没有合适的资源？快使用搜索试试~ 我知道了~

文库首页安全技术网络安全openssl cookbook

openssl cookbook

openssl

cookbook

需积分: 10 23 下载量 164 浏览量 2015-12-12 23:10:29 上传评论收藏 1.57MB PDF 举报

温馨提示

试读

57页

openssl cookbook 详细介绍了openssl证书的生成和最佳实践

资源推荐

资源详情

资源评论

OPENSSL

COOKBOOK

A Guide to the Most Frequently Used

OpenSSL Features and Commands

Ivan Ristić

Bulletproof SSL/TLS and PKI

From the book

Last update: Fri Nov 01 09:47:58 GMT 2013 (build 128)

fffUTXbchSdRZR^\

FINE TECHNOLOGY BOOKS

BULLETPROOF

SSL /TLS AND PKI

The Complete Guide to Securely Using SSL/TLS and PKI in

Infrastructure Deployment and Web Application Development

Ivan Ristić

Free edition: Getting Started

The complete guide to securely using SSL/TLS

and PKI in infrastructure deployment and

web application development

Personal copy of Stanley Laurel <neolinux33@gmail.com>

OpenSSL Cookbook

Ivan Ristić

Personal copy of Stanley Laurel <neolinux33@gmail.com>

OpenSSL Cookbook

by Ivan Ristić

Version 1.1 build 127, published in October 2013.

First published in May 2013.

ISBN: 978-1907117053

Feisty Duck Limited

www.feistyduck.com

contact@feistyduck.com

Address:

6 Acantha Court

Montpelier Road

London W5 2QP

United Kingdom

Production editor: Jelena Girić-Ristić

Copyeditors: Melinda Rankin, Nancy Wolfe Kotary

by any means, without the prior permission in writing of the publisher.

The author and publisher have taken care in preparation of this book, but make no expressed or implied warranty of any kind and

assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection

with or arising out of the use of the information or programs contained herein.

Feisty Duck Digital

Book Distribution

www.feistyduck.com

Personal copy of Stanley Laurel <neolinux33@gmail.com>

iii

Table of Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Feedback vi

About Bulletproof SSL/TLS and PKI vi

About the Author vi

1. OpenSSL Cookbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Getting Started 2

Determine OpenSSL Version and Conﬁguration 2

Building OpenSSL 3

Examine Available Commands 4

Building a Trust Store 5

Key and Certiﬁcate Management 7

Key Generation 7

Creating Certiﬁcate Signing Requests 11

Creating CSRs from Existing Certiﬁcates 13

Unattended CSR Generation 13

Signing Your Own Certiﬁcates 13

Creating Certiﬁcates Valid for Multiple Hostnames 14

Examining Certiﬁcates 15

Key and Certiﬁcate Conversion 18

Conﬁguration 20

Cipher Suite Selection 21

Performance 31

A. SSL/TLS Deployment Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Introduction 35

1. Private Key and Certiﬁcate 36

1.1. Use 2048-bit Private Keys 36

1.2. Protect Private Keys 36

1.3. Ensure Sufﬁcient Hostname Coverage 36

1.4. Obtain Certiﬁcates from a Reliable CA 37

Personal copy of Stanley Laurel <neolinux33@gmail.com>