OpenSSL Cookbook: A Guide to the Most Frequently Used OpenSSL Features and Commands

For all its warts, OpenSSL is one of the most successful and most important open source projects. It’s successful because it’s so widely used; it’s important because the security of large parts of the Internet infrastructure relies on it. The project consists of a high-performance implementation of key cryptographic algorithms, a complete SSL/TLS and PKI stack, and a command-line toolkit. I think it’s safe to say that if your job has something to do with security, web development, or system administration, you can’t avoid having to deal with OpenSSL on at least some level. The majority of the Internet is powered by open source products, and virtually all of them rely on OpenSSL.

This book covers two ways in which OpenSSL can be used. Chapter 1, OpenSSL, will help users who need to perform routine tasks of key and certificate generation, and configure programs that rely on OpenSSL for SSL/TLS functionality. This chapter also discusses how to create a complete private CA, which is useful for development and similar internal environments. Chapter 2, Testing with OpenSSL, focuses on server security testing using OpenSSL. Although sometimes time consuming, this type of low-level testing can’t be avoided when you wish to know exactly what’s going on.

Both chapters are borrowed from my larger work, called Bulletproof SSL and TLS. I decided to publish the OpenSSL chapters as a separate free book because good documentation is always in great demand. This is particularly true for OpenSSL, which is not very well documented; what you can find on the Internet is often wrong and outdated.

Besides, publishers often give away one or more chapters in order to show what the book is like, and I thought I should make the most of this practice by not only making the OpenSSL chapters free, but also by committing to continue to maintain and improve them over time. So here they are.