TLS1
TLS vs SSL
TLS is the direct successor to SSL, and all versions of SSL are now deprecated. However, it’s common to find the term SSL describing a TLS connection. In most cases, the terms SSL and SSL/TLS both refer to the TLS protocol and TLS certificates.2
Cloudflare DNS
mTLS
Quick Commands
openssl x509 -noout -subject -issuer -ext subjectAltName,extendedKeyUsage -enddate -in cert.pem
HOSTNAME=$(hostname -s)
step ca certificate "$HOSTNAME" cert.pem key.pem \
--provisioner admin \
--san "$HOSTNAME" \
--san "$HOSTNAME.john-stream.com" \
--not-after 30d
step certificate p12 --ca root_ca.crt \
cert.p12 cert.pem key.pem \
--no-password --insecure
File Formats
PEM
Privacy-enhanced mail (PEM) is a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining "privacy-enhanced mail".
Content is surrounded by a header/footer like this, although PRIVATE KEY could be something else like CERTIFICATE
| Purpose | Extension |
|---|---|
| Generic | .pem |
| Certificates | .crt or .cer |
| Keys | .key |
PKCS 12
In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.
-
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.
The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. ↩