Upload
mabel-wright
View
214
Download
0
Embed Size (px)
Citation preview
Cybersecurity
Computer Science Innovations, LLC
Certificates
GeneratePublic andPrivate Key
Sign the PublicKey with a CA
Private Key
Append theCert to the Private Key
Lets See a CertIn P12 format they are Binary, but we can use openSSL to convert to
ASCIIHere is the command:
openssl pkcs12 -in Default\ Device.p12 -out certfile2.pem -
passin pass:b298b12b-3584-419d-b3c9-f6f639b5de66
Let'sSee a Cert Part 2-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRVkHt5ym+dYCAggA
MBQGCCqGSIb3DQMHBAglTFlPoHcELQSCAoCLMCzUhF9ezDFwTiM5jsgRJDLXcfyK
tcj6zRLc40QKu/hUjMj5kF+T52qwr …..
….
-----BEGIN CERTIFICATE-----
MIIDaDCCAlCgAwIBAgIGAUwFJmdtMA0GCSqGSIb3DQEBBQUAMHMxCzAJBgNVBAYT
AlVTMQswCQYDVQQIDAJNRDEPMA0GA1UECgwGU3RyZWl0MQ8wDQYDVQQLDAZTdHJl
aXQxJDAiBgkqhkiG
So Let's Talk About the Cert
We started with a public key and a private key.
We also started with another private key called a “Certificate Authority” private key
We sign the public key with the Certificate Authority Private key making it a certificate.
We append the Private Key and the Certificate create a P12 certificate.
How is it Used
Client:Send Cert
Server:Cert Received
And unlocked with CA Private Key
Leaving the public key
ClientSends Private Key
Server Receives the Private Key and makes sure that it Associated with the Public
Key from the Previous Step
This is 2-Way SSL Uses Asymmetric Encryption Is uses as part of an Identity Assertion The Certificate is actually a public key
private key pair. The Public Key is signed with the Certificate
Authority private key (CA).
The CA
The CA is the overriding private key for 2-way SSL and cannot be given out.
It must be protected. It ends up in a truststore because the
truststore is used in the 2-way SSL Handshake
Keystores are used for 1 way SSL Truststores are used for 2 way SSL