Best Practices for Deploying SSL/TLS (AWS Cloud9 Version)

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
SSL/TLS Considerations
lock
Auditing SSL/TLS Configuration of Public Websites
lock
Auditing SSL/TLS Configuration of Clients
lock
Opening the AWS Cloud9 IDE
lock
Working with OpenSSL
lock
Creating a Certificate Authority With OpenSSL
lock
Signing Certificates Using a Certificate Authority
lock
Testing SSL/TLS Deployments with OpenSSL

The hands-on lab is part of these learning paths

Ready for the real environment experience?

DifficultyAdvanced
Time Limit1h 30m
Students399
Ratings
5/5
starstarstarstarstar

Description

SSL/TLS is the standard for securing communications over a network. There are clear security benefits of deploying SSL/TLS on your web servers and other applications requiring secure communication. However, there are many decisions to make when deploying SSL/TLS. This Lab teaches you about several areas you need to consider before getting hands-on practice with a variety of tools for working with SSL/TLS.

In this Lab, you will learn about SSL/TLS best practices and a variety of tools in the SSL/TLS toolkit to help ensure your deployments are configured they way you expect them to be. You will also use tools that help protect you as new vulnerabilities are discovered and the security landscape expands. AWS Cloud9 serves as the host and editor for this lab.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Understand and reason about SSL/TLS deployment decisions
  • Analyze SSL/TLS deployments of public and private websites
  • Understand the role of clients in SSL/TLS security
  • Use OpenSSL to create keys and test SSL/TLS deployments
  • Create an internal certificate authority (CA) and sign certificates with it

Lab Prerequisites

You should be familiar with:

  • Linux basics such as file permissions and working on the command line
  • The difference between HTTP and HTTPS

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

 

Updates

October 9th, 2020 - Updated to reflect latest recommendations regarding SSL/TLS

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

About the Author
Students178157
Labs211
Courses9
Learning paths49

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

Covered Topics