SSL: What is it, How to do it, and Why you should care

•Download as PPTX, PDF•

1 like•262 views

Jessica C. Gardner

Presentation at WordCamp Chicago 2017 by Jessica Gardner

Technology

SSL:
What it is, How to do it, &
Why you should care
WordCamp Chicago 2017

The 3 main things
◎Authentication and Verification
◎Privacy/Data Encryption
◎Data Integrity

Jargon & Acronyms
◎SSL – Secure Socket Layer
◎TLS – Transport Layer Security
◎HTTPS – Hypertext Transfer Protocol Secure
◎PKI – Public Key Infrastructure
◎CA – Certificate Authority
◎CSR – Certificate Signing Request

Image: https://thenocman.com/ssl-certificates/

Image: https://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication

Who Needs It?
◎E-Commerce– PCI Compliance
◎Entertainment- DRM
◎Market Research
◎Productivity
◎Social Media
◎Education/Testing
◎Sensitive Form Data

Certificate contents
◎Domain name (common name)
◎Public key
◎Owner of certificate (subject)
◎Issuer of certificate (CA)
◎Expiration data
◎Serial number

Types of Certificates
◎Domain Validation – CA checks right of
applicant to use domain name
◎Organization Validation – CA does above +
vets organization
◎Extended Validation – CA does above +
thorough vetting of organization

Self-Signed vs Trusted CA
◎Self-Signed: generally used for testing.
Offers encryption but not validation. Will give
errors.

Trusted Certificate Authorities
◎Client (browser) checks certificate validity
◎OCSP request (Online Certificate Status
Protocol)
◎CRL – Certificate Revocation List
○If revoked, client returns error
○If clear, communications proceed

Let’s Encrypt (Yes, Let’s!)
◎Free, automated, open certificate
◎Non-profit Internet Security Research Group
◎Domain validation
◎No warranty
◎3-month expiry

◎Update Site URL from http:// to https://
◎Force http requests to https

Issues and Caveats
◎Moving a site
◎Cloud Proxy
◎Mixed/Unsecure content

Removing SSL
◎wp-config.php
◎.htaccess
◎Updating site URL (functions.php)

Thanks!
Any questions?
You can find me at:
@jessicacgardner
jessica@btwrx.com

Resources
◎SSL Server Test:
https://www.ssllabs.com/ssltest/
◎Why No Padlock?
https://www.whynopadlock.com/
◎CryptoReport
https://cryptoreport.websecurity.symantec.com/
checker/

What's hot

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...

OpenIDFoundation

20180426 legal challenges related to blockchain technology

Bart Van Den Brande

Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...

Scott Brady

Over $2 billion has been lost to hacks on decentralized finance (DeFi) applications in the past two years alone. While DeFi can provide access to high return opportunities, there are also risks worth considering. In this webinar we’ll dive deep into some of the largest exploits in DeFi, what they have in common and what both users and developers can learn from these. We will go from the basics of risk management using DeFi, to some cutting edge analyses that can be applied to analyze these protocols.

Uncovering DeFi Largest Hacks - Key Factors to Consider & How to Mitigate Risks

intotheblock

BOTCHAIN aka The Dark side of Blockchain

Antonio Pirozzi

Sw2 prezen3pdf

s1190088

Sw prezen3pdf

s1190088

Authorization Using JWTs

ForgeRock Identity Tech Talks

How you can support Bitcoin today | ProvenCrypto

Opti Network

Block Chain meets Big Data

Vihang Patel

Practical Cryptography

Kelley Robinson

Particl Project - Privacy Focused Decentralized Applications

Paul Schmitzer, RA, LEED AP

BrodTech 2021: Blockchain | Mak Muftić (ChainSafe)

Brod Tech

Blockchain presentation for Devfest 2018

Techracers

Corporate Web Systems

Alexander Deryugin

Bit trade labs sovereign identity fintech summit 2016

Glen Frost

Blockchain Introduction

Ayham Madi

Supply Chain Management on the blockchain with Iot, Azure, BigchainDB, VueJS

Stylight

What is Cryptocurrency Mining?

Monica Dhara

Introduction to Distributed Ledger Technology or Blockchain: On July 13, 2017, FINRA held a Blockchain Symposium to assess the use of distributed ledger technology (DLT) in the financial industry, including the maintenance of shareholder and corporate records. DLT is commonly referred to as blockchain. The symposium included participation by the Office of the Comptroller of Currency, the US Commodity Futures Trading Commission (CFTC), the Federal Reserve Board and the SEC...

Introduction to Distributed Ledger Technology or Blockchain

Laura Anthony, Esq.

What's hot (20)

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...

20180426 legal challenges related to blockchain technology

Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...

Uncovering DeFi Largest Hacks - Key Factors to Consider & How to Mitigate Risks

BOTCHAIN aka The Dark side of Blockchain

Sw2 prezen3pdf

Sw prezen3pdf

Authorization Using JWTs

How you can support Bitcoin today | ProvenCrypto

Block Chain meets Big Data

Practical Cryptography

Particl Project - Privacy Focused Decentralized Applications

BrodTech 2021: Blockchain | Mak Muftić (ChainSafe)

Blockchain presentation for Devfest 2018

Corporate Web Systems

Bit trade labs sovereign identity fintech summit 2016

Blockchain Introduction

Supply Chain Management on the blockchain with Iot, Azure, BigchainDB, VueJS

What is Cryptocurrency Mining?

Introduction to Distributed Ledger Technology or Blockchain

Similar to SSL: What is it, How to do it, and Why you should care

Lecture #22 : Web Privacy & Security Breach

Dr. Ramchandra Mangrulkar

Lecture #21: HTTPS , SSL & TLS

Dr. Ramchandra Mangrulkar

Cryptography

TanviGogri

Jun 15 privacy in the cloud at financial institutions at the object managemen...

Ulf Mattsson

Certificates and Web of Trust

Yousof Alsatom

International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications

International Refereed Journal of Engineering and Science (IRJES)

irjes

Symantec SSL Explained

Symantec Website Security

Data security is a critical component for all businesses. Business data protection helps to secure customer details, financial information, survey data and other key business data which are key company assets. Many companies, including Sample Solutions, rely on the fact that data they have and work with is secure, encrypted and can not be breached. Losing the data in a natural catastrophe is one thing but losing it to a breach can lead to severe consequences. Not only do data breaches damage a company’s reputation and destroy consumer trust, breaching may also lead to lost business opportunities and financial consequences, along with disrupt safety and natural workflow.

Data Security Whitepaper

Sample Solutions

ExpressionEngine Conference: Rock Solid - Securing You Client's ExpressionEng...

David Dexter

CRYPTOCURRENCY: TRADING MARKET

IRJET Journal

Isaca atlanta - practical data security and privacy

Ulf Mattsson

Carrying out safe exploration short of the actual data of codes and trapdoors

Iaetsd Iaetsd

ttttttttttttt23

New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009

Ulf Mattsson

Communications Technologies

Sarah Jimenez

Introduction of an SSL Certificate

CheapSSLUSA

IS-Crypttools.pptx

V.V.Vanniaperumal College for Women

Introduction to SSL and How to Exploit & Secure

Brian Ritchie

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

Nizar Ben Neji

Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation. • Learn New Application and Data Protection Strategies • Learn Advancements in Machine Learning • Learn how to develop a roadmap for EU GDPR compliance • Learn Data-centric Security for Digital Business • Learn Where Data Security and Value of Data Meet in the Cloud • Learn Data Protection On-premises, and in Public and Private Clouds • Learn about Emerging Application and Data Protection for Multi-cloud • Learn about Emerging Data Privacy and Security for Cloud • Learn about New Enterprise Application and Data Security Challenges • Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation

ISSA Atlanta - Emerging application and data protection for multi cloud

Ulf Mattsson

Similar to SSL: What is it, How to do it, and Why you should care (20)

Lecture #22 : Web Privacy & Security Breach

Lecture #21: HTTPS , SSL & TLS

Cryptography

Jun 15 privacy in the cloud at financial institutions at the object managemen...

Certificates and Web of Trust

International Refereed Journal of Engineering and Science (IRJES)

Symantec SSL Explained

Data Security Whitepaper

ExpressionEngine Conference: Rock Solid - Securing You Client's ExpressionEng...

CRYPTOCURRENCY: TRADING MARKET

Isaca atlanta - practical data security and privacy

Carrying out safe exploration short of the actual data of codes and trapdoors

New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009

Communications Technologies

Introduction of an SSL Certificate

IS-Crypttools.pptx

Introduction to SSL and How to Exploit & Secure

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

ISSA Atlanta - Emerging application and data protection for multi cloud

Recently uploaded

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Exploring Multimodal Embeddings with Milvus

Zilliz

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

DBX First Quarter 2024 Investor Presentation

Dropbox

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Recently uploaded (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Exploring Multimodal Embeddings with Milvus

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

How to Troubleshoot Apps for the Modern Connected Worker

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Why Teams call analytics are critical to your entire business

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

MINDCTI Revenue Release Quarter One 2024

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

DBX First Quarter 2024 Investor Presentation

Apidays New York 2024 - The value of a flexible API Management solution for O...

CNIC Information System with Pakdata Cf In Pakistan

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

WSO2's API Vision: Unifying Control, Empowering Developers

AWS Community Day CPH - Three problems of Terraform

SSL: What is it, How to do it, and Why you should care

1. SSL: What it is, How to do it, & Why you should care WordCamp Chicago 2017

2. Hello! A bit about me… @jessicacgardner

3. 1. SSL: What it is

4. HTTP Review

6. HTTPS

7. The 3 main things ◎Authentication and Verification ◎Privacy/Data Encryption ◎Data Integrity

8. Jargon & Acronyms ◎SSL – Secure Socket Layer ◎TLS – Transport Layer Security ◎HTTPS – Hypertext Transfer Protocol Secure ◎PKI – Public Key Infrastructure ◎CA – Certificate Authority ◎CSR – Certificate Signing Request

9. Image: https://thenocman.com/ssl-certificates/

10.

11. Image: https://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication

12. 2. Why you should care

13. Who Needs It? ◎E-Commerce– PCI Compliance ◎Entertainment- DRM ◎Market Research ◎Productivity ◎Social Media ◎Education/Testing ◎Sensitive Form Data

14.

15.

16.

17. 3. How to do it

18. You’ll Need…

19. Certificate contents ◎Domain name (common name) ◎Public key ◎Owner of certificate (subject) ◎Issuer of certificate (CA) ◎Expiration data ◎Serial number

20. Types of Certificates ◎Domain Validation – CA checks right of applicant to use domain name ◎Organization Validation – CA does above + vets organization ◎Extended Validation – CA does above + thorough vetting of organization

21. Self-Signed vs Trusted CA ◎Self-Signed: generally used for testing. Offers encryption but not validation. Will give errors.

22. Trusted Certificate Authorities ◎Client (browser) checks certificate validity ◎OCSP request (Online Certificate Status Protocol) ◎CRL – Certificate Revocation List ○If revoked, client returns error ○If clear, communications proceed

23.

24.

25.

26. Let’s Encrypt (Yes, Let’s!) ◎Free, automated, open certificate ◎Non-profit Internet Security Research Group ◎Domain validation ◎No warranty ◎3-month expiry

27. ◎Update Site URL from http:// to https:// ◎Force http requests to https

28. Issues and Caveats ◎Moving a site ◎Cloud Proxy ◎Mixed/Unsecure content

29. Removing SSL ◎wp-config.php ◎.htaccess ◎Updating site URL (functions.php)

30.

31.

32. Thanks! Any questions? You can find me at: @jessicacgardner jessica@btwrx.com

33. Resources ◎SSL Server Test: https://www.ssllabs.com/ssltest/ ◎Why No Padlock? https://www.whynopadlock.com/ ◎CryptoReport https://cryptoreport.websecurity.symantec.com/ checker/

SSL: What is it, How to do it, and Why you should care

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to SSL: What is it, How to do it, and Why you should care

Similar to SSL: What is it, How to do it, and Why you should care (20)

Recently uploaded

Recently uploaded (20)

SSL: What is it, How to do it, and Why you should care