SSL Certificate Installation with CRT certificate file

SSL Certificate Installation with CRT certificate file

Sep 25, 2018 | Apache

The Secure Socket Layer, SSL for short, is a protocol by which enables services that communicate over the Internet to do so securely.

A Brief Introduction to Secure Socket Layer (SSL) Technology

Secure Sockets Layer, or SSL (pronounced as separate letters), is a protocol which is used to communicate over the Internet in a secure fashion. The following is a brief but comprehensive introduction to SSL technology. To better understand the need for SSL, lets first examine the difficulties of using the Internet if no SSL encryption existed.
An Internet without SSL: Complete Chaos
For explanation purposes, a good comparison of the communication between computers on the Internet is to relate it to a telephone conversation between two people.

What issues arise?

1) Who are you speaking with?

In a phone conversation, what can you do to ensure the person who picks up the phone on the other line is really the person you intended to call? If you’ve never spoken to them before, this is increasingly difficult. What if the phone call is answered by an imposter, trying to fool you into thinking they are the person you are attempting to contact? Might your phone call have been intercepted and re-routed? Who are you giving your information to?

2) Is Someone Listening to Your Conversation?

It is very easy to tap phone lines and have conversations monitored for an extended period of time with no detection. The Internet is no different. What if someone was tapping and recording your Internet usage, capturing your passwords, social security numbers, bank account numbers, credit card information, and confidential documents. Without encryption, the Internet would be an unusable resource today
ssl certificate integration

ssl certificate integration

Two very real security issues for Internet correspondence arise.

1. Being sure you are connected to the right computers; are you really on your bank’s website or is it a phisher’s scam website?
2. Keeping your data safe and out of malicious hands during transit on the Internet.

SSL Details

SSL technology relies on the concept of public key cryptography to accomplish its tasks. In normal encryption, two communicating parties each share a password or key, and this is used to both encrypt and decrypt messages. While this is a very simple and efficient method, it doesn’t solve the problem of giving the password to someone you have not yet met or trust.

In public key cryptography, each party has two keys, a public key and a private key. Information encrypted with a person’s public key can only be decrypted with the private key and vice versa. Each user publicly tells the world what his public key is but keeps his private key for himself.

How SSL Works

Generating KEY file

root:/home# openssl genrsa -out domain.key 2048

Generating RSA private key, 1024 bit long modulus
....++++++
............++++++
e is 65537 (0x10001)


Generating server CRT certificate file.

root:/home# openssl req -new -key domain.key -out domain.crt

Enter pass phrase for domain.key: Key Password

Country Name (2 letter code) [AU]:IN // Country Code
State or Province Name (full name) [Some-State]:Tamilnadu // State
Locality Name (eg, city) []:Chennai // City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:9lessons
Organizational Unit Name (eg, section) []:software
Common Name (eg, YOUR name) []:www.domain.com //
Email Address []:admin@domain.com // Domain Verification


Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:SSL Password // No special characters
An optional company name []:egglabs

Copy files in XAMPP directories

root:/home# cp ssldomain.crt /opt/lampp/etc/ssl.crt/ssldomain.crt
root:/home# cp domain.key /opt/lampp/etc/ssl.key/domain.key

Enable SSL extension in /opt/lampp/etc/httpd.conf

LoadModule ssl_module modules/mod_ssl.so

Modify a Virtual Host /opt/lampp/etc/extra/httpd-ssl.conf

<VirtualHost _default_:443>

# General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs"
ServerName www.domain.com
ServerAdmin admin@domain.com
ErrorLog /opt/lampp/logs/error_log
TransferLog /opt/lampp/logs/access_log

# Server Certificate:
SSLCertificateFile /opt/lampp/etc/ssl.crt/ssldomain.crt

# Server Private Key:
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/domain.key

# Certificate Authority (CA):
SSLCACertificateFile /opt/lampp/etc/ssl.crt/ca.crt

</VirtualHost>

I. Obtaining an SSL Certificate

XYZ Inc., intends to secure their customer checkout process, account management, and internal employee correspondence on their website, xyz.com.

Step 1: XYZ creates a Certificate Signing Request (CSR) and during this process, a private key is generated.
Step 2: XYZ goes to a trusted, third party Certificate Authority, such as Trustwave®. Trustwave® takes the certificate signing request and validates XYZ in a two step process. Trustwave® validates that XYZ has control of the domain xyz.com and that XYZ Inc. is an official organization listed in public government records.
Step 3: When the validation process is complete, Trustwave® gives XYZ a new public key (certificate) encrypted with Trustwave®’s private key.
Step 4: XYZ installs the certificate on their webserver(s).

II. How Customers Communicate with the Server using SSL

Step 1: A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http.

Step 2: xyz.com sends back its public key to the customer. Once customer receives it, his/her browser decides if it is alright to proceed.

The xyz.com public key must NOT be expired
The xyz.com public key must be for xyz.com only

The client must have the public key for Trustwave® installed in their browser certificate store. 99.9% of all modern browsers (1998+) include the Trustwave® root certificate. If the customer has Trustwave® trusted public key, then they can trust that they are really communicating with XYZ, Inc.
Step 3: If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key.
Step 4: xyz.com will next create a unique hash and encrypt it using both the customer’s public key and xyz.com’s private key, and send this back to the client.
Step 5: Customer’s browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it.

Step 6: Customer and website can now securely exchange information.

Uses for SSL Secure Socket Layer Technology

Almost any service on the Internet can be protected with SSL. WebMail, Control Panels, POP, IMAP, SMTP, FTP and more are a few of the many applications for SSL Certificates.

Thank you for being here, Please share your feedback in below comment section.

Being Idea is a web platform of programming tutorials to make better programming skills and provides Software Development Solutions.

0 Comments

Leave a Reply

About Author

tayloramitverma

Hello! I’m Amit Verma. Senior Web Developer with over 9 years of experience specializing in front end & back end development. Experienced with all stages of the development cycle for dynamic web projects.