-
Apache and SSL - Paul Weinstein - - 5
SSL and TLS:Two Main Features
Ciphers; which enable the encryptionof data between the client and server.
Digital Certificates; which provide amethod of authentication of a clientand server.
-
Apache and SSL - Paul Weinstein - - 6
SSL and TLS:Ciphers
Symmetric (a.k.a. Secret-Key)
Asymmetric (a.k.a. Public-Key)
-
Apache and SSL - Paul Weinstein - - 7
SSL and TLS:Digital Certificates
Advantage of Public-Key Encryption Server Certificate Client Certificate Root Certificate
Certificate Authorityo Public Certificate Authorityo Private Certificate Authority
-
Apache and SSL - Paul Weinstein - - 8
Apache and SSL:A Timeline
-
Apache and SSL - Paul Weinstein - - 9
* Platform Dependent
mod_ssl Support for SSL v2, v3 and TLS v1 Advance pass-phrase handling for
private keys X.509 based digital certificates,
certificate generation, certificaterevocation list
Support for crypto accelerationhardware *
Backward compatibility
-
Apache and SSL - Paul Weinstein - - 10
* Source: E-Soft June 2002 Report,
mod_ssl
Most Popular SSL Solution for Apacheo 1,098,542 of 4,577,603 or 23.99%*
Second Only to PHP and Perl Overallo 43.71% and 24.11%*
-
Apache and SSL - Paul Weinstein - - 11
Apache 1.3.x:mod_ssl
Integrationo Needs EAPIo Can Build as a
DSOo OpenSSL
Toolkit
-
Apache and SSL - Paul Weinstein - - 12
Supports New Apache 2.0 Architecture Included with the Apache 2.0.x source
code To add mod_ssl when building Apache
o --enable-sslo --with-ssl=/path/to/OpenSSL/lib
Apache 2.0.x:mod_ssl
-
Apache and SSL - Paul Weinstein - - 13
Transacting of payment information forconsumer good(s) in a secure manner
between the customer and the business.
Apache and SSL:Cool Tricks - The Ubiquitous Online Store
-
Apache and SSL - Paul Weinstein - - 14
Apache and SSL:Cool Tricks - The Ubiquitous Online Store
What We Need:o Enable mod_sslo Request a server certificate from a
public certificate authorityo Install server certificateo Add a CGI script to collect datao Configure access to CGI script via
HTTPS
-
Apache and SSL - Paul Weinstein - - 15
Apache and SSL:Cool Tricks - The Ubiquitous Online Store
What We Get:
-
Apache and SSL - Paul Weinstein - - 16
Apache and SSL:Cool Tricks - The Ubiquitous Online Store
What We Get:o The communication with the store is
secure.o The server on the other end, decrypting
the data is in fact the online store asidentified by the servers digitalcertificate and authenticated by atrusted third party.
-
Apache and SSL - Paul Weinstein - - 17
Transacting of organizationalinformation in a secure manner between
the organizations groups andindividuals.
Apache and SSL:Cool Tricks - An Organizations Intranet
-
Apache and SSL - Paul Weinstein - - 18
Apache and SSL:Cool Tricks - An Organizations Intranet
What We Need:o Create a private certificate authority
using OpenSSLo Enable mod_sslo Request a server certificate from the
private certificate authorityo Install server certificate
-
Apache and SSL - Paul Weinstein - - 19
Apache and SSL:Cool Tricks - An Organizations Intranet
What We Need:o Add a CGI script to collect datao Configure access to CGI script via
HTTPSo Install private certificate authority's
root certificateo Configure server to authenticate
clients based on certificates fromprivate certificate authority
-
Apache and SSL - Paul Weinstein - - 20
Apache and SSL:Cool Tricks - An Organizations Intranet
What We Need:o Sign client certificate requests &
install in clients web browserso Install private certificate authoritys
root certificateo Authenticate servers based on
private certificate authority
-
Apache and SSL - Paul Weinstein - - 21
Apache and SSL:Cool Tricks - An Organizations Intranet
What We Get:
-
Apache and SSL - Paul Weinstein - - 22
Apache and SSL:Cool Tricks - An Organizations Intranet
What We Get:oThe communication within the
organization is secure.
oThe server on one end is in factorganizations server - theinformation from is valid.
oThe client on the other end is infact a member of the organization- the information has not beencompromised.
-
Apache and SSL - Paul Weinstein - - 23
Review of Apache and SSL SSL and TLS History of Apache and SSL Apache 1.3.x Apache 2.0.x Cool Tricks of Apache and SSL
-
Apache and SSL - Paul Weinstein - - 24
Citation Engelschall, Ralf User Manual mod_ssl
Version 2.8 Jan. 2001
mod_ssl: The Apache Interface toOpenSSL
-
Apache and SSL - Paul Weinstein - - 25
Citation Weinstein, Paul. "Web Security:
Encryption & Authentication."Daemonnews (May 2001): 15 pars.
Weinstein, Paul "Web Security: Apacheand mod_ssl." Daemonnews (June2001): 15 pars.
-
Apache and SSL - Paul Weinstein - - 26
Suggested References This Presentation:
o Article: Weinstein, Paul. Apache and
SSL OReilly Network:ONLamp.com (April 2002): 24pars.
-
Apache and SSL - Paul Weinstein - - 27
Suggested References This Presentation:
o Slides: (HTML)
(PDF)
-
Apache and SSL - Paul Weinstein - - 28
Suggested References Apache Project,
Apache Week,
-
Apache and SSL - Paul Weinstein - - 29
Suggested References mod_ssl Project,
o Mailing Lists, List Archives:
o
-
Apache and SSL - Paul Weinstein - - 30
Suggested References OpenSSL Project,
o Mailing Lists, List Archives:
o
o
o
o