Schematic OpenSSL implementation Private CA

Original address: http://xxrenzhe.blog.51cto.com/4036116/1370114

No more nonsense, first.

Illustration 1: The blue part is the main process, the yellow arrow points to the specific procedure

What is OpenSSL

1. A security protocol that provides security and data integrity for network communications, encompassing key cryptographic algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a rich range of applications for testing or other purposes;

2. OpenSSL is only a multi-function command tool in the OpenSSL open source suite;

3. The components of the OpenSSL suite are:

1. Libcrypto: Cryptographic libraries for common functions

2. Libssl: A library for implementing TSL/SSL functions;

3. OpenSSL: Multifunctional command tool

Why OpenSSL is required

1. There is a lot of data interaction in the network communication, if there is not a complete set of data encryption and decryption mechanism, will lead to the leakage of sensitive information and data, network security communication can not be discussed;

2. Fortunately, the suite of OpenSSL provides a powerful feature in this area, and is open source, now widely used in the network communication mechanism;

3. By deploying a CA (Certificate authority) server within a certain scope, the certificate authentication and authorization can be realized in the LAN, and the security of data transmission can be ensured, and the working principle of the international large CA institution may be understood through specific deployment practices. Provides knowledge accumulation for enterprise-level certificate management.

The main content of this blog

This time just deploy the CA server within the LAN, you can understand the data encryption, decryption process, as well as the security of public key in the network transfer; If you are an enterprise application, you will need to purchase its services from a professional CA institution and obtain internationally recognized certificates.

Encryption and decryption process of data

Illustration 1: Blue is the main encryption and decryption process; Black is generally a description of the content of the comment

Illustration 2: Description of the encryption decryption process that user Bob needs to communicate with Alice and pass to Alice data for secure communication

Workflow for CAs

Note 1: The blue part is mainly the certificate request and the distribution process, the yellow part is mainly the inter-user certificate authentication process, the black part is the explanation explanation text

OpenSSL implements a private CA (see first picture) description

Illustration 2: When an enterprise (or user) discovers that its private key has been stolen and is lost, it will issue a certificate invalidation request to the CA institution, then the CA authority will revoke the certificate before it needs to perform the related operation of revoking the certificate.

Schematic OpenSSL implementation Private CA