Create аnd use TLS/SSL

The SSL protocol ensures secure data exchange through the following two elements:

• Authentication: This verifies the identity of the parties involved in the communication.

• Encryption: This scrambles the data, making it unreadable to anyone who intercepts it.

SSL employs:

• Asymmetric cryptography for key exchange authentication.

• Symmetric encryption for confidentiality.

• Message authentication codes for message integrity.

  The SSL protocol provides a secure channel that features the following primary properties:

• The channel is private. Encryption is used for all messages after an initial dialogue that serves to establish a secret key.

• The channel is authenticated. The server side of the dialogue is always authenticated, while client-side authentication is optional.

• The channel is reliable. Message transport includes integrity checks.

Create a TLS\SSL certificate

To create or generate a certificate, you can use

• Services like Let's Encrypt.

• Purchase a certificate from an authorized service.

• Create a self-signed certificate. In this case, although the connection will be encrypted, you’ll see a warning about the insecurity of the certificate and the network connection when access the service.

Generate a self-signed certificate

An example of an RSA certificate generation including a domain:

# Selfsigned RSA certificate
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \
  -nodes -keyout example.com.key -out example.com.crt -subj "/CN=example.com" \
  -addext "subjectAltName=DNS:example.com,DNS:*.example.com,IP:10.0.0.1"

Generation of an Elliptic curve certificate:

# Selfsigned EC certificate
openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -days 3650 \
  -nodes -keyout example.com.key -out example.com.crt -subj "/CN=example.com" \
  -addext "subjectAltName=DNS:example.com,DNS:*.example.com,IP:10.0.0.1"