OPEN SSL – The Hero Nobody Talks About
OPEN SSL – The Hero Nobody Talks About
In this article, we discuss how SSL certificates work to ensure modern security standards for websites within HTTPS connections.
Join the DZone community and get the full member experience.Join For Free
When we see HTTPS and HTTP connections, most of us can’t differentiate between them. We ask ourselves what difference can a single, "S," make? Little do we know that the letter "S" is all that matters.
The difference between the HTTP and HTTPS connection is not of just a letter, but a secure and protected connection ensured by a valid SSL certificate.
In this article, we’re going to talk about what this SSL/TLS (Secure Socket Layer and Transfer Layer Security) protocol is and how do you get the certificate for a website in simple words.
We don’t even know, but we come across so many SSL certified websites, mobile applications, emails, messaging, etc. Most commonly these are on websites, but most of us are unaware of even the full-form. SSL certificates can be viewed as a lock from the client-side to which the keys are only the receiver (website/server).
You may also like: What Is SSL? How Do SSL Certificates Work?
SSL certificates facilitate “encryption” — when we hear that word, the only thing that comes to our mind is “Cipher” and “Decipher,” a process of converting the data we send into a format that cannot be decoded by any third party that is then decoded by the receiver website with a private key.
The establishment of a secure connection is known as the “SSL handshake.” We can understand it with the help of an example from our day-to-day lives.
For example, when someone hires us for an important job. The steps are as follows:
We greet each other — similarly the client and the server exchange
serverHellomessages with some information regarding SSL certification. Hence, a secure connection is in place between the two of us.
Checking the identity, records, etc. — After the hello, both of us loosen up a bit; the client verifies the server through the information mentioned in the SSL certificate (e.g. location, public key, validity dates, etc.), and just like our employer checks the authenticity of our certificate here, the client checks the validity of the certificate authority.
Exchange of keys — When our employer trusts us, he/she leaves us with the key for our cabin or for the office (the keys of the house in the case of hiring a caretaker). Similarly, the client and server exchange the public and private key and asymmetric or systematic encryption take place.
In this way, a trustworthy employee is hired, similarly to the establishment of a secure connection.
Obtaining a Certificate
This is where OpenSSL comes into the picture. This goes back to December 1998, when the first site opened up was www.openSSL.org. It is an online software library that provides applications to protect any website from third-party eavesdropping and tampering of data. It also helps in private key generation, which is a very important aspect of the TLS protocol
As the name suggests, open SSL is open to all web developers/owners so that they are well equipped with all necessary tools. It is available for Linux, Windows, macOS, and BSD systems
Now, just like any organization would have to conform to the norms of public security, so that they can build a relationship of trust and goodwill between them and the customers, websites should have the SSL certificate. Open SSL helps them achieve that.
Similar to when we have completed our internship with an organization, the certificate is a proof which guarantees the authenticity of our work and the level of work we have done, the digital certificate has to apply for in the Open SSL library for SSL certification.
To convert our SSL certificate into different formats, we need to know a bit about different Open SSL commands. There are different OpenSSL versions, which are supported by the TLS protocol – 1.1.1, 1.0.2, and 1.1.0
To check our Open SSL version, we can use the command:
openssl version -a
CSR generation — Certificate signing request. This is the request sent by a web owner to the authority for the application of a certificate. OpenSSL helps in generating a CSR code.
Generation of the private key — Private key is the only way to unlock the public key created later. It needs to be unique and comes with a choice of whether to put an additional password to the private key, but all the servers do not accept a private key with a password.
There are two algorithms for generating the private key – RSA Algorithm for 2048 bit key size and ECDSA algorithm for 256 bit.
To generate the private key with the RSM algorithm, we should use the following command:
opensslrsa -text -in yourdomain.key -noout
Extraction of Public Key — The public key is extracted from the private key itself with the following command:
opensslreq -new -key yourdomain.key -out yourdomain.csr
Before generating the CSR, some important queries are made just like before giving you an id card:
Country code (2 letter code).
State or province name.
Organization Unit name.
Verifying Information and Certificate Details
Lastly, what do we do when we get our certificate? We check that all the information is correct and if our name matches the name on the certificate. Similarly, there’s a command to identify whether the certificate’s info matches our private key or not:
openssl x509 -text -in yourdomain.crt -noout
The demand for SSL certificates has increased rapidly after the “HTTPS Everywhere” campaign was launched by Google and Mozilla Firefox in 2014, as it forces each website on its SEO browser to have the HTTPS connection instead of HTTP. This was a very important campaign as it made security and privacy not only an option but the only choice as with the increasing rate of cybercrime around the world it is very important that we do everything possible from our side to ensure our privacy.
Published at DZone with permission of Crumb Peter . See the original article here.
Opinions expressed by DZone contributors are their own.