SSL’s primary function on the Internet is to facilitate encryption and trust that allows a web browser to validate the authenticity of a web site. However, SSL works the other way around too – client SSL certificates can be used to authenticate a client to the web server. Think SSH public/private key pairs, if that is familiar to you. In this blog post I will outline the steps to create a certificate authority certificate, sign a server certificate and install it in Apache, and create a client cert in a format used by web browsers.
I’m trying to get into this whole wiki thing…
I like to use the wiki equivalent of the <pre> tags to call out code or commands, which in MediaWiki language is completed by putting a single space at the beginning of a line. I found that long commands would not wrap by default, however (kind of like how they don’t on this blog…).
The SSLv2 protocol is an obsolete version of SSL that has been deprecated since
1996 2011 due to having several security flaws. Current standards (2016) are SSL 3.0 and TLS 1.0TLS1.0-1.2 with SSL being fully deprecated, however, a common finding in Nessus scans of web servers SSLv2 is still enabled. IIS through v7 and Apache with OpenSSL prior to v1.0 have it enabled by default.