SlideShare une entreprise Scribd logo

Understanding SSL Certificate for Apps by Symantec

CheapSSLsecurity
CheapSSLsecurity

All the vital knowledge on the importance of SSL certificate for App security, how chain building works during SSL handshake and pro tips to build a Certificate chain.

Technologie
1  sur  14
Télécharger pour lire hors ligne
SSL for Apps – Brook R. Chelmo 1 Understanding SSL for Apps Brook R. Chelmo Principal Product Marketing Manager
Introduction • SSL/TLS is a core technology; critical to secure communications • The greatest challenge is not technology but implementation • Researchers found widespread errors in non-browser apps • Take the necessary steps to create a stronger & more trustworthy SSL implementation SSL for Apps – Brook R. Chelmo 2
Chain Building • During the SSL handshake the server will return one or more certificates SSL for Apps – Brook R. Chelmo 3
Chain Building • During the SSL handshake the server will return one or more certificates. • Misconfigured web servers may return more or fewer certificates than what is necessary. SSL for Apps – Brook R. Chelmo 4
Chain Building • During the SSL handshake the server will return one or more certificates. • Misconfigured web servers may return more certificates than what is necessary. • You may find a pointer to the certificate’s issuing certificate in the caIssuers entry in its authorityInfoAccess extension. • NOTE: Ignore self-signed certificates. SSL for Apps – Brook R. Chelmo 5
Build a Certificate Chain • Determine the end-entity SSL certificate by building a certificate chain. • The AuthorityKeyIdentifier or Issuer Distinguished Name must match the SubjectKeyIdentifier or Subject Distinguished Name. SSL for Apps – Brook R. Chelmo 6 Root CA Intermediate CA End Entity Certs SKI AKI SKI AKI Chain of Trust Chained Hierarchy
Build a Certificate Chain • Verify that the chain from end-entity to intermediate to root is valid. SSL for Apps – Brook R. Chelmo 7
3 Scenarios Consider which certificates you will trust. Three Options: 1. Trust one certificate. 2. Allow any End-Entity SSL certificate signed by a particular trusted intermediate. Pick only one trusted root and avoid trusting all end-entity certificates that chain up to that root. 3. Require the end-entity to chain up to a certain trusted root and be signed by an intermediate certificate with a specific common name. SSL for Apps – Brook R. Chelmo 8
The 5 End-Entity & Intermediate Checks 1. Note that strings in certificates are stored as a byte length followed by that number of bytes. Don’t assume they’re null- terminated. There may also be different types of encoding such as UTF-8. 2. Check the validity against an accurate time source. 3. Check for either a crlDistributionPoints or authorityInfoAccess extension. 4. The app must be able to recognize & understand “critical” extensions. 5. Check the certificatePolicies extension. SSL for Apps – Brook R. Chelmo 9
The 4 Additional End-Entity Checks 1. Verify the FQDN or IP address appears in the Common Name or the SAN extension (newer certificates). 1. Take into account proper wildcards 2. Reject the certificate if it has more than one common name. 3. IDN certificates should contain a punycode Unicode domain name in the Common Name or SAN 2. If it has a basicConstraints extension, check that the cA flag is set to “false” and the pathLenContraints is set to “zero” 3. If the certificate has a keyUsage extension, check that the digitalSignature and keyEncipherments bits are set. SSL for Apps – Brook R. Chelmo 10
The 4 Additional End-Entity Checks 4. If the certificate contains an extKeyUsage extension, the extension value must be either the special anyExtendedKeyUsage value, or if it contains special purpose OIDs, then id-kp-serverAuth must be included. SSL for Apps – Brook R. Chelmo 11
The 3 Additional Intermediate Checks 1. Must contain a basicConstraints extension with a cA flag of “true.” 2. Must contain a keyUsage extension with a keyCertSign set. 3. Check that any name or policy constraints are consistent with those in the certificates beneath it in the chain. SSL for Apps – Brook R. Chelmo 12
Conclusion SSL for Apps – Brook R. Chelmo 13 Proper SSL provides confidentiality, authentication, and integrity without interception or modification. Symantec is leading the way in security and authentication practices by working with browser developers, customers, bloggers, & other stakeholders to build a better security ecosystem.
Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. SSL for Apps – Brook R. Chelmo 14 Symantec World Headquarters 350 Ellis Street Mountain View, CA 94043 USA 1 (866) 893 6565 www.symantec.com

Recommandé

Microsoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowMicrosoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowCheapSSLsecurity
 
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingShift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingCheapSSLsecurity
 
Adwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAdwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAnju Gigoo
 
Vps server 14
Vps server 14Vps server 14
Vps server 14WanetaCuomo35
 
JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!
JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!
JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!Wilco Alsemgeest
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?Lai Yoong Seng
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1eSam Kumarsamy
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet worldjamesbarns729
 

Recommandé

Microsoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowMicrosoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowCheapSSLsecurity
 
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingShift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingCheapSSLsecurity
 
Adwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAdwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAnju Gigoo
 
Vps server 14
Vps server 14Vps server 14
Vps server 14WanetaCuomo35
 
JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!
JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!
JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!Wilco Alsemgeest
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?Lai Yoong Seng
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1eSam Kumarsamy
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet worldjamesbarns729
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL ExplainedSymantec Website Security
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & ComplianceNuno Godinho
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
SSL f or WordPress Websites
SSL f or WordPress WebsitesSSL f or WordPress Websites
SSL f or WordPress WebsitesPaul Cook
 
Azlan Security Offering
Azlan Security OfferingAzlan Security Offering
Azlan Security OfferingGianandrea Daverio
 
Ssl pinning and hsts header
Ssl pinning and hsts headerSsl pinning and hsts header
Ssl pinning and hsts headerSaleem M
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview Dr.Sami Khiami
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2
 
Web Application Scanning 101
Web Application Scanning 101Web Application Scanning 101
Web Application Scanning 101Sasha Nunke
 
Chapter4:Be The Attacker
Chapter4:Be The Attacker Chapter4:Be The Attacker
Chapter4:Be The Attacker Dr.Sami Khiami
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 

Contenu connexe

Tendances

F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & ComplianceNuno Godinho
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
SSL f or WordPress Websites
SSL f or WordPress WebsitesSSL f or WordPress Websites
SSL f or WordPress WebsitesPaul Cook
 
Ssl pinning and hsts header
Ssl pinning and hsts headerSsl pinning and hsts header
Ssl pinning and hsts headerSaleem M
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview Dr.Sami Khiami
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2
 
Web Application Scanning 101
Web Application Scanning 101Web Application Scanning 101
Web Application Scanning 101Sasha Nunke
 
Chapter4:Be The Attacker
Chapter4:Be The Attacker Chapter4:Be The Attacker
Chapter4:Be The Attacker Dr.Sami Khiami
 

Tendances (20)

Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle Database
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets management
 
SSL f or WordPress Websites
SSL f or WordPress WebsitesSSL f or WordPress Websites
SSL f or WordPress Websites
 
Azlan Security Offering
Azlan Security OfferingAzlan Security Offering
Azlan Security Offering
 
Ssl pinning and hsts header
Ssl pinning and hsts headerSsl pinning and hsts header
Ssl pinning and hsts header
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
 
State of the Web
State of the WebState of the Web
State of the Web
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
SSL overview
SSL overviewSSL overview
SSL overview
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release Webinar
 
Web Application Scanning 101
Web Application Scanning 101Web Application Scanning 101
Web Application Scanning 101
 
Chapter4:Be The Attacker
Chapter4:Be The Attacker Chapter4:Be The Attacker
Chapter4:Be The Attacker
 

Similaire à Understanding SSL Certificate for Apps by Symantec

[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 
Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Alexandra N. Martinez
 
The Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptxThe Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptxawakish
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityT.Rob Wyatt
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
Certificate pinning v certificate transparency
Certificate pinning v certificate transparencyCertificate pinning v certificate transparency
Certificate pinning v certificate transparencyDianaKhersonskaia
 
IBM Streams V4.1 and User Authentication with Client Certificates
IBM Streams V4.1 and User Authentication with Client CertificatesIBM Streams V4.1 and User Authentication with Client Certificates
IBM Streams V4.1 and User Authentication with Client Certificateslisanl
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Demystify internal certificates requirements for lync server
Demystify internal certificates requirements for lync serverDemystify internal certificates requirements for lync server
Demystify internal certificates requirements for lync serverThomas Poett
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLGlobalSign
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
bcs_sb_TechPartner_SSL_SafeNet_EN_v1e
bcs_sb_TechPartner_SSL_SafeNet_EN_v1ebcs_sb_TechPartner_SSL_SafeNet_EN_v1e
bcs_sb_TechPartner_SSL_SafeNet_EN_v1eSam Kumarsamy
 

Similaire à Understanding SSL Certificate for Apps by Symantec (20)

[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 
Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3
 
The Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptxThe Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptx
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
 
Understanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdfUnderstanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdf
 
Certificate pinning v certificate transparency
Certificate pinning v certificate transparencyCertificate pinning v certificate transparency
Certificate pinning v certificate transparency
 
IBM Streams V4.1 and User Authentication with Client Certificates
IBM Streams V4.1 and User Authentication with Client CertificatesIBM Streams V4.1 and User Authentication with Client Certificates
IBM Streams V4.1 and User Authentication with Client Certificates
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
Demystify internal certificates requirements for lync server
Demystify internal certificates requirements for lync serverDemystify internal certificates requirements for lync server
Demystify internal certificates requirements for lync server
 
SSL Pinning
SSL PinningSSL Pinning
SSL Pinning
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
bcs_sb_TechPartner_SSL_SafeNet_EN_v1e
bcs_sb_TechPartner_SSL_SafeNet_EN_v1ebcs_sb_TechPartner_SSL_SafeNet_EN_v1e
bcs_sb_TechPartner_SSL_SafeNet_EN_v1e
 

Plus de CheapSSLsecurity

What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityCheapSSLsecurity
 
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorHow to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorCheapSSLsecurity
 
Apache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideApache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideCheapSSLsecurity
 
Multi Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityMulti Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityCheapSSLsecurity
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?CheapSSLsecurity
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017CheapSSLsecurity
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 
Is your business PCI DSS compliant? You’re digging your own grave if not
Is your business PCI DSS compliant? You’re digging your own grave if notIs your business PCI DSS compliant? You’re digging your own grave if not
Is your business PCI DSS compliant? You’re digging your own grave if notCheapSSLsecurity
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
Quantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forQuantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forCheapSSLsecurity
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingCheapSSLsecurity
 
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityThawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityCheapSSLsecurity
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityCheapSSLsecurity
 
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerceWhy Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerceCheapSSLsecurity
 
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
4 Major Reasons for Big Organizations to Have Wildcard SSL CertificatesCheapSSLsecurity
 
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurityComodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurityCheapSSLsecurity
 

Plus de CheapSSLsecurity (20)

What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple Examples
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
 
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorHow to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
 
Apache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideApache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting Guide
 
Multi Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityMulti Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurity
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and Keytool
 
What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018
 
Is your business PCI DSS compliant? You’re digging your own grave if not
Is your business PCI DSS compliant? You’re digging your own grave if notIs your business PCI DSS compliant? You’re digging your own grave if not
Is your business PCI DSS compliant? You’re digging your own grave if not
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
 
Quantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forQuantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out for
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs Encoding
 
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityThawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
 
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerceWhy Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
 
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
 
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurityComodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
 

Dernier

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Dernier (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Understanding SSL Certificate for Apps by Symantec

  • 1. SSL for Apps – Brook R. Chelmo 1 Understanding SSL for Apps Brook R. Chelmo Principal Product Marketing Manager
  • 2. Introduction • SSL/TLS is a core technology; critical to secure communications • The greatest challenge is not technology but implementation • Researchers found widespread errors in non-browser apps • Take the necessary steps to create a stronger & more trustworthy SSL implementation SSL for Apps – Brook R. Chelmo 2
  • 3. Chain Building • During the SSL handshake the server will return one or more certificates SSL for Apps – Brook R. Chelmo 3
  • 4. Chain Building • During the SSL handshake the server will return one or more certificates. • Misconfigured web servers may return more or fewer certificates than what is necessary. SSL for Apps – Brook R. Chelmo 4
  • 5. Chain Building • During the SSL handshake the server will return one or more certificates. • Misconfigured web servers may return more certificates than what is necessary. • You may find a pointer to the certificate’s issuing certificate in the caIssuers entry in its authorityInfoAccess extension. • NOTE: Ignore self-signed certificates. SSL for Apps – Brook R. Chelmo 5
  • 6. Build a Certificate Chain • Determine the end-entity SSL certificate by building a certificate chain. • The AuthorityKeyIdentifier or Issuer Distinguished Name must match the SubjectKeyIdentifier or Subject Distinguished Name. SSL for Apps – Brook R. Chelmo 6 Root CA Intermediate CA End Entity Certs SKI AKI SKI AKI Chain of Trust Chained Hierarchy
  • 7. Build a Certificate Chain • Verify that the chain from end-entity to intermediate to root is valid. SSL for Apps – Brook R. Chelmo 7
  • 8. 3 Scenarios Consider which certificates you will trust. Three Options: 1. Trust one certificate. 2. Allow any End-Entity SSL certificate signed by a particular trusted intermediate. Pick only one trusted root and avoid trusting all end-entity certificates that chain up to that root. 3. Require the end-entity to chain up to a certain trusted root and be signed by an intermediate certificate with a specific common name. SSL for Apps – Brook R. Chelmo 8
  • 9. The 5 End-Entity & Intermediate Checks 1. Note that strings in certificates are stored as a byte length followed by that number of bytes. Don’t assume they’re null- terminated. There may also be different types of encoding such as UTF-8. 2. Check the validity against an accurate time source. 3. Check for either a crlDistributionPoints or authorityInfoAccess extension. 4. The app must be able to recognize & understand “critical” extensions. 5. Check the certificatePolicies extension. SSL for Apps – Brook R. Chelmo 9
  • 10. The 4 Additional End-Entity Checks 1. Verify the FQDN or IP address appears in the Common Name or the SAN extension (newer certificates). 1. Take into account proper wildcards 2. Reject the certificate if it has more than one common name. 3. IDN certificates should contain a punycode Unicode domain name in the Common Name or SAN 2. If it has a basicConstraints extension, check that the cA flag is set to “false” and the pathLenContraints is set to “zero” 3. If the certificate has a keyUsage extension, check that the digitalSignature and keyEncipherments bits are set. SSL for Apps – Brook R. Chelmo 10
  • 11. The 4 Additional End-Entity Checks 4. If the certificate contains an extKeyUsage extension, the extension value must be either the special anyExtendedKeyUsage value, or if it contains special purpose OIDs, then id-kp-serverAuth must be included. SSL for Apps – Brook R. Chelmo 11
  • 12. The 3 Additional Intermediate Checks 1. Must contain a basicConstraints extension with a cA flag of “true.” 2. Must contain a keyUsage extension with a keyCertSign set. 3. Check that any name or policy constraints are consistent with those in the certificates beneath it in the chain. SSL for Apps – Brook R. Chelmo 12
  • 13. Conclusion SSL for Apps – Brook R. Chelmo 13 Proper SSL provides confidentiality, authentication, and integrity without interception or modification. Symantec is leading the way in security and authentication practices by working with browser developers, customers, bloggers, & other stakeholders to build a better security ecosystem.
  • 14. Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. SSL for Apps – Brook R. Chelmo 14 Symantec World Headquarters 350 Ellis Street Mountain View, CA 94043 USA 1 (866) 893 6565 www.symantec.com