security

deploy client certificates – secure your data

cybersecurity thread gain more and more weight and potential to harm your seriously, time to protect your data

asymmetric cryptography enable two parties to communicate securely with eachother, by using a related private and public key, let’s have a lot how to usalize

X.509 is the official standard for public key certificates, secure the access to webbased services or protect access via vpn or wifi – the schema below is my interpretation, or definition @wikipedia

x.509 client certificate authenticiation

OpenSSL

OpenSSL is a cryptographic tool, open-source, to provide free encryption – jump in to see how easy to generate private security certificates

FIRST generate private key for your certificate authority (ca)

openssl genrsa -out ca.key 4096

create ca certificate from key, fill out the reqired certificate information

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

implement ca certificate in your application/service

NOW create client private key …

openssl genrsa -out /etc/nginx/ssl/key/client_abc.key 1024

… and certificate signing requst (csr)

 openssl req -new -key client_abc.key -out client_abc.csr

SIGN the client certificate

openssl x509 -req -days 365 -in client_abc.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client_abc.crt

provide client certifcate to used client devices

online/hosted service

CAcert is a comunity-driven and want to push awareness for encryption und education by providing cryptographic certificates

enterprise

several vendor offer pki services – microsoft provide it’s windows server 2008R2 buildin certificate services selfhosted, with network device enrollment service (ndes) for automated client certificate enrollment – others like digicert/globalsign/etc. provide payed hosted services