· Before set up a https security connection, there
are a few steps:
omake sure the port that you will be use is open
throught the firewall by telnet server port.
omake sure either you use apache+tomcat or tomcat
alone. there are different approaches
omake sure this server is not behind load balancer,
load balancer got its own ssl approach
· following steps is for set up https connection
on tomcat standalone server
· steps that we did on one standalone tomcat
server
oJAVA_HOME/bin/keytool -genkey -alias
yourkeyalias -keyalg RSA -keystore yourkeystore -keypass yourpass -keysize 2048
(generate a private key and store it on your keystore)
okeytool -certreq -keyalg RSA -alias yourkeyalias
-file yourcert.csr -keystore yourkeystore (get a private certificate signed
request based on your key, alias is your key alias in your keystore)
osend the private csr file to CA get a trusted
certificate (get the root csr file, the intermidiate csr file together with the
domain certificate)
oimport the trusted root csr file, then
intermidiate csr file, then your domain csr file into yourkeystore
§ keytool -import -alias root -trustcacerts -file
yourroot.csr -keystore yourkeystore (each cert need a new alias)
oset up tomcat server.xml file. sample connector
setting:
§
· tips
otry a private signed key to make sure your
server is up ready for everything.
okeep no extra space for any certificate. you may
get a lengh too long error if your certificate got extra space.
ochain certificate is root certificate, but you
got to have a root certificate and a intermidiate certificate to make a chain
omake sure CN = your domain name even it asks you
for first name and last name
owhen you import the SSL certificate, the last
one should be the same alias with your key
· how to convert keytool certificate/key to
openssl readable key/crt
oonly need to pay attention the algorithm is rsa,
not dsa
=========================================
About SSL
Knowledge base
https://sites.google.com/site/amitsciscozone/home/security/ssl-connection-setup
https://technet.microsoft.com/en-us/library/cc785811(WS.10).aspx
http://searchsecurity.techtarget.com/answer/The-SSL-handshake-process-Public-and-privates-keys-explained
SSLshopper
https://www.sslshopper.com/certificate-decoder.html
About SSL
Knowledge base
https://sites.google.com/site/amitsciscozone/home/security/ssl-connection-setup
https://technet.microsoft.com/en-us/library/cc785811(WS.10).aspx
http://searchsecurity.techtarget.com/answer/The-SSL-handshake-process-Public-and-privates-keys-explained
SSLshopper
SSL TLS HTTPS process explained in 7 minutes
https://www.youtube.com/watch?v=4nGrOpo0Cuc
SSH handshake process explained
Key and Algorithms
1. SSH uses common asymmetric (or Public) key algorithms: RSA (Rivest-
Shamir-Adleman), DSA (Digital Signature Algorithm), and Diffie-Hellman
2. SSH also uses common symmetric key algorithms: DES (Data Encryption
Standard), IDEA (International Data Encryption Algorithm), Triple-DES
(3DES), Blowfish, and AES (Advanced Encryption Standard). AES comes in
128, 192, and 256 bits.
3. SSH also uses common hash algorithms: MD5 (Message Digest), CRC
(Cyclic Redundancy Check)-32, SHA-1 (Secure Hash Algorithm).
Shamir-Adleman), DSA (Digital Signature Algorithm), and Diffie-Hellman
2. SSH also uses common symmetric key algorithms: DES (Data Encryption
Standard), IDEA (International Data Encryption Algorithm), Triple-DES
(3DES), Blowfish, and AES (Advanced Encryption Standard). AES comes in
128, 192, and 256 bits.
3. SSH also uses common hash algorithms: MD5 (Message Digest), CRC
(Cyclic Redundancy Check)-32, SHA-1 (Secure Hash Algorithm).
Key Exchange
- The client has a public & private key pair. The server has a public & private key pair.
- The client and server exchange their public keys.
- The client now has its own key pair plus the public key of the server.
- The server now has its own key pair plus the public key of the client.
- This exchange of keys is done over an insecure network.
- The client takes its private key and the server’s public key and passes it
through a mathematical equation to produce the shared secret (session key). - The server takes its private key and the client’s public key and passes it
through a mathematical equation to produce the shared secret (session key).
Both these shared secrets are identical! This is an asymmetrical key. - This encrypted tunnel is used for the remainder of the session, including the next phase: User Authentication.
No comments:
Post a Comment