Sunday, August 25, 2019

SSL Certificate Cipher Suite



Elliptic-curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel

Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography









Certificate Signing Request
  1. Below is a step by step process how to generate a CSR (certificate Signing Request) and private key. The validation of CSR and issued Certificates.
  2.  Login to a Unix /Linux based Terminal Server via SSH
  3.  At the Unix Prompt # type the following command 
  4.   openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
  5.   Enter the requested information in RED below. Note your yourdomainname.com
  6.   At the end of the process 2 files are generated: yourdomain.csr and yourdomain.key
  7.   Note: your yourdomainname.com yourdomain.csr and yourdomain.key – should all be your actual domain name. Example  mydomain.com, mydoman.com.cer, mydomain.com.key



[myname@server01 ~]$ openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Generating a 2048 bit RSA private key
..................+++
...........................................................+++

writing new private key to 'yourdomain.key'


You are about to be asked to enter information that will be incorporated
into your certificate request.


What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US   
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:mytown
Organization Name (eg, company) [Default Company Ltd]:My Company in Texas
Organizational Unit Name (eg, section) []:Network Services
Common Name (eg, your name or your server's hostname) []:yourdomainname.com
Email Address []: networkgroup@mycompany.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


[myname@server01 ~]$
[myname@server01 ~]$ ls -lt
total 112360
-rwx------  1 myname  1016434     1086 Jul 19 10:48 yourdomain.csr
-rwx------  1 myname  unixuser     1704 Jul 19 10:48 yourdomain.key



[myname@server01 ~]$ openssl req -in yourdomain.csr -noout -text

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=Texas, L=mytown, O=My Company in Texas, OU=Network Services, CN=yourdomainname.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:db:46:3b:df:1a:4a:da:4b:f2:f3:48:13:4f:1c:
                    20:2f:f1:af:9b:42:ef:b1:07:71:ab:f1:d8:0e:5e:
                    b4:e7:9f:cc:a7:a8:b6:31:3f:bb:e1:71:4b:1d:1f:
                    d6:b0:ff:2b:dd:60:c1:c7:1c:e2:b6:a3:5e:c7:ed:
                    eb:69:3f:f6:6d:25:9d:5f:5d:44:e3:3e:d9:f6:f1:
                    7f:90:9b:d7:06:2b:2c:73:1e:29:fe:ba:97:ea:8b:
                    55:9e:1e:90:c7:65:be:ca:30:a9:81:88:6f:73:f8:
                    b6:43:ab:e6:94:01:28:69:c2:3f:6c:28:6c:15:d5:
                    32:89:98:47:38:66:fc:52:23:72:17:58:f6:cb:ab:
                    7b:3b:ab:c8:d7:b8:a8:9a:84:be:81:93:85:64:6c:
                    83:0a:db:fa:80:28:e0:ff:e4:fc:fb:f5:0a:1e:ef:
                    f7:0e:58:18:00:ad:52:5a:79:6f:bb:8c:d1:58:33:
                    cd:96:f7:e9:19:ac:fd:fc:2f:28:65:80:fd:3a:9c:
                    02:c5:30:85:07:8a:97:4d:a0:0d:65:6e:b5:a0:16:
                    a4:83:5d:19:29:9f:2b:d0:10:e0:f0:7c:3e:a8:51:
                    ab:c1:4f:17:9e:7:69:e3:17:48:62:10:1c:d7:db:
                    43:2a:36:2c:c1:a1:e4:20:a5:54:94:77:00:3f:2b:
                    f4:7f
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         22:a5:23:b2:92:95:00:ae:39:ed:c3:7d:6e:de:f7:2b:a6:f4:
         80:5f:15:25:82:cd:87:ce:f4:80:97:75:9f:27:0c:f4:e5:99:
         69:24:f5:25:2a:3b:e6:06:7f:75:d7:7c:8d:bc:bd:92:4f:74:
         13:cc:6a:53:d3:10:51:50:4b:06:b1:dd:bf:d7:fd:74:5b:f8:
         74:c0:c7:37:14:71:54:a7:0b:c4:02:39:21:43:9e:8d:3a:cb:
         8b:bb:3f:9c:6a:6c:ae:f8:6f:20:e9:df:2b:be:c1:2b:7b:31:
         c9:0e:c3:3a:bf:0d:bd:86:11:5d:c1:4c:02:b3:53:f5:e5:0d:
         dd:b6:f5:a2:82:de:21:a0:6c:85:bd:1f:d1:18:48:74:41:53:
         65:43:01:1b:24:c4:f4:ab:26:71:9f:a7:7e:7a:01:97:f0:70:
         3a:57:0c:8b:e1:0d:fd:0b:ff:5b:a0:42:94:3c:24:00:d2:64:
         de:43:87:84:a1:1e:d8:51:29:a2:54:ec:a4:a9:d7:87:c3:87:
         df:f2:31:a5:b6:af:5f:ec:de:8f:7b:c7:9c:a7:5f:6b:00:7f:
         3e:27:05:1b:61:48:50:81:9e:74:6e:6c:12:99:be:eb:63:9b:
         19:3b:f4:12:40:00:10:cb:dd:b5:84:a3:4f:b4:1f:1c:9b:42:
         b5:f0:a5:49
[myname@server01 ~]$





TO INSTALL YOUR CERTIFICATE
*************************
IMPORTANT! Make sure you install any intermediate CA certificates included in this ZIP file before installing your SSL certificate.
*************************

To get detailed installation instructions for your server, go to:
https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=SO25640

CHECK YOUR CERTIFICATE INSTALLATION
To test your newly installed certificate with the SSL Toolbox, go to:
https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

INSTALL NORTON SECURED SEAL
Take advantage of the trust mark that gives customers confidence put the Norton Secured Seal on your site today! Norton Secured Seal is included with your certificate purchase.
To customize and install the seal on your web site, go to:
http://www.symantec.com/ssl/seal-agreement/install.jsp

FOR MORE ASSISTANCE
Visit our customer technical support site:
https://www.symantec.com/contactsupport