The third edition of the OpenSSL Cookbook has been published, you can download it for free
May 25, 2021 | Jindřich Zechmeister
The OpenSSL Cookbook is an invaluable source of information for all server and certificate administrators (PKI in general). With this book, you can easily master the powerful tool that OpenSSL is, without a doubt. You will also learn current best practice.
About the author
The author of the OpenSSL "cookbook" is none other than Ivan Ristić, TLS protocol mentor and promoter. This security researcher is the author of the most widely used SSLlabs security testing tool. He is also the author of two other books, Apache Security and the ModSecurity Handbook, which he publishes through Feisty Duck's own platform (virtual publishing). In addition to developing ModSecurity and SSLlabs, Ivan often participates in conferences focused on TLS and encryption. He is an active member of the security community, whose mission is to popularize the TLS protocol and its proper use; therefore, he also develops tools that make it easier for laymen and professionals to set up TLS correctly and help them get the most out of their encryption.
The scope of the book covers the basic OpenSSL activities, which should be controlled by every server administrator or PKI administrator. These are, for example:
- Key generation and CSR
- Signing certificates
- Obtaining information from the certificate
- Keys and certificates conversion
The book also deals with the configuration of the server that you secure with OpenSSL and TLS in detail. That is its great contribution. The book clearly explains how to set up a modern TLS 1.3 protocol and how to configure server security according to current security requirements. There are even tips for tuning up server performance.
Even more demanding readers can read advanced procedures, such as how to make your own certification authority. This is, of course, "untrustworthy" and unusable in practice, but it is an interesting experience.
Testing with SSLlabs
The second part of the book is devoted to using the SSLlabs server test tool, which - as already mentioned - was created by the author of the book. With this tool, you can test the knowledge and procedures you learnt about in the first part. SSLlabs is an invaluable aid in assessing the level of TLS security on a server and the most popular TLS test ever. In addition to the server setting details, it can also simulate the compatibility of settings with clients and individual versions of their software. It will therefore help you assess the compatibility of the settings with regard to the server’s visitors and users.
The book is free
Possibly the best news is that this book full of information is completely free! You can download it at the Feisty Duck Ltd.’s official website. This third, newly updated edition will serve you for many years.