https://github.com/kunchalavikram1427/tls_mastery

TLS Mastery
https://github.com/kunchalavikram1427/tls_mastery

Last synced: 3 months ago
JSON representation

TLS Mastery

• Host: GitHub
• URL: https://github.com/kunchalavikram1427/tls_mastery
• Owner: kunchalavikram1427
• Created: 2023-03-23T16:43:39.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2023-03-27T06:07:47.000Z (over 2 years ago)
• Last Synced: 2025-03-05T04:42:55.408Z (7 months ago)
• Size: 29.3 KB
• Stars: 4
• Watchers: 2
• Forks: 19
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# SSL/TLS 

### TLS

Transport Layer Security(TLS) is a protocol that establishes an encrypted session between two computers/applications on the Internet, typically between a web browser and a webserver.  It is updated version to SSL.  It ensures that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal information. TLS encryption is used in HTTPS connections, which are secured using SSL/TLS certificates. Thus, HTTPS connections ensure that no one can snoop on your internet traffic while browsing the web or emailing your friends or family members.

### SSL/TLS Certificate

An SSL certificate is a type of digital certificate that provides authentication for a website and enables an encrypted connection. 

When a website holds an SSL certificate, a padlock icon appears on the left side of the URL address bar signifying that the connection is secure. Additionally, sites will display an HTTPS address instead of an HTTP address. 

## Creating a Self-Signed Certificate

A self-signed certificate is a certificate that's signed with its own private key. 

It can be used to encrypt data just as well as CA-signed certificates, but our users will be shown a warning that says the certificate isn't trusted.

You can create self-signed certificates using **OpenSSL**

**OpenSSL** is a handy utility to create self-signed certificates. You can use OpenSSL on all the operating systems such as Windows, MAC, and Linux flavors.

```

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout domain.key -out domain.crt

```

Here, **Rivest-Shamir-Adleman (RSA)** is an asymmetric encryption algorithm and **-nodes** (short for "no DES") is used if you don't want to protect your private key with a passphrase. Otherwise it will prompt you for "at least a 4 character" password.

Decode Certificate

```

openssl x509 -in domain.crt -text -noout

```

## Create Certificate Authority

Let's create a private key (rootCA.key) and a self-signed root CA certificate (rootCA.crt). This will act like our private CA

```

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt

```

or you can directly provide the CSR details like Country,State, Common Name etc in the command

```

openssl req -x509 \

            -sha256 \

            -days 356 \

            -nodes \

            -newkey rsa:2048 \

            -subj "/C=IN/ST=KA/L=BLR/O=DME/OU=DevSecOps/CN=www.devopsmadeeasy.in" \

            -keyout rootCA.key -out rootCA.crt 

```

Decode Certificate

```

openssl x509 -in rootCA.crt -text -noout

```

## Create Private Key and CSR

Create the Server Private Key

```

openssl genrsa -out domain.key 2048

```

Now, we have a key, we need a certificate signing request (CSR).

Lets start with a `csr.conf`(CSR Configuration) with the below contents

```

cat > csr.conf < v3.ext < csr.conf <