This is an old revision of the document!


Laboratory 08. Security: PKI, X.509, SSL, TLS

TLS (Transport Layer Security) is a cryptographic protocol that provides communication security between a client and a server. Usually, the identity of the server is verified through a certificate. This certificate contains a public key, the identity of the server and a signature which verifies that the key belongs to the entity in the certificate.

A certificate is valid if it is signed by a Certificate Authority (CA). The CA is considered trustworthy by the communication client. The client has access to the certificate of the CA, with which the signature in the certificate belonging to the server can be verified and, consequently, the identity of the server can be verified.

For the following exercises, the resources can be found in the laboratory archive:

$ wget --user=user-curs --ask-password http://repository.grid.pub.ro/cs/scgc/laboratoare/lab-10.zip
$ unzip lab-10.zip

Tasks

1. [10p] Inspecting and Verifying a Certificate

Begin by inspecting the certificate found in the houdini.cs.pub.ro.crt-roedunet file.

openssl x509 -in houdini.cs.pub.ro.crt-roedunet -noout -text

In the output you can find information about:

  • the issuer
  • the validity
    • start date
    • end date
  • the public key
    • algorithm
    • modulus
    • exponent
  • certificate extensions
  • signature

Specific information regarding the certificate can be printed by replacing the -text argument with the one or more of the following:

openssl x509 -in houdini.cs.pub.ro.crt-roedunet -noout -pubkey
openssl x509 -in houdini.cs.pub.ro.crt-roedunet -noout -startdate
openssl x509 -in houdini.cs.pub.ro.crt-roedunet -noout -enddate
openssl x509 -in houdini.cs.pub.ro.crt-roedunet -noout -dates
openssl x509 -in houdini.cs.pub.ro.crt-roedunet -noout -issuer
openssl x509 -in houdini.cs.pub.ro.crt-roedunet -noout -subject
openssl x509 -in houdini.cs.pub.ro.crt-roedunet -noout -modulus

2. [10p] Secure Connection to a Server

3. [20p] Remotely Inspecting a Certificate

4. [20p] Generating and Inspecting a Certificate

5. [20p] Unencrypted Client/Server Communication

6. [20p] Client/Server Communication over SSL/TLS

7. [BONUS 20p] Configuring HTTPS for a Web Server

scgc/laboratoare/08.1525542444.txt.gz ยท Last modified: 2018/05/05 20:47 by nicolae.ivan
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0