Scribd Logo
Upload

Welcome to Scribd!

  • Apache SSL

    Uploaded by

    kikirn
    20 views30 pages
    Apache Ssl

    Original Title

    Apache Ssl

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Apache Ssl

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views30 pages

    Apache SSL

    Uploaded by

    kikirn
    Apache Ssl

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    Apache and SSL

    Presented by Paul Weinstein,


    Waubonsie Consulting,
    <pdw@waubonsie.com>
    OReilly Open Source Convention
    July 24, 2002

    Hello World
    Introduction
    What Will Be Covered
    o Review of SSL
    o Quick History of Apache and SSL
    o Apache 1.3.x
    o Apache 2.0.x
    o Cool Tricks of Apache and SSL
    What Wont Be Covered

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 2

    Disclaimer
    It should be noted that this presentation
    does not cover all issues relating to
    securing networked based machines and
    their content. This presentation is
    designed only to introduce basic concepts
    and configuration of Apache and SSL.

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 3

    SSL and TLS:


    Secure Sockets Layer (SSL), developed by
    Netscape Communications, and Transport
    Layer Security (TLS), the open-standard
    replacement for SSL from the Internet
    Engineering Task Force, are the two
    protocols that add encryption and
    authentication to TCP/IP.

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 4

    SSL and TLS:

    Two Main Features


    Ciphers; which enable the encryption
    of data between the client and server.
    Digital Certificates; which provide a
    method of authentication of a client
    and server.

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 5

    SSL and TLS:


    Ciphers

    Symmetric (a.k.a. Secret-Key)


    Asymmetric (a.k.a. Public-Key)

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 6

    SSL and TLS:

    Digital Certificates

    Advantage of Public-Key Encryption


    Server Certificate
    Client Certificate
    Root Certificate

    Certificate Authority
    o Public Certificate Authority
    o Private Certificate Authority
    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 7

    Apache and SSL:


    A Timeline

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 8

    mod_ssl
    Support for SSL v2, v3 and TLS v1
    Advance pass-phrase handling for
    private keys
    X.509 based digital certificates,
    certificate generation, certificate
    revocation list
    Support for crypto acceleration
    hardware *
    Backward compatibility
    * Platform Dependent
    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 9

    mod_ssl
    Most Popular SSL Solution for Apache
    o 1,098,542 of 4,577,603 or 23.99%*
    Second Only to PHP and Perl Overall
    o 43.71% and 24.11%*

    * Source: E-Soft June 2002 Report, <http://www.securityspace.com>


    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 10

    Apache 1.3.x:
    mod_ssl

    Integration
    o Needs EAPI
    o Can Build as a
    DSO
    o OpenSSL
    Toolkit

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 11

    Apache 2.0.x:
    mod_ssl

    Supports New Apache 2.0 Architecture


    Included with the Apache 2.0.x source
    code
    To add mod_ssl when building Apache
    o --enable-ssl
    o --with-ssl=/path/to/OpenSSL/lib

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 12

    Apache and SSL:

    Cool Tricks - The Ubiquitous Online Store

    Transacting of payment information for


    consumer good(s) in a secure manner
    between the customer and the business.

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 13

    Apache and SSL:

    Cool Tricks - The Ubiquitous Online Store


    What We Need:
    o Enable mod_ssl
    o Request a server certificate from a
    public certificate authority
    o Install server certificate
    o Add a CGI script to collect data
    o Configure access to CGI script via
    HTTPS
    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 14

    Apache and SSL:

    Cool Tricks - The Ubiquitous Online Store


    What We Get:

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 15

    Apache and SSL:

    Cool Tricks - The Ubiquitous Online Store


    What We Get:
    o The communication with the store is
    secure.
    o The server on the other end, decrypting
    the data is in fact the online store as
    identified by the servers digital
    certificate and authenticated by a
    trusted third party.

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 16

    Apache and SSL:

    Cool Tricks - An Organizations Intranet

    Transacting of organizational
    information in a secure manner between
    the organizations groups and
    individuals.
    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 17

    Apache and SSL:

    Cool Tricks - An Organizations Intranet


    What We Need:
    o Create a private certificate authority
    using OpenSSL
    o Enable mod_ssl
    o Request a server certificate from the
    private certificate authority
    o Install server certificate

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 18

    Apache and SSL:

    Cool Tricks - An Organizations Intranet


    What We Need:
    o Add a CGI script to collect data
    o Configure access to CGI script via
    HTTPS
    o Install private certificate authority's
    root certificate
    o Configure server to authenticate
    clients based on certificates from
    private certificate authority
    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 19

    Apache and SSL:

    Cool Tricks - An Organizations Intranet


    What We Need:
    o Sign client certificate requests &
    install in clients web browsers
    o Install private certificate authoritys
    root certificate
    o Authenticate servers based on
    private certificate authority

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 20

    Apache and SSL:

    Cool Tricks - An Organizations Intranet


    What We Get:

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 21

    Apache and SSL:

    Cool Tricks - An Organizations Intranet


    What We Get:
    oThe communication within the
    organization is secure.
    oThe server on one end is in fact
    organizations server - the
    information from is valid.
    oThe client on the other end is in
    fact a member of the organization
    - the information has not been
    compromised.
    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 22

    Review of Apache and SSL

    SSL and TLS


    History of Apache and SSL
    Apache 1.3.x
    Apache 2.0.x
    Cool Tricks of Apache and SSL

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 23

    Citation
    Engelschall, Ralf User Manual mod_ssl
    Version 2.8 Jan. 2001
    <http://www.modssl.org/docs/2.8>
    mod_ssl: The Apache Interface to
    OpenSSL <http://www.modssl.org>

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 24

    Citation
    Weinstein, Paul. "Web Security:
    Encryption & Authentication."
    Daemonnews (May 2001): 15 pars.
    <http://www.daemonnews.org/200105/s
    sl_apache.html>
    Weinstein, Paul "Web Security: Apache
    and mod_ssl." Daemonnews (June
    2001): 15 pars.
    <http://www.daemonnews.org/200106/s
    sl_apache_pt2.html>
    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 25

    Suggested References
    This Presentation:
    o Article:
    Weinstein, Paul. Apache and
    SSL OReilly Network:
    ONLamp.com (April 2002): 24
    pars.
    <http://www.onlamp.com/pub/a/o
    nlamp/2002/04/18/ssl.html>

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 26

    Suggested References
    This Presentation:
    o Slides:
    <http://www.waubonsie.com>
    <http://www.weinstein.org/work/
    presentations/oscon02/apache_ssl/
    > (HTML)
    <http://www.weinstein.org/work/
    presentations/oscon02/apache_ssl.
    pdf> (PDF)

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 27

    Suggested References
    Apache Project,
    <http://www.apache.org>
    Apache Week,
    <http://www.apacheweek.com>

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 28

    Suggested References
    mod_ssl Project,
    <http://www.modssl.org>
    o Mailing Lists, List Archives:
    <modssl-announce@modssl.org>
    <modssl-users@modssl.org>
    o<http://marc.theaimsgroup.co
    m/?l=apache-modssl>

    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 29

    Suggested References

    OpenSSL Project, <http://www.openssl.org>


    o Mailing Lists, List Archives:
    <openssl-announce@openssl.org>
    o <http://marc.theaimsgroup.com/?l=opensslannounce>
    <openssl-cvs@openssl.org>
    o <http://marc.theaimsgroup.com/?l=
    openssl-cvs>
    <openssl-dev@openssl.org>
    o <http://marc.theaimsgroup.com/?l=
    openssl-dev>
    <openssl-users@openssl.org>
    o <http://marc.theaimsgroup.com/?l=
    openssl-users>
    Apache and SSL - Paul Weinstein - <pdw@waubonsie.com> - 30

    You might also like