Weinstein.org > Digital World > Technical Papers and Presentations

> > >

mar 15 010

Digital World

ApacheCon US 2002: Las Vegas, November 20, 2002.

Hello World (Slide Two)

Introduction
The Basics:
- Review of Digital Certificates
- A Private Certificate Authority in Action
The Nit anf Gritty
- Creating a Private Certificate Authority
- Publishing the Private Certificate Authority
- Using Our Private Certificate Authority

Notice (Slide Three)

"Persons attempting to find a motive in this narrative will be prosecuted;persons attempting to find a moral will be banished; persons attempting to find a plot will be shot."

- Preface for The Adventures of Huck Finn By Mark Twain

The Basics (Slide Four)

Digital Certificates and Certificate Authorities

Digital Certificates (Slide Five)

SSL Protocol
- Encryption
- Authentication
Digital Certificates
- A Serial Number
- Identifying Information
  - Individual and/or Group Name
  - Location/Contact Information
- Subject's Public Key
- Name of Issuing Certificate Authority
- A "Signature" Of Issuing Certificate Authority
Type Of Digital Certificates
- Root Certificate
- Server Certificate
- CLient Certificate

Certificate Authorities (Slide Six)

Public Certificate Authority; Verisign, Thawte, GeoTrust; recognized by default by most web browsers and web servers; used when no other relation exists between two parties.
Private Certificate Authority; by default not recognized; used when a relationship already exists between two parties.

A PCA in Action (Slide Seven)

Secure valuable data in transit between employees/departments
- Intranet

A PCA in Action (Slide Eight)

Secure valuable data in transit between business/departents
- Extranet

The Nit and Gritty (Slide Nine)

Creating, Publishing and Using a Private Certificate Authority

Creating a Private Certificate Authority (Slide Ten)

A self-signed Root Certificate

Creating a Private Certificate Authority (Slide Eleven)

Configuring OpenSSL:

Creating a Private Certificate Authority (Slide Twelve)

Configuring OpenSSL:

Publishing the Private Certificate Authority (Slide Thirteen)

Setting MIME-type in Apache:

Using Our Private Certificate Authority: Server Certificate (Slide Fourteen)

Creating a Certificate Signing Request:

Using Our Private Certificate Authority: Server Certificate (Slide Fifteen)

Signing the Certificate Signing Request:

Using Our Private Certificate Authority: Server Certificate (Slide Sixteen)

Configuring Apache:

Using Our Private Certificate Authority: Client Certificate (Slide Seventeen)

Creating a Certificate Signing Request:

Using Our Private Certificate Authority: Client Certificate (Slides Eighteen)

Signing the Client Signing Request:

Using Our Private Certificate Authority: Client Certificate (Slide Nineteen)

Configuring Apache:

Using Our Private Certificate Authority: Certificate Revocation List (Slide Twenty)

Revoking an Existing Digital Certificate

Publishing the Private Certificate Authority (Slide Twenty One)

Setting MIME-type in Apache:

Review (Slide Twenty Two)

The Basics:
- Review of Digital Certificates
- A Private Certificate Authority in Action
The Nit and Gritty
- Creating a Private Certificate Authority
- Publishing the Private Certificate Authority
- Using Our Private Certificate Authority

Citation (Slide Twenty Three)

Hirsch, Frederick Introducing SSL and Certificates using SSLeay. 8 Oct 2002 <http://www.pseudonym.org/ssl/wwwj-index.html>.

Engelschall, Ralf User Manual mod_ssl Version 2.8 9 Oct. 2002 <http://www.modssl.org/docs/2.8/>

Resources (Slide Twenty Four)

This Presentation:
- <http://www.weinstein.org/work/presentations/apacheconus02/pca/> (HTML)
- <http://www.weinstein.org/work/presentations/apacheconus02/pca.pdf> (PDF)
CD-ROM
- Whitepaper
- Handout
Upcoming Publication: Mobily, Tony, Paul Weinstein, Mark Wilcox, Debashish Bhattacharjee, Sandip Bhattacharya, Brian Rickabaught. Apache Security. Birmingham: Wrox Press, 2003.

Resources (Slide Twenty Five)

Apache HTTP Server Project
- <http://httpd.apache.org>
Apache Week
- <http://www.apacheweek.com>

Resources (Slide Twenty Six)

mod_ssl Project, <http://www.modssl.org>
- Mailing Lists, List Archives:
OpenSSL Project, <http://www.openssl.org>
- Mailing Lists, List Archives:

Any Questions (Slide Twenty Eight)

It is properly said that the Devil can "quote Scripture to his purpose." The Bible is full of so many stories of contradictory moral purpose that every generation can find scriptural justification for nearly any action it proposes - from incest, slavery, and mass murder to the most refined love, courage, and self-sacrifice. And this moral multiple personality disorder is hardly restricted to Judaism and Christianity. You can find it deep within Islam, the Hindu tradition, indeed nearly all the world's religions. Perhaps then it is ... people who are morally ambiguous.

Scripture is said to be divinely inspired - a phrase with many meanings. But what if it's simply made up by fallible humans? Miracles are attested, but what if they're instead some mix of charlatanry, unfamiliar states of consciousness, misapprehensions of natural phenomena, and mental illness? The fact that so little of the finds of modern science is prefigured in Scripture to my mind casts further doubt on its divine inspiration.

But of course I might be wrong.

-Carl Sagan