GETTING STARTED
SECURE TRANSPORTATION (SSL)

A key part of information security is the transport of data from one point to another across the open internet.

SSL and the use of an encryption system based on public/private keys enables then secure transportation of information.

SETTING UP SSL SECURED TRANSPORTATION USING OPENSSL
  Task Using openssl (on say MacOS Terminal)
1 Create a private key openssl genrsa -des3 -out [domain]-private.key 2048
2 Convert private key to pem openssl rsa -in [domain]-private.key -out [domain]-private.pem
3 Create certificate request openssl req -new -key [domain]-private.key -out [domain].csr 
4 Back up your private key! Securely store this key.  It should be pass-phrase protected.
5 Get public key Using your certificate request and private key, get a public key using a trusted provider ie like rapidssl.com or use AWS Certificate Manager.
6 Upload to load-balancer Loading or updating SSL Certificate on AWS ELB or if you are using an ibCom managed load balancer, then send the pem files to support@ibcom.biz.
 
openssl

 

 

 

If using RapidSSL

 
rapidssl.com 
 

CERTIFICATE TRANSPARENCY (CT)

If using Chrome and click on the security lock in the address bar and then click the Connection tab, you will see "... does not have public audit records." - this is part of the Google CT initiative.

certificate-transparency.org

Only Extended Validation (EV) SSL certs are being added to the public log by CAs as at July 2015.  So if it is a standard (non-EV) SSL certificate you can ignore it.

   
 

INFORMATION YOU WILL NEED TO GET A SSL CERTIFICATE

  • Country Name: Use the two-letter code without punctuation for country, for example: US or CA.

  • State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California

  • Locality or City: The Locality field is the city or town name, for example: Berkeley. Do not abbreviate. For example: Saint Louis, not St. Louis

  • Company: If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.

  • Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request. (optional)

  • URL: It looks like "www.company.com" or "*.company.com"

  • Contact Name: Recorded with the certificate issuer.

  • Contact Email: Recorded with the certificate issuer.

  • Contact Phone Number: Recorded with the certificate issuer.