All too often we read stories about systems being compromised because an administrative interface was left open and unsecured or because access keys were inadvertently made public. You probably know that HTTPS is “secure”; you may well have experience creating certificate signing requests or using public/private key pairs. But many of us follow the instructions without worrying too much about what’s going on. The next thing you know, you have directories full of mysterious .pem, .csr, and .key files and only the loosest grasp of what they’re there for.
Liz Rice explains what’s going on as she investigates the constituent parts of a certificate and shows how it identifies its owner, details how a secure connection is set up, and discusses why you might need to revoke or rotate certificates along with the implications of those decisions.
This isn’t a talk about cryptography; it’s a practical guide to what is happening under the covers when applications or users need to identify themselves or need a secure channel for communications. You’ll leave with the confidence to use secure connections within your own code and configure the security settings on the tools you use every day.
Liz Rice is the technology evangelist at container security specialists Aqua Security. She has a wealth of software development, team, and product management experience from her years spent working on network protocols and distributed systems and in digital technology sectors such as VOD, music, and VoIP. When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London or racing in virtual reality on Zwift.
©2018, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org