Best Practices for Deploying SSL/TLS

Advanced

33 students completed the lab in ~54m

Total available time: 1h:30m

Be the first to rate this lab!

Lab Overview

SSL/TLS is the standard for securing communications over a network. There are clear security benefits of deploying SSL/TLS on your web servers and other applications requiring secure communication. However, there are many decisions to make when deploying SSL/TLS. This Lab teaches you about several areas you need to consider before getting hands-on practice with a variety of tools for working with SSL/TLS.

In this Lab, you will learn about SSL/TLS best practices and a variety of tools in the SSL/TLS toolkit to help ensure your deployments are configured they way you expect them to be. You will also use tools that help protect you as new vulnerabilities are discovered and the security landscape expands.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Understand and reason about SSL/TLS deployment decisions
  • Analyze SSL/TLS deployments of public and private websites
  • Understand the role of clients in SSL/TLS security
  • Use OpenSSL to create keys and test SSL/TLS deployments
  • Create an internal certificate authority (CA) and sign certificates with it

Lab Prerequisites

You should be familiar with:

  • Linux basics such as file permissions and working on the command line
  • The difference between HTTP and HTTPS

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

Follow these steps to learn by building helpful cloud resources

Logging in to the Amazon Web Services Console

Your first step to start the Lab experience

SSL/TLS Considerations

Factors and guidelines to consider when deciding on deploying SSL/TLS

Auditing SSL/TLS Configuration of Public Websites

Learn how to audit the SSL/TLS configuration of a public website

Auditing SSL/TLS Configuration of Clients

Use the Qualys SSL Labs SSL Client Test to understand the security of your browser and other clients

Opening the AWS Cloud9 IDE

Open the AWS Cloud9 browser-based Integrated Development Environment (IDE)

Working with OpenSSL

Learn how to accomplish common SSL/TLS tasks using the command-line interface of OpenSSL

Creating a Certificate Authority With OpenSSL

Creating an internal certificate authority using OpenSSL

Signing Certificates Using a Certificate Authority

Perform common certificate authority tasks using an internal certificate authority

Testing SSL/TLS Deployments with OpenSSL

Use the OpenSSL command-line interface to test SSL/TLS deployments