Join Sean Colins for an in-depth discussion in this video Archiving in a secure and recoverable way, part of Understanding Secure Sockets Layer.
- Okay, so thankfully backing up this environment is really easy (laughs) okay? So this is something that not only is it really important that you do this but it is very easy for you to do this so I really, really want this to be part of your daily process, you can even script this if you want to, there is nothing wrong with scripting this process, just make sure that wherever you're storing your files that they are secure, I want you to be certain that your system is not open to being compromised.
The private key, your private key is the security that says you are who you say you are to the rest of the world, it is not meant to leave the system, don't let it, please. So if you're going to back these things up and put them off site, or if you're gonna put them in a drawer or put it on a USB key and put it in a file cabinet somewhere, that's great, just lock it up and make sure that nobody has access to this thing because it is the whole point, if you loose security of the private key and your private certificate, you don't, that's it, you're done.
So here we are in the OpenSSL directory, this just so happens to be where I set up the CA environment this is our openssl.cnf file, this is the CA environment, this is a really good directory to just back up, so if I back out of here, I'm doing this on OS 10, but this is kind of the same everywhere. So here is the OpenSSL directory that we were in and I can flip down this triangle and you can see, yes indeed that is what I was talking about. So if I just select that and I right click and I say compress OpenSSL it's going to say "okay" and because I don't, as this user, have write access into that directory the archive utility that creates ZIP files in OS 10 knows better and it just pops it into my desktop, so conveniently everything is right there.
And the nice thing about creating a zip archive is that you can move this just about anywhere without destroying everything inside of it. If you double click on this, if you open the ZIP file, and ZIP files are compatible on a Windows enviroment or a Linux environment or anywhere you want to put them, they'll come out with the correct permissions, the file structures are all what they're supposed to be, it all just looks great, you just double click on it like that and boom, you've got a folder and inside that folder you've got what you need. So that's terrific, you would just simply just move that back into the file system, what is the only gotcha here? It's permissions, so let's take a look at this.
So System, Library, first of all let's just take a look at that and let's ls -Fla the OpenSSL directory. So here we go, inside of here, you can see everything is owned by root and wheel. So maintaining that ownership level is super, super cool and important as long as you keep your read write levels correct you're going to be fine. So just remember that this is what this looks like functionally, on your directory whenever you get your environment working properly just take a quick snapshot of this.
I mean the screenshot is so easy to take, right? Just command-shift-four on a Mac and you get a little cross-hair and you just drag the box around what you're looking at and boom, you know know exactly what your permission structure was and name that, pop it into a folder along with the files and you know, you can cd into the groundswell, of course a screenshot is only one way to record what's going on your interface, it's a great way to visualize and record long term what a permission structure was on-screen, but you have lots of other ways you can go about doing that.
My point is simply to do it so that you know what those permissions were, so you can get them back to the way that they were whenever you need to restore your files.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.