-->

X509 (SSL) Certificate Training

Duration: 1 day. The course assumes a basic knowledge of LDAP terminology such as attributes, OIDs and ASN.1 or that participants have taken the 2 day LDAP Basic course.

La formation est aussi disponible en français.

Introduction

What are most frequently referred to as SSL certificates are, correctly, named X.509 Certificates. X.509 is one of the DAP series of X.500 standards on which Lightweight Directory Access Protocol (LDAP) is based. The terminology and concepts used in X.509 certificates are exactly th same as that used in LDAP. Some of the horrendous confusion and inconsistency that arises when working with X.509 (SSL) certificates comes from an incomplete understanding of the underlying LDAP/DAP terminology and technology.

Description

Participants will learn about the purpose, terminolgy and organization of X.509 certificates and their position in the chain of trust used to verify public keys. Certificate Authorities (CAs) and the bewidering array of certificate types commecially available are discussed as well as certificate chains and bundles. The TLS handshake protocol phase is outlined to show the use of X.509 certificates (in server, client and mutual authentication). Certificate protocols including verification methods (OCSP) are discussed as well as server techniques used to optimize the process. The major fields of the certificate and the optional V3 extensions are covered (with special emphasis on Subject and subjectAltName). Certificate (PEM and DER) and container formats (PCKS) are covered. Finally, openssl is used as a hands-on example of creation of certificate requests, self-signed certicates and various certificate chaining processes.

Audience:

The course is intended for personnel involved in security including administrators responsible for certificates, security designers, programmers and support staff involved in debugging security issues.

About the Instructor

Ron Aitchison is the author of Pro DNS and BIND (Apress ISBN 1-59059-494-0). Ron has been involved in communications and networking for more years than he cares to admit and is president and founder of Zytrax, Inc. a company specializing in IP communications (wired and wireless), systems development, training and consulting in Montreal, Canada. He has been involved with Open Source for over 15 years and is the primary author of Tech Stuff, DNS for Rocket Scientists, LDAP for Rocket Scientists and Survival guides - TLS/SSL and SSL (X.509) Certificates available as free resources for the community.

Contents

Module 1: X.509 Background and Theory

Module 2: X.509 Detail

Module 3: X.509 Creation and Manipulation

This is mostly a hands on section using OpenSSL.

Other courses: DNS Training, X.509 (SSL) Certificate Training, LDAP Training.