The “Ultimate” SSL Digest: The best practical materials on Habré and not only
We at 1cloud provide virtual infrastructure lease services and most recently began to deliver SSL certificates from Comodo, Geotrust, Rapidssl, Symantec and Thawte. Adding this feature led us to a cursory analysis of publications that touched on certain aspects of working with SSL and went on Habré for the last couple of years.
We found a significant amount of translation materials and posts in corporate blogs, but it was not without manuals. It is on the practical component that we decided to make a bet in our selection of useful materials.
/ photo Intel Free Press CC
')
SSL (abbreviated to Secure Socket Layer - the level of secure sockets) is a secure connection technology implemented through asymmetric encryption for authenticating exchange keys. An SSL certificate is a unique digital website identifier. It makes it possible to establish an HTTPS connection between the web server and the client’s Internet browser, ensuring the confidentiality of the transmitted information.
You can confirm both the relation of the web server to the domain and the data of the company owning the site. Depending on the type of certificate:
Domain Validation (DV) . This type of certificate provides, in the first place, session encryption, rather than website authentication. It does not contain data about the company and confirms only the domain name, ensuring the user the accuracy of the used web resource. Certificates with domain validation offer an initial level of reliability, since they do not require documentary identification from the customer.
Organization Validation (OV) . Such certificates are a confirmation not only of the site, but also of the data of the organization-owner. The latter are certified by checking the official registration documents of the company-customer of the certificate. Obtaining an OV certificate is possible only by a legal entity.
Extended Validation (EV) . This type of certificate provides the highest level of trust and allows you to display the name of the organization that owns the site in the address bar of the user's browser ("green address bar"). The process of obtaining such a certificate takes up to 14 days.
For some certificates a financial guarantee is offered (from 10 thousand dollars). It is relevant, first of all, for the visitor of the site on which the certificate is installed. If a visitor to such a site is financially affected by fraud associated with the substitution of the site and the leakage of confidential data, the certification authority compensates for losses within the guarantee amount.
An SSL certificate can be purchased directly from a certification authority, but this is not very efficient. It is more profitable to purchase an SSL certificate from a partner who buys certificates in bulk at special prices. You can also use free SSL certificates, but they are more suitable for testing and may have a low level of trust.
We found a significant amount of translation materials and posts in corporate blogs, but it was not without manuals. It is on the practical component that we decided to make a bet in our selection of useful materials.
/ photo Intel Free Press CC
')
SSL (abbreviated to Secure Socket Layer - the level of secure sockets) is a secure connection technology implemented through asymmetric encryption for authenticating exchange keys. An SSL certificate is a unique digital website identifier. It makes it possible to establish an HTTPS connection between the web server and the client’s Internet browser, ensuring the confidentiality of the transmitted information.
You can confirm both the relation of the web server to the domain and the data of the company owning the site. Depending on the type of certificate:
Domain Validation (DV) . This type of certificate provides, in the first place, session encryption, rather than website authentication. It does not contain data about the company and confirms only the domain name, ensuring the user the accuracy of the used web resource. Certificates with domain validation offer an initial level of reliability, since they do not require documentary identification from the customer.
Organization Validation (OV) . Such certificates are a confirmation not only of the site, but also of the data of the organization-owner. The latter are certified by checking the official registration documents of the company-customer of the certificate. Obtaining an OV certificate is possible only by a legal entity.
Extended Validation (EV) . This type of certificate provides the highest level of trust and allows you to display the name of the organization that owns the site in the address bar of the user's browser ("green address bar"). The process of obtaining such a certificate takes up to 14 days.
For some certificates a financial guarantee is offered (from 10 thousand dollars). It is relevant, first of all, for the visitor of the site on which the certificate is installed. If a visitor to such a site is financially affected by fraud associated with the substitution of the site and the leakage of confidential data, the certification authority compensates for losses within the guarantee amount.
An SSL certificate can be purchased directly from a certification authority, but this is not very efficient. It is more profitable to purchase an SSL certificate from a partner who buys certificates in bulk at special prices. You can also use free SSL certificates, but they are more suitable for testing and may have a low level of trust.
Infotainment
What web developers need to know about SSLFirst put a link to the post from your blog on Habré. In it, we gave a brief analysis of frequently encountered questions on the use of SSL technology based on notes from the CertSimple project team and other materials on the topic.
SSL / TLS: vulnerability historyPresentation / seminar by Vladimir Lepikhin (Informzashchita training center) at the Positive Hack Days conference. Video report can be viewed here .
What is TLSThe translation material will allow you to meet TLS (Transport Layer Security), whose predecessor is SSL. Prepared on the basis of the chapter of the book “High Performance Browser Networking” by Ilya Grigorik .
BearSSL - SSL / TLS C implementationOverview of the philosophy, capabilities, brief documentation and plans for the development of the library of Thomas Pornin , an expert on cryptography.
CA from China mistakenly issued an SSL certificate for the user to the GitHub domainA WoSign certification center error was discovered by a student at the University of Central Florida. It was for this institution and was issued a duplicate certificate.
WoSign Free SSL - The End Of A Big Chinese FreebieAnother material about the Chinese CA and the next changes in the conditions for providing free SSL-certificates.
Fixed a serious error in the SSL settings in Microsoft Azure web rolesDmitry Meshcheryakov from the developer products department at ABBYY commented on a common mistake he mentioned earlier in the company's blog.
Certificate Authority Let's Encrypt has issued a million free certificatesAnatoly Elizar, editor of TM, recalls the achievements and progress of Let's Encrypt, the non-commercial project Mozilla and EFF .
Let's Encrypt go public betaAnother material about the service Let's Encrypt, which gives a brief explanation of why at this stage of development of the project was chosen 90-day lifetime certificates.
SSL certificates: everyone, everyone, and let no one leave offendedAnd one more material about Let's Encrypt certificate authority. The goal of the project is to accelerate the transition of the World Wide Web from HTTP to HTTPS.
Google stops supporting SHA-1 certificates after Mozilla and MicrosoftNews note from the TM editorial board, which continues to “keep abreast”, including on the subject of TLS and SSL certificates.
Conflict for SHA-1 for $ 100 thousandWarning of possible risks associated with the use of certificates with SHA-1, and the anticipated appearance of the SHA1 collision search service. A note based on a press release from experts from the Netherlands and Singapore.
Secure SSL / TLS Russian Internet BankingAn interesting study of the security of connections to the online services of the TOP 50 Russian banks (by assets), authored by adinadinov . In addition to the comparative table, the main conclusions and practical recommendations are given.
Free SSL certificates - now for 3 years from WoSignA brief note on the topic of REZ1DENT3 , well, you understand.
Best Practices for Deploying SSL / TLS (Part 1)Basic information on how to properly deploy SSL / TLS. The continuation of the theory is in the second part of the material.
Best Practices for Deploying SSL / TLS (Part 2)Continuation of the story about the main points that make up the process of deploying SSL / TLS.
How and why we do TLS in YandexThe most interesting material is kyprizel about how Yandex implements TLS: methods of termination, component unification, certificates, performance, security, and other nuances.
SSLv2 DROWN Vulnerability Can Decrypt TLS TrafficOn a vulnerability called DROWN that allows decrypting TLS client traffic, and variant protection. Experts tell Digital Security.
Past and Present SSL CertificatesA basic overview of the public key infrastructure (PKI), plus a little about certificate revocation, abuse of trust and the prospects for using SSL certificates.
Practical guides
Configure HTTPS for your application on the Azure App ServiceDetailed step-by-step instructions for those who use their domain name. Preparation, certification and installation tips.
Generating a CSR Request in IIS 8This instruction describes how to generate a certificate signing request on the IIS 8 Web server in Windows Server 2012 and order an SSL certificate through the 1cloud control panel.
Installing SSL Certificate on IIS 8How to install the received .CRT certificates (certificate file for your site) and .CA (Certificate Authority certificate file) to the server.
Installing SSL certificate on Apache (Linux)This step-by-step instruction will help you install the SSL certificate you purchased on an Apache web server running Linux: Ubuntu, Debian, or CentOS.
Generate CSR Request for Linux / MacOSCreating a CSR request using the generation service and OpenSSL together with ordering an SSL certificate via the 1cloud control panel.
Installing SSL certificate on Nginx (Linux)This step-by-step guide will help you install an acquired SSL certificate on a Nginx web server running Linux: Ubuntu, Debian, or CentOS.
Installing SSL certificate on 1C-BitrixThe 1C-Bitrix system runs under the Linux CentOS distribution ( generation of the CSR request - section for CentOS). Instructions for generating a request, ordering and installing SSL certificates.
Installing SSL certificate on Nginx (Linux)This step-by-step guide will help you install an acquired SSL certificate on a Nginx web server running Linux: Ubuntu, Debian, or CentOS.
Installing SSL certificates on D-Link DNS-320L file storageSolving the problem of connecting the device as a network drive in Widnows.
Quick installation of SSL certificate from StartSSL in iRedMail mail serverThe process of replacing SSL certificates and a script to automate all the necessary actions.
Windows Server 2008/2012 Security Best PracticesTo ensure the security of RDP connections when the connection to the server is not through VPN, it is recommended to use SSL / TLS tunneling of the connection. About this and not only.
Secure TLS connection using Boost.Asio and OpenSSL under WindowsTo build a server and client on Windows using Boost Asio and OpenSSL plus organizing information exchange over a secure TLS channel.
SSL / TLS certificates for AWS clientsIntroductory information and brief instructions for those using Amazon Web Services.
Configure SSL for AWS ApplicationsStep-by-step explanation of the process of obtaining an SSL certificate.
We are friends with virt-manager with a remote system on top of TLSStep-by-step instructions from saamich on what you need to use the graphical virt-manager to manage hypervisors on remote servers.
Configuring Nginx with Let's Encrypt on CentOS 7A guide for Let's Encrypt, the non-profit project Mozilla and EFF , described above.
Installation instructions of Let's Encrypt SSL certificate on a server with CMS Bitrix and NginxPreparation, obtaining a certificate, setting and updating.
Configuring an SSL certificate for the project “Raise Your Flag” on NginxPractical post of one of the project participants in the search for vacancies. The project itself is hosted on DigitalOcean.
Sources on SSL Certificates from Palo Alto NetworksTypes of certificates and practical manuals of various levels of complexity.
How to translate an entire site to permanent HTTPS for allTranslation guide for Linux-based servers on which Nginx is installed.
Migrating to httpsAnother translation from the TM editorial staff, which describes the steps you need to take to transfer your website from HTTP to HTTPS.
Moving to HTTPS on NginxAbout what pistonsky did when the boss came to him and said that he needed HTTPS. Instructions in 5 easy steps.
HTTPS support without any settings@rekby wrote a program for automatically writing ssl-certificates on the fly. Briefly about the requirements and principles of work.
Why is HTTPS not universally used?Good question and worthy answer, the translation of which was published by thevar1able .
Ubiquitous transition to HTTPSWhy it is not necessary to do everything, and what should be paid attention to, if we talk about TLS.
Source: https://habr.com/ru/post/315758/
All Articles