In this webinar, we will discuss about the basic concept of security, confidentiality, encryption, symmetric and assymetric encryption, SSL certificate, and HTTPS. after that we discuss certificate feature on Mikrotik RouterOS, creating self-signed certificate, and import CA signed certificate to RouterOS. The recording is available on youtube (GLC Networks Channel): https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg

1. www.glcnetworks.com
SSL Certificate with
GLC webinar, 24 august 2017
Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks, Indonesia
1

2. www.glcnetworks.com
Agenda
● Introduction
● SSL certificate
● Mikrotik certificate
● Demo
● Q & A
2

3. www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)
● An Indonesian company
● Located in Bandung
● Areas: Training, IT Consulting
● Mikrotik Certified Training Partner/Consultant/Distributor
● Ubiquiti Certified Trainer/Consultant
● RedHat Certified Trainer
3

4. www.glcnetworks.com
About GLC webinar?
● First webinar: january 1, 2010 (title:
tahun baru bersama solaris - new
year with solaris OS)
● As a sharing event with various
topics: linux, networking, wireless,
database, programming, etc
● Regular schedule: every 2 weeks
● Irregular schedule: as needed
● Checking schedule:
http://www.glcnetworks.com/main/sc
hedule
● You are invited to be a presenter
○ No need to be an expert
○ This is a forum for sharing: knowledge,
experiences, information
4

5. www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah
● Base: bandung, Indonesia
● Linux user (since 1999), Mikrotik user (since 2007),
ubnt user (since 2011)
● Certified Trainer (Mikrotik, Ubiquiti, Redhat)
● Certified Consultant
● Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer
● Personal website: http://achmadjournal.com
● More info:
http://au.linkedin.com/in/achmadmardiansyah
5

6. www.glcnetworks.com
Please introduce yourself
● Your name
● Your company/university?
● Your networking experience?
● Your mikrotik experience?
● Your expectation from this course?
6

7. www.glcnetworks.com
SSL certificate
7

8. www.glcnetworks.com
End-to-end vs intermediary security
End-to-End
● Non-repudiation
● Data confidentiality
● Data integrity
● Privacy
Intermediary:
● Communication security
● Availability
● Access control
● Authentication
8

9. www.glcnetworks.com
Confidentiality
● End-to-end security
● To ensure only authenticated party can read the data
● Technique:
○ Encryption
■ Symmetric
■ Asymmetric
9
Picture from www.digicert.com

10. www.glcnetworks.com
Symmetric encryption
● using same cryptographic keys for both encryption and decryption
● Sometimes requires secret string on both party.
● Only party that has secret key can understand the message
● Example: Twofish, Blowfish, RC4, 3DES
10Picture from www.ssl2buy.com

11. www.glcnetworks.com
Asymmetric encryption
● Uses pairs of keys
○ public keys which may be widely spread
○ private keys which are known only to the owner
● Sender must get the recipient's public key before sending data
● Example: RSA, diffie-hellman
11
Picture from www.ssl2buy.com

12. www.glcnetworks.com
How is the asymmetric keys looks like?
12

13. www.glcnetworks.com
HTTPS
● A technique to secure HTTP communication, using TCP port 443
● Using asymmetric encryption
13
Picture from superuser.com

14. www.glcnetworks.com
Certificate of Authority (CA)
● Organisations that certifies the public keys
● To make sure the public key is legitimate
● Every browser/clients install ca’s public certificate
● Browser will give warning if accessing https with unknown CA
14

15. www.glcnetworks.com
Certificate on mikrotik
15

16. www.glcnetworks.com
SSL certificate usage on mikrotik
● HTTPS access
● Wireless authentication
● PPP
○ SSTP
○ Openvpn
● IPsec
● etc..
16

17. www.glcnetworks.com
Create self-signed cert (1)
17

18. www.glcnetworks.com
Create self-signed cert (2)
Sign the certificate
18

19. www.glcnetworks.com
Create self-signed cert (3)
apply cert on https service
19

20. www.glcnetworks.com
Create self-signed cert (3)
Browser warning
20

21. www.glcnetworks.com
Get legitimate certificate from CA
After the process finish, you will get these files
1. privkey.pem → private key
2. cert.pem → public key
3. chain.pem → chain certificate from CA
4. fullchain.pem → combination of cert.pem and chain.pem. Several webservers
requires fullchain.pem to run https
21

22. www.glcnetworks.com
Import legitimate certificate
22

23. www.glcnetworks.com
No warning anymore...
23

24. www.glcnetworks.com
Notes
● SSL certificate is very sensitive with time
● Make sure the servers / clients are running on correct date that is defined on
certificate
● HTTPS processing requires CPU power
24

25. www.glcnetworks.com
Interested?
Just come to our
training...
Special price for webinar
attendees…
http://www.glcnetworks.c
om/main/schedule
25

26. www.glcnetworks.com
End of slides
● Thank you for your attention
● Please submit your feedback: http://bit.ly/glcfeedback
● Like our facebook page: “GLC networks”
● Slide: http://www.slideshare.net/r41nbuw
● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg
● Stay tune with our schedule
26