Last Update: January 2022
First Edition 版次： May 2013
Digital formats: PDF, EPUB
Print Length: 84 pages
The definitive guide to using the OpenSSL command line for configuration and testing, by Ivan Ristić
For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI. Written Author: Ivan Ristić, a security researcher and author of SSL Labs, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks.
For all its warts, OpenSSL is one of the most successful and most important open source projects. It’s successful because it’s so widely used; it’s important because the security of large parts of the Internet infrastructure relies on it. The project consists of a high-performance implementation of key cryptographic algorithms, a complete TLS and PKI stack, and a command-line toolkit. I think it’s safe to say that if your job has something to do with security, web development, or system administration, you can’t avoid having to deal with OpenSSL on at least some level. The majority of the Internet is powered Author: open source products, and most of them rely on OpenSSL.
This book focuses on the command-line aspects of OpenSSL. Chapter 1, OpenSSL Command Line, will help users who need to perform routine tasks of key and certificate generation, and configure programs that rely on OpenSSL for TLS functionality. This chapter also discusses how to create a complete private CA, which is useful for development and similar internal environments. Chapter 2, Testing TLS with OpenSSL, focuses on server security testing using OpenSSL. Although sometimes time consuming, this type of low-level testing can’t be avoided when you wish to know exactly what’s going on.
Both chapters are borrowed from my larger work, called Bulletproof TLS and PKI. In fact, I started to write that book Author: first writing the OpenSSL chapters, releasing them as OpenSSL Cookbook in 2013. I wanted to do this because there is a serious lack of good and up to date documentation. As is often true complex and long-lived projects, the OpenSSL documentation you can find across the Internet is often wrong and outdated.