It’s important to know what these mean before moving on, so let’s clarify this now: Throughout this post you’ll see me use words like “plaintext” and “cipher”. It’s taken me longer than I care to admit to really understand the things I’ll be discussing here (and even then I’ll likely have missed a lot of important nuances), and with that said: what am I planning on covering in this post? Well that would be… Helping others to also understand the purposes of said tools.Solidify my own understanding of the tools I’ll be covering.Now the actual purpose of this post was twofold: Note: although quite a tough read at times, I would highly recommend “Bulletproof SSL and TLS” written by Ivan Ristić If you’re working with applications and/or servers in production then please consult someone better equipped on the subject of security. I’m not even a security intermediate! When I titled this post “security basics” I wasn’t kidding. This post isn’t meant to be “this is how you do security”. Just skip until What is GPG? (in there are two sub sections about “OpenSSH”, “SSH Agent” and “OpenSSL”, just skip those until you get to the next “GPG” section and continue all the way from there) Introduction UPDATE: for those short on time, read the following Introduction, What are keys and how do they work? and then skip over the sections “Understanding PKI” and “OpenSSL vs OpenSSH” as these just go into more depth on the technical aspect of different encryption concepts. Creating, self-signing, issuing and revoking certificates. How to encrypt data using GPG, OpenSSL and Keybase.Ssl_certificate_key /etc/letsencrypt/live/yourdomain/privkey. For nginx, you’ll want to specify the ssl_certificate (the full chain PEM file), and ssl_certificate_key (the RSA private key PEM file), after turning on SSL: ssl_certificate /etc/letsencrypt/live/yourdomain/fullchain.pem To use your certificates, you’ll have to pass them as parameters for your web server. crt extension if you’ve self-signed a certificate with OpenSSL, you’ll get a CRT file rather than PEM, though the contents will still be the same, and the usage will be the same.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |