SSL

the Secure Socket Layer

Monday, Jun 1, 2020

ssl

These days, pretty much every website has to use Secure Socket Layer or SSL technology to secure network traffic, but it wasn’t always this case. In 2016, 14% of popular websites forced HTTPS connections, but a year later, that number had already more than doubled to 31%. Today, more than half of websites require HTTPS to be used when making a connection, which allows data sent back and forth to travel in a secure manner, using an encrypted connection that no adversary can listen in on.

Encodings

There are two common ways that the files containing certificates and keys are encoded.

The first is called Privacy Enhanced Mail or PEM encoding, which uses a base-64 ASCII encoding of the ASN.1 format. Its implementation was specified in RFC 7468. That ASN.1 format is also used for the Distinguished Encoding Rules or DER encoding, which is the shortest possible binary representation of the underlying cryptographic data.

openssl

Configurations

The configuration file only applies to the ca req and x509 subcommands

Certificates

certbot

The certbot command, provided by GNU Let’s Encrypt, allows you to obtain a signature for use with SSL. You can either allow the certbot program to create its own private key locally, or provide one manually. certbot can submit a Certificate Signing Request or CSR to a Certificate Authority or CA.

After you’ve done this, you’ll receive three files

Go ahead and delete the first two, you’ll only need 0001_chain.pem, which is a simple concenation of the previous two files. It’s the combination of the server certificate and the intermediate certificate, which when used together, allow you to verify your identity

rm 0000_cert.pem 0000_chain.pem
mv 0001_chain.pem fullchain.crt

And you’re done! You’re now hosting a website over HTTPS 🥳