How SSL(Secure Socket Layer) works with Apache?
The client sends a request to the server for a secure session.
The server responds by sending its X.509 digital certificate to the client.
The client receives the server's X.509 digital certificate.
The client authenticates the server, using a list of known certificate authorities.
The client generates a random symmetric key and encrypts it using server's public key.
The client and server now both know the symmetric key and can use the SSL encryption process to encrypt and decrypt the information contained in the client request and the server response.
# How you create SSL certificate?
Ensure you have the correct website information.
Decide the type of SSL certificate you need.
Choose a Certificate Authority (CA)
Generate a Certificate Signing Request (CSR)
Submit the CSR to a Certificate Authority (CA)
Await validation by the CA.
Install your SSL certificate.
TLS (Transport Layer Security)
TLS is an improved version of SSL.
Both Secure Socket Layer and Transport Layer Security are the protocols used to provide security between web browsers and web servers.
In SSL Message digest is used to create a master secret and It provides the basic security services which are Authentication and confidentiality
In TLS (Transport Layer Security), a Pseudo-random function is used to create a master secret.
Cipher suites A cipher suite is a set of algorithms that help secure a network connection. Suites typically use Transport Layer Security (TLS) or its now-deprecated predecessor Secure Socket Layer (SSL). The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.[1]
The key exchange algorithm is used to exchange a key between two devices.
Example of a cipher suite name: DHE_RSA_AES256_SHA256.
RSA as its authentication algorithm, AES256 for its bulk data encryption algorithm, and SHA256 for its Message Authentication Code (MAC) algorithm
Decode CSR:
openssl req -in mycsr.csr -noout -text
Certificate Decoder
openssl x509 -in certificate.crt -text -noout
Create RSA private Key and CSR:
openssl req -new -newkey rsa:2048 -nodes -keyout your_domain.key -out your_domain.csr
Certificate Match check:
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum
Single signon
Single signon is a metod that determine the identity of a user without the user signon every application. For Example if you log in to a Google service such as Gmail, you are automatically authenticated to YouTube, AdSense, Google Analytics, and other Google apps
Client certificate
.Client certificates are digital certificates for users individuals to prove their identity to a servers. client certificates tends to be used in private organizations
Digitaal certificates authenticate online credntials and identity of a person and allow web users and recepients