hands-on lab

Best Practices for Deploying SSL/TLS

Difficulty: Advanced
Duration: Up to 1 hour and 30 minutes
Students: 508
Rating: 4.5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

SSL/TLS is the standard for securing communications over a network. There are clear security benefits of deploying SSL/TLS on your web servers and other applications requiring secure communication. However, there are many decisions to make when deploying SSL/TLS. This lab teaches you about several areas you need to consider before getting hands-on practice with a variety of tools for working with SSL/TLS.

In this lab, you will learn about SSL/TLS best practices and a variety of tools in the SSL/TLS toolkit to help ensure your deployments are configured the way you expect them to be. You will also use tools that help protect you as new vulnerabilities are discovered and the security landscape expands. Cloud Academy's hosted Web Terminal serves as the host and editor for this lab.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Understand and reason about SSL/TLS deployment decisions
  • Analyze SSL/TLS deployments of public and private websites
  • Understand the role of clients in SSL/TLS security
  • Use OpenSSL to create keys and test SSL/TLS deployments
  • Create an internal certificate authority (CA) and sign certificates with it

Lab Prerequisites

You should be familiar with the following:

  • Linux basics such as file permissions and working on the command line
  • The difference between HTTP and HTTPS

Updates

November 21st, 2022 - Updated the lab to use Cloud Academy's hosted Web Terminal

Environment before

Environment after

Covered topics

Lab steps

SSL/TLS Considerations
Auditing SSL/TLS Configuration of Public Websites
Auditing SSL/TLS Configuration of Clients
Working with OpenSSL
Creating a Certificate Authority With OpenSSL
Signing Certificates Using a Certificate Authority
Testing SSL/TLS Deployments with OpenSSL