- Key algorithm
- for web server keys everyone uses RSA
- For SSH, DSA and RSA are widely used
- Key size
- Today, 2,048-bit RSA keys are considered secure
- Aim also to use 2,048 bits for DSA keys and at least 256 bits for ECDSA
- Passphrase
- strongly recommended
- Protected keys can be safely stored, transported, and backed up
- but either too inconvenient or has unacceptable availability implications
- using protected keys in production does not actually increase the security much
- because, once activated, private keys are kept unprotected in program memory; an attacker who can get to the server can get the keys
- Thus, passphrases should be viewed only as a mechanism for protecting private keys when they are not installed on production systems.
- To generate an RSA key, use the genrsa command
- it’s best to stay away from the other algorithms(DES, 3DES, and SEED)
- Private keys are stored in the so-called PEM format
- if you want a field to be empty, you must enter a single dot (.) on the line, rather than just
hit Return. If you do the latter, OpenSSL will populate the corresponding CSR field with the
default value.
- For some fields there will be a default value, If you enter '.', the field will be left blank.
- Having a challenge password does not increase the security of the CSR in any way. Further, this field should not be confused with the key passphrase, which is a separate feature.
- Unless you’re using some form of public key pinning and wish to continue using the existing key, it’s best practice to generate a new key every time you apply for a new certificate. Key generation is quick and inexpensive and reduces your exposure.
- There are two mechanisms for supporting multiple hostnames in a certificate. The first is to list all desired hostnames using an X.509 extension called Subject Alternative Name (SAN). The second is to use wildcards. You can also use a combination of the two approaches when it’s more convenient. In practice, for most sites, you can specify a bare domain name and a wildcard to cover all the subdomains (e.g., feistyduck.com and *.feistyduck.com).
- the address of the CA’s Online Certificate Status Protocol (OCSP) responder, which can be used to check for certificate revocation in real time.
- Clear browser history to delete old site certificates
- Add(or remove and add) the CA bundle to make the validation succeed
- This extensions consists of a list of usages indicating purposes for which the certificate public key can be used.
- AIA extension allows SSL/TLS clients (mostly web browsers) to go get the missing intermediate certificates, not presented by the server.
- Servers that do not send the entire chain are in breach of the SSL/TLS standard.
- Certificates are validated in order as a chain as follow.
- Site certificate -> Intermediate CA certificates -> Root CA certificate
- Also contains OCSP URI
- https://www.tbs-certificates.co.uk/FAQ/en/453.html
- For TLS client, OCSP stapling is better than OCSP which is better than CRL.
- https://www.fir3net.com/Security/Concepts-and-Terminology/certificate-revocation.html
- Enabling OCSP stapling is not normal. Most of well-known WEB services do not enable it.
- https://arstechnica.com/information-technology/2017/07/https-certificate-revocation-is-broken-and-its-time-for-some-new-tools/
- Soft-fail
- "The browser will try to do a revocation check, but if the response doesn't come back, or doesn't come back in a short period of time, the browser will simply forget about it. Even is worse is that Chrome doesn't even do revocation checks, at all."
- Chrome and Firefox both have their own mechanisms that push sets of revocation list contributed by CAs
- Google Chrome
- Firefox
- Uses 'OneCRL', Soft-fail
- Firefox does not work with OCSP stapling emitting "SEC_ERROR_OCSP_BAD_SIGNATURE"
- With just OCSP responder, it works fine
- https://wiki.mozilla.org/CA:ImprovingRevocation
- OCSP responders are not yet reliable enough for us to do hard fail
- Websites that implement OCSP Must-Staple will get Hard Fail Revocation.
- As of Firefox 24, the user-interface for importing CRLs via Firefox has been removed. Auto-importing/updating of CRLs through Firefox has also been removed. NSS still supports CRLs, but Firefox is moving away from checking CRLs, and moving towards using a revocation list push mechanism.
- Both work fine with private PKI if you deploy the certificates properly.
- Root CA certificates for the operating systems and browsers
- Site certificates, private keys and intermediate CA certificates for the HTTP servers
- It is not mandatory to prepare CRL and OCSP responder to keep your service up and running as of now due to 'soft-fail'.
- https://httpd.apache.org/docs/trunk/mod/mod_md.html#mdcertificateagreement
- https://letsencrypt.org/2017/10/17/acme-support-in-apache-httpd.html
- https://datatracker.ietf.org/doc/draft-ietf-acme-acme/
- https://help.ubuntu.com/lts/serverguide/certificates-and-security.html
- https://pki-tutorial.readthedocs.io/en/latest/
- https://isidore.co/calibre/get/pdf/5583
- https://modsecurity.org/
- https://www.ssllabs.com/
- https://lira.epac.to/DOCS-TECH/Security/Apache%20Security.pdf
- https://www.qualys.com/
- CA Certificates(Known CA public keys)
- https://www.feistyduck.com/books/bulletproof-ssl-and-tls/bulletproof-ssl-and-tls-introduction.pdf
- Difference between SSL and TLS
- http://www.hostingadvice.com/how-to/tls-vs-ssl/
- "although the HTTP/2 standard itself does not require the use of encryption, most client implementations (Firefox, Chrome, Safari, Opera, IE, Edge) have said they will only support HTTP/2 over TLS, which makes encryption de facto mandatory."
- http://www.hostingadvice.com/how-to/tls-vs-ssl/
- https://www.openssl.org/docs
- Cryptography of SSH
- NSS Shared DB
- http://pki.fedoraproject.org/wiki/PKI_Main_Page
- Called 'Dogtag'
- Mainly written in Java
- Utilize 389-ds(Directory Service) as its storage
- Seems mostly available on Redhat Linux
- Being considered as secret store by Barbican which is one of Openstack projects
- https://www.ejbca.org/
- https://www.openca.org/
- Seems mostly available on Redhat Linux