Certificate for a Website - Web server (Https configuration)

> Software Security > Cryptography - Key

1 - About

Configuring a certificate and its private key for a web server (web site) enable https.

Why ? because when a browser connect to a web server, the SSL handshake can then take place.

Advertising

3 - Component

To enable https on a web server, you need:

    • It's a private entity and should not be shared (only the owner should have access)
    • However, it must be readable by the web server process in order to:
    • It was used to sign the certificate
    • The private key may be stored in its own file or alternately in the same file as the certificate
    • It's a public entity and can be shared
    • It should be signed with the above private key (preferably by a CA)
    • It is sent to every client that connects to the server in order to verify the server identity

You can create them:

Advertising

4 - Security

Visitors to a website with Domain Validated (DV) certificates cannot validate, via the certificate, if the business on the site is legitimate and thus often DO NOT trust this type of certificate. It is recommended using these types of certificates where security is not a concern, such as protected internal systems.

5 - Management

5.1 - See

You can see the certificate of the web site in the browser

5.2 - Configuration

6 - Example

6.1 - Self signed

A self signed certificate

keytool -list -v -storetype jks -keystore keystore.jks -storepass changeit
Certificate[1]:
Owner: CN=hostname.gerardnico.com, OU=Gerardnico, O=Gerardnico, L=Oegstgeest, ST=Netherlands, C=NL
Issuer: CN=hostname.gerardnico.com, OU=Gerardnico, O=Gerardnico, L=Oegstgeest, ST=Netherlands, C=NL
Serial number: 54065f1a
Valid from: Thu Sep 26 05:02:02 UTC 2019 until: Fri Sep 25 05:02:02 UTC 2020
Advertising

6.2 - Bad

Example (when the certificate is open with portecle)

If you access this website with the above certificate, you got a warning (Example below in firefox)