Pki and OpenSSL
6 likes2,735 views
This document discusses PKI (Public Key Infrastructure) and OpenSSL. It defines PKI as a structure that authenticates users and services to ensure secure information exchange. PKI uses digital certificates issued by Certificate Authorities to associate public keys with certificate owners. OpenSSL is an open source implementation of SSL/TLS that is used to set up and manage PKI environments through commands like generating certificate requests and certificates, revoking certificates, and creating CRLs (Certificate Revocation Lists). The document provides examples of OpenSSL commands for performing common PKI tasks.
Pki and OpenSSL
- 1. PKI and OpenSSL All about Digital Certification Processes Tony Fabeen @tonyfabeen
- 2. Who am i
- 4. Minimal Security for Systems Confidentiality Integrity Access Control Authentication etc.
- 6. HTTPS ?
- 7. Secure
- 12. Cryptography
- 13. Symmetric Key Encryption or Secret Key Crypto System
- 17. Hashing
- 19. Digital Signing
- 21. What is PKI ?
- 22. PKI (Public Key Infrastructure) Is a structure responsible to authenticate, identify Users and Services ensuring that information exchanged between them will not be revealed to untrusted ones.
- 23. Not just technical stuff. It's a set of : People Standards Procedures Hardware Software Used on Digital Certificates Management.
- 24. Who manages ? Certificate Authority (CA)
- 26. PKI Brazil ICP - Brasil
- 29. Certificates Main reason for PKI. Contains information wich associate a Certificate owner to its Public Key
- 33. Solutions Supported by PKI
- 34. SSL Connections
- 35. Smartcards
- 36. How To ?
- 37. OpenSSL
- 40. OpenSSL commands
- 41. Create a CA Request $ openssl req -new > -config etc/devinsampa-ca.conf > -out ca/devinsampa-ca.csr > -keyout ca/devinsampa-ca/private/devinsampa-ca.key
- 42. Create a CA Certificate $ openssl ca -selfsign > -config etc/devinsampa-ca.conf > -in ca/devinsampa-ca.csr > -out ca/devinsampa-ca.crt > -extensions devinsampa_ca_ext
- 43. Create a new Request $ openssl req -new > -config etc/email.conf > -out certs/tony.csr > -keyout certs/tony.key
- 44. Create an e-mail certificate $ openssl ca > -config etc/devinsampa-ca.conf > -in certs/tony.csr > -out certs/tony.crt > -extensions email_ext
- 45. Revoke Certificate $ openssl ca > -config etc/devinsampa-ca.conf > -revoke ca/devinsampa-ca/01.pem > -crl_reason superseded
- 46. Create CRL $ openssl ca -gencrl > -config etc/devinsampa-ca.conf > -out crl/devinsampa-ca.crl
- 47. Output Formats Create DER Certificate $ openssl x509 > -in certs/tony.crt > -out certs/tony.cer > -outform der Create DER CRL $opensslcrl > -incrl/devinsampa-ca.crl > -outcrl/devinsampa-ca.crl > -outformder
- 49. Questions