This talk will introduce you to the fundamentals of securing communications with HTTPS. We will start by explaining the basics of X.509 server and client certificates, certification authorities, and using the OpenSSL toolkit. The TLS/SSL protocol will be introduced and how it is used together with HTTP in order to provide for data encryption, integrity, and authentication. We will talk through some important configuration details, standard use cases, common pitfalls, known SSL vulnerabilities, and issues when using HTTPS. The Apache HTTP Server will be used to provide specific examples, but the general information of the talk will be applicable to most server software that supports HTTPS.
A Beginner’s Guide to HTTPS and TLS Lars Eilebrecht
September 13, 2019