# Transport Layer Security (TLS)

The protection of online communication is a critical concern in today's digital world. One of the most widely-used solutions to this challenge is Transport Layer Security (TLS). This protocol is specifically designed to ensure the confidentiality and integrity of communications over the Internet. The primary application of TLS is the encryption of communications between web applications and servers, such as when a web browser accesses a website. However, it can also be used to secure other forms of digital communication, such as email, messaging, and voice over IP (VoIP).



First we'll look at an actual certificate. Starting with USD's.

Open a cell (if needed) and run the openssl command: 

<code>openssl s_client -connect www.sandiego.edu:443 < /dev/null 2> /dev/null</code>
    
This connects to the webserver for USD and displays their certificate.<br>
    <code>< /dev/null</code> is one way to avoid commands from having to wait for input.<br>
    

In [1]:
!openssl s_client -connect www.sandiego.edu:443 < /dev/null 2> /dev/null

CONNECTED(00000003)
---
Certificate chain
 0 s:C = US, ST = California, O = University of San Diego, CN = www.sandiego.edu
   i:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 13 00:00:00 2023 GMT; NotAfter: Feb 13 23:59:59 2024 GMT
 1 s:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Oct  6 00:00:00 2014 GMT; NotAfter: Oct  5 23:59:59 2024 GMT
 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Mar 12 0

Examine the USD certificate to answer the following:

1. When does the certificate expire?
1. By name, what cipher does it use? Explain what that is.
1. How long is the key?
1. Is the certificate for a CA? Why?


Answer:
1. February 13, 2024
2. Cipher : ECDHE-RSA-AES256-GCM-SHA384
3. Server public key is 2048 bit
4. Yes CN = RSA Server CA, AAA




Is the certificate self-signed? 
* If it is, how can you tell? 
* If it is not, who signed it? 
 

1. What version of TLS was used to for this connection? 
1. What is the current version of TLS? 
1. Why do you think it does not use the current version? 


Try reconnecting, but specify TLSv1.3.<br>

`openssl s_client -connect www.sandiego.edu:443 -tls1_3`

What happens?</div>

In [2]:
!openssl s_client -connect www.sandiego.edu:443 -tls1_3


CONNECTED(00000003)
2020A58AFFFF0000:error:0A00042E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1584:SSL alert number 70
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 250 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---


Now look at the certificate from Google. Use www.google.com for the servername.

Compare the output. In what significant ways does it differ from that of USD's certificate?


## Examining Certificates

Next we'll look at some certificates already saved. As these are text, you can use the "cat <cert file name>" command to view them in their encoded form.
    
You can have openssl decode them for you.
    
Use commands of the form:
    <code>openssl x509 -text -noout -in "\<cert file name\>"    </code>
    
Open up individual cells and try it on the certificate files "pkilab1.crt", "pkilab2.crt" and "pkilab3.crt"
    

In [3]:
!openssl x509 -text -noout -in "pkilab1.crt"


Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:b9:c7:15:48:42:d6:f0:58:81:27:3a:12:47:ae:01
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
        Validity
            Not Before: Jun  1 17:19:55 2022 GMT
            Not After : Jun 30 17:19:55 2023 GMT
        Subject: C = US, ST = District of Columbia, L = Washington, O = U.S. Department of Justice, CN = usdoj.gov
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c3:b2:bd:f0:ee:c7:0b:a7:c0:0e:0e:1e:b0:25:
                    78:63:8c:2e:46:8b:04:5f:c5:92:2c:8b:ab:29:21:
                    dd:47:52:da:56:4e:8a:54:7c:5e:ab:0e:b3:ad:26:
                    73:be:db:0e:3f:a0:d2:47:05:1d:32:20:3b:b

Answer for each:
* What organization is the certificate for?
* Who signed it?
* How many months is it valid for?
* How large is the key?

For: "pkilab1.crt"

In [None]:
Internet2
USD
Mar 9 2023
2048

!openssl x509 -text -noout -in "pkilab1.crt"
For: "pkilab2.crt"

In [6]:
!openssl x509 -text -noout -in "pkilab2.crt"


Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:89:50:35:87:07:33:5e:40:c0:9a:37:34:36:27:74:0e:c0:07:9c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = California, L = San Jose, O = Netgear, CN = www.routerlogin.net, emailAddress = support@netgear.com
        Validity
            Not Before: Sep 23 14:59:32 2021 GMT
            Not After : Sep 21 14:59:32 2031 GMT
        Subject: C = US, ST = California, L = San Jose, O = Netgear, CN = www.routerlogin.net, emailAddress = support@netgear.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:f7:98:6d:78:0f:d8:0d:81:7d:4f:a1:b4:ca:2d:
                    28:48:ac:6e:b5:1b:e7:b7:c2:bb:0c:55:66:c9:df:
                    14:d4:7a:85:23:8c:51:c0:a1:3f:4d:6e:9d:70:bc:
                    06:ce:f4:ed:ed:63:38:b1:88:9e:25:ae:4f:c0:58:
                    f

For: "pkilab3.crt"

In [7]:
!openssl x509 -text -noout -in "pkilab3.crt"


Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:20:de:89:f9:cb:aa:6b:48:e8:dd:63:ef:e8:a9:d1
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
        Validity
            Not Before: Mar  9 00:00:00 2022 GMT
            Not After : Mar  9 23:59:59 2023 GMT
        Subject: C = US, ST = California, O = University of San Diego, OU = Library & Web Services, CN = www.sandiego.edu
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b5:d0:bf:3d:e7:4c:ce:ca:ae:ea:57:7f:c6:f3:
                    36:ba:56:fa:9f:36:98:08:24:c8:0b:21:d8:48:5a:
                    97:09:80:50:6d:69:18:18:6e:55:11:b7:8c:94:ce:
                    32:43:0f:50:d4:9b:62:62:43:d8:50:35:86:45:d9:
                    27:a3:7c:3c:e1:3b:a0:ac:83:a2:6c:e3:ad:05:f9

## Subject Alternative Names

The Subject Alternative Name (SAN) section of an x509 certificate is an extension that allows additional, alternative identities to be associated with the subject of the certificate. These identities can be in the form of IP addresses, DNS names, email addresses, and so on. The SAN section can be used to specify multiple identities for a single certificate, which allows for more efficient use of certificates, as well as greater flexibility in the deployment of secure servers. It also eliminates the need for multiple IP-based certificates for a single server.

If you examine these certificates, you'll see the "Subject Alternative Names" (SAN) section. 

In any of the certificates, are any of the server names on different domains? If so, which certificate(s) and which domains?

## Installed Certificates

Your computer has many saved certificates installed. These may be for your web browser or the system itself. These are used to validate other certificates. 

The common location for them in on Linux is /usr/share/ca-certificates/mozilla/. Each is an individual file.

Take a look the list of files in your certificates directory. Get a feel for how many and the organizations present.

In [8]:
!ls /usr/share/ca-certificates/mozilla/*

 /usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
 /usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
 /usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
 /usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt
 /usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
 /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
 /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
 /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
 /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
 /usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
 /usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
 /usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
 /usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
 /usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
 /usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
 /usr/share/ca-certificates/mozilla/Baltim

How many certificates are there? <br>
&nbsp;&nbsp;&nbsp;&nbsp; *hint: `wc -l` gives you the number of lines output, e.g. `ll | wc -l`*

In [11]:
!ls /usr/share/ca-certificates/mozilla/ | wc -l

124


How many are expired?

In [14]:
!find /usr/share/ca-certificates/mozilla/ -iname "*.crt" -exec openssl x509 -enddate -noout -in {} \; | grep -B1 "Certificate" | grep "notAfter" | while read -r line ; do expiry_date=$(echo "$line" | cut -d= -f 2); expiry_epoch=$(date -d "$expiry_date" +%s); current_epoch=$(date +%s); if [ "$expiry_epoch" -lt "$current_epoch" ]; then echo "$line"; fi; done | wc -l

0


Hint: example bash shell template to extract expiration date information:

<code>for F in _path_to_certificate_files_ ; do _openssl_cmd_to_decode_certificates_ -in $F ; done | grep "Not After" | cut -d: -f2- | sort -k7 | head
</code><br>
*note: be aware of lines that do not parse properly and take those into consideration*

In [17]:
!for file in *.crt; do openssl x509 -noout -dates -in "$file"; done

notBefore=Jun  1 17:19:55 2022 GMT
notAfter=Jun 30 17:19:55 2023 GMT
notBefore=Sep 23 14:59:32 2021 GMT
notAfter=Sep 21 14:59:32 2031 GMT
notBefore=Mar  9 00:00:00 2022 GMT
notAfter=Mar  9 23:59:59 2023 GMT


Look at the range of signature algorithms used.

Hint: This can be done by searching through all the decoded certificates for the lines where the signature algorithm is used.
1. Look back at the decoded certificates. What text in the decoded certificate holds the signature algorithm?
1. How did we do something similar before?
1. The bash command <code>cut -d <i>delimeter</i> -f <i>fields</i></code> lets you extract portions of output. The delimiter is the character that separates fields.
1. `sort` sorts the output
1. `uniq` returns the number of unique values. Adding the `-c` option also returns the count of each. The list must be sorted for uniq to work.<br><br>
e.g., <code>for F in <i>path_to_certificate_files</i> ; do <i>openssl_cmd_to_decode_certificates</i> -in $F ; done | grep "<i>text_to_match</i>" | cut -d: -f2 | sort | uniq -c</code>

In [27]:
!for file2 in *.crt; do echo "$file2"; openssl x509 -in "$file2" -text -noout | awk -F': ' '/Signature Algorithm/{print $2}'; done

pkilab1.crt
sha256WithRSAEncryption
sha256WithRSAEncryption
pkilab2.crt
sha256WithRSAEncryption
sha256WithRSAEncryption
pkilab3.crt
sha256WithRSAEncryption
sha256WithRSAEncryption


In [18]:
!openssl x509 -in "pkilab1.crt" -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:b9:c7:15:48:42:d6:f0:58:81:27:3a:12:47:ae:01
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
        Validity
            Not Before: Jun  1 17:19:55 2022 GMT
            Not After : Jun 30 17:19:55 2023 GMT
        Subject: C = US, ST = District of Columbia, L = Washington, O = U.S. Department of Justice, CN = usdoj.gov
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c3:b2:bd:f0:ee:c7:0b:a7:c0:0e:0e:1e:b0:25:
                    78:63:8c:2e:46:8b:04:5f:c5:92:2c:8b:ab:29:21:
                    dd:47:52:da:56:4e:8a:54:7c:5e:ab:0e:b3:ad:26:
                    73:be:db:0e:3f:a0:d2:47:05:1d:32:20:3b:b

1. Signature Algorithm: sha256WithRSAEncryption
2. we wrote a bash command
3. There are 6

Examine the range of signature methods used?  Do any seem insecure?

In [29]:
# Using the provided one-liner, you can extract the signature algorithms for all the .crt files in the directory:
!for file2 in *.crt; do echo; echo "$file2"; openssl x509 -in "$file2" -text -noout | awk -F': ' '/Signature Algorithm/{print $2}'; done



pkilab1.crt
sha256WithRSAEncryption
sha256WithRSAEncryption

pkilab2.crt
sha256WithRSAEncryption
sha256WithRSAEncryption

pkilab3.crt
sha256WithRSAEncryption
sha256WithRSAEncryption


## Reverse Proxies
In some situations an IP address serves multiple web-servers.

Try using <i>openssl s_client -connect</i> to connect to the web server at 172.66.40.248 *(look back to the labs first parts where we first did this.)*

To be sure you did establish some connection, check that the response you get starts with CONNECTED.


Even though you successfully connected to the server you got an error because that IP serves multiple servers. This is known as a reverse proxy. The problem is that openssl sets the servername to be the same as what is given for the connect option.

Try again but add `-servername baeldung.com` to the command.

In [31]:
!openssl s_client -connect openssl s_client -connect -servername baeldung.com

s_client: Use -help for summary.


### This concludes the lab.

Use File > Save and Export Notebook as... > HTML