How does OpenSSL implement private CA.
NOTE 1: The blue part is the main process, and the yellow arrow points to the specific operation steps.
What is OpenSSL?
1. A security protocol that provides security and data integrity for network communication, including key algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a wide range of applications for testing or other purposes;
2. OpenSSL is only a multi-functional command tool in OpenSSL open-source suite;
3. Components of the OpenSSL suite include:
Libcrypto: General function encryption Library
Libssl: library used to implement The TSL/SSL function;
OpenSSL: Multi-Function Command Tool
Why OpenSSL?
1. There is a large amount of data interaction in network communication. Without a complete data encryption and decryption mechanism, sensitive information and data will be leaked, and secure network communication will be impossible;
2. Fortunately, the OpenSSL kit provides powerful functions in this aspect and is also an open-source program, which is now widely used in network communication mechanisms;
3. by deploying a CA (Certificate Authority) server within a certain range, you can implement Certificate authentication and authorization in the LAN to ensure the security of data transmission. You can also use specific deployment practices, measure the test taker's understanding about the working principles of large international CA organizations and provides knowledge accumulation for enterprise-level certificate management.
Main content of this article
This is only the deployment of CA servers in the LAN. You can understand the data encryption and decryption processes and secure transmission of public keys in the network. for enterprise-level applications, You need to purchase the CA services from professional CAS, international Certificate.
Data encryption and decryption process
Note 1: Blue is the main encryption and decryption process; black is generally the description of the comment content
NOTE 2: It indicates that Bob needs to communicate with Alice and transmit the data to Alice to implement encryption and decryption for secure communication.
CA Workflow
Note 1: the blue part mainly refers to the process of certificate application and distribution, the yellow part mainly refers to the process of certificate authentication between users, and the black part refers to the explanatory text
Description of private CA implemented by OpenSSL (see the first figure)
NOTE 2: When an enterprise (or user) finds that its private key has been stolen and lost, an Application for Certificate invalidation will be sent to the CA, then, the CA revokes the certificate to revoke the certificate.
OpenSSL details: click here
OpenSSL: click here
Recommended reading:
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.