Securing network traffic using SSL/TLS

Abstract

Whenever we send any data over a network of any kind, private or public, that data is vulnerable to both interception and modification unless steps are taken to ensure the security and authenticity of said data. In this document we shall examine how we can use the Secure Sockets Layer, or SSL as it is more commonly known, and its successor Transport Layer Security, or TLS, to provide end-to-end encryption services providing security against interception and modification. We shall also examine how user, client and server certificates can be used to ensure the authenticity of our data.

In addition to an explanation of how to configure and install the OpenSSL software to allow certificates and certificate requests to be generated and signed we shall also give detailed examples of how to configure a variety of common applications, such as the Postfix SMTP server and the Courier IMAP server, to use either SSL or TLS to secure the data they send and receive.

Contents

• Preparing the ground
  • Installing the software
    • Installing the package
• Creating and signing certificates
  • Creating a Certificate Authority (CA)
    • Configuring an OpenSSL Certificate Authority (CA)
    • Configuring default Certificate Signing Request (CSR) attrributes
    • Creating the root Certificate Authority (CA) certificate
  • Creating a Certificate Signing Request (CSR)
    • Aditional OpenSSL configuration
    • Creating the Certificate Signing Request (CSR)
    • Examining a Certificate Signing Request (CSR)
  • Signing a Certificate Signing Request (CSR)
    • Signing the request
    • Allowing non-unique subjects
    • Stripping the signed certificate
  • Revoking a signed certificate
    • Revoking a signed certificate
    • Generating a Certificate Revocation List (CRL)
    • Examining a Certificate Revocation List (CRL)
    • Publishing the Certificate Revocation List (CRL)
• Links to application specific configuration guides
  • Using SSL/TLS with Postfix SMTP and Courier POP3/IMAP
    • Why should I use SSL/TLS to secure our mail servers?
    • Obtaining certificates for use with Postfix and Courier
    • Configuring Postfix to use TLS
    • Testing our Postfix TLS configuration
    • Configuring Courier POP3 and IMAP to use SSL/TLS