OpenSSL Cookbook

A guide to the most frequently used OpenSSL features and commands, written by Ivan Ristic.

Comprehensive coverage of OpenSSL installation, configuration, and key and certificate management Includes SSL/TLS Deployment Best Practices, a design and deployment guide Written by a well-known practitioner in the field and the author of SSL Labs and the SSL/TLS configuration assessment tool Available in a variety of digital formats (PDF, EPUB, Mobi/Kindle); no DRM Continuously updated OpenSSL Cookbook is built around one chapter from *Bulletproof SSL/TLS and PKI* , a larger work that provides complete coverage of SSL/TLS and PKI topics. **For more information and other digital formats (PDF, EPUB, ...) please visit[feistyduck.com/books/openssl-cookbook/](http://feistyduck.com/books/openssl-cookbook/)**

**TABLE OF CONTENTS:**

Preface

****Chapter 1. OpenSSL Cookbook

Getting Started

Determine OpenSSL Version and Configuration

Building OpenSSL

Examine Available Commands

Building a Trust Store

Key and Certificate Management

Key Generation

Creating Certificate Signing Requests

Creating CSRs from Existing Certificates

Unattended CSR Generation

Signing Your Own Certificates

Creating Certificates Valid for Multiple Hostnames

Examining Certificates

Key and Certificate Conversion

Configuration

Cipher Suite Selection

Performance

Appendix A: SSL/TLS Deployment Best Practices

Introduction

1\. Private Key and Certificate

1.1. Use 2048-bit Private Keys

1.2. Protect Private Keys

1.3. Ensure Sufficient Hostname Coverage

1.4. Obtain Certificates from a Reliable CA

2\. Configuration

2.1. Deploy with Complete and Valid Certificate Chains

2.2. Use Only Secure Protocols

2.3. Use Only Secure Cipher Suites

2.4.