SSL (Dr.

Kamel)

SSL (Secure Socket Layer):

 SSL provides a secure channel between two machines or devices operating
over the internet or an internal network.
 SSL is standard technology for securing an internet connection by
encrypting data sent between a website and a browser (or between two
servers).
 SSL is used to secure communication between a web browser and a web
server.
 It prevents hackers ‫ المتسللين‬from seeing or stealing ‫ سرقة‬any information
transferred, including personal or financial data.
 It is a security protocol that creates an encrypted link between a web server
and a web browser.
 Companies and organizations need to add SSL certificates to their websites
to secure online transactions ‫ المعامالت‬and keep customer information
private and secure.
 An SSL certificate is a bit of code on your web server that provides security
for online communications.
 When a web browser contacts your secured website, the SSL certificate
enables an encrypted connection.
 It turns a website's address from HTTP to HTTPS
 It establishes encrypted links between clients and servers.
 It's kind of like sealing a letter ‫ ختم خطاب‬in an envelope before sending it
through the mail.

 SSL verification: ‫َتَح ّقق‬

 SSL certificate verification is the process of confirming the authenticity ‫أكيد‬
‫ صحة‬and validity ‫ صالحية‬of an SSL certificate presented by a website or
server.
 SSL certificates are digital certificates that are used to establish a secure
connection between a client (such as a web browser) and a server.

 SSL certificates levels of validation:

 SSL certificates come in three levels of validation:
 Extended Validation (EV) ‫التحقق من الصحة الموسعة‬
 Organization Validation (OV) ‫التحقق من صحة المنظمة‬
 Domain Validation (DV) ‫التحقق من صحة المجال‬
 The higher the certificate level, the more in-depth and rigorous ‫ صارم‬the
authentication processes and, ultimately‫اخير‬, the more confidence ‫ثقة‬and
trust you will ideally establish with visitors.
 But EV SSL certificates are more trustworthy ‫ أكثر جدارة بالثقة‬than other
types of SSL certificates.

 SSL security flaws ‫عيوب أمنية‬

 SSL relies ‫تعتمد‬on the use of trusted digital credentials ‫اوراق اعتماد‬and
both symmetric and asymmetric cryptographic techniques to establish
sessions between clients and servers.
 If the digital certificates used to authenticate the identity‫ هوية‬of a web
server can be stolen ‫سرقت‬or copied, SSL can be compromised. ‫مساومة‬
 Many organizations knowingly ‫على علم‬or unknowingly exploit‫يستغل‬
weak SSL protocols and cipher suites ‫ اجنحة التشفير‬in their domain servers
‫خوادم المجال‬which makes their website vulnerable‫معرض‬ to various
MITM attacks.
 To play safe,‫اللعب بأمان‬ they have to identify those weak ciphers, disable
‫ يبطلها‬them and re-configure the domain servers. ‫إعادة تكوين خوادم المجال‬

 Faulty installation ‫التثبيت الخاطىء‬is one of the most common SSL issues.
 It can happen for a variety of reasons, such as incorrect server configuration
‫ اعدادات‬or an outdated root certificate. ‫شهادة الجذر التى عفى عليها‬
‫الزمن‬In some cases, it can even be caused by malware on the server.
 Whatever the cause, faulty installation can lead to serious security
vulnerabilities.

 The vulnerability of SSL:

 Heart bleed bug is vulnerability ‫ علة نزيف القلب هي الضعف‬in the Open
SSL, a popular open source cryptographic library ‫ مكتبة التشفير‬that helps in
the implementation of SSL and TLS protocols.
 This bug ‫ حشرة‬allows attackers to steal ‫ لسرقة‬private keys attached to
SSL certificates, usernames, passwords and other sensitive data without
leaving a trace. ‫دون ترك أثر‬

 SSL error?
 An SSL certificate error occurs when a web browser can't verify the SSL
certificate installed on a site.
 Rather than connect users to your website, the browser will display an error
message, warning users that the site may be insecure.

 SSL attacks:
 An SSL attack targets ‫األهداف‬the SSL handshake ‫ مصافحة‬protocol either
by sending worthless data ‫ بيانات ال قيمة لها‬to the SSL server which will
result in connection issues for legitimate ‫ شرعي‬users or by abusing ‫عن‬
‫ طريق اإلساءة‬the SSL handshake protocol itself.

 SSL failure: ‫فشل‬

 SSL Handshake failed error occurs when a secure connection fails to be
established between a server and a client.

 SSL breaches: ‫خروقات‬

 Breaches can occur, and when they involve compromised certificates ‫تنطوي‬
‫ على شهادات للخطر‬or keys, the consequences can be severe. ‫يمكن أن تكون‬
‫العواقب وخيمة‬
 SSL Checker: ‫مدقق‬
 You can verify the SSL certificate on your web server to make sure it is
correctly installed, valid, trusted and doesn't give any errors to any of your
users.
 To use the SSL Checker, simply enter your server's public hostname ‫اسم‬
‫( المضيف العام‬internal hostnames aren't supported) in the box below and
click the Check SSL button.

 Can SSL be broken?

 Lengthy Key Sizes:‫ أحجام المفاتيح الطويلة‬SSL encryption relies on
cryptographic keys to secure data.
 The computational power ‫القوة الحسابية‬required to break such keys using
brute-force attacks is beyond the capabilities of hackers ‫يفوق قدرات‬
‫المتسللين‬and even advanced computing systems.

 SSL Protocols
 Each message sent during a session is called a record.
 SSL consists of two protocols:
o The record protocol,
o The handshake protocol.

 The record protocol controls the flow of the data between the two endpoints
of an SSL session. ‫جلسة‬
 The handshake protocol authenticates one or both endpoints of the SSL
session and establishes a unique symmetric key used to generate keys to
encrypt and decrypt data for that SSL session.
 Handshake Protocol is used to establish sessions.
 Handshake Protocol allows the client and server to authenticate each other
by sending a series of messages to each other.

 An example of SSL
 One common example is when SSL is used to secure communication
between a web browser and a web server.
 This turns a website's address from HTTP to HTTPS, the 'S' standing for
'secure'.
 How SSL is working?

 The web server sends the browser/server a copy of its SSL certificate. The
browser/server checks to see whether or not it trusts the SSL certificate.
 If so, it sends a message to the web server.
 The web server sends back a digitally signed acknowledgement to start an
SSL encrypted session. ‫جلسة مشفرة‬

 SSL structure? ‫بناء‬

 SSL (SSL Connection) this is the main SSL/TLS structure which is created
by a server or client per established connection. ‫لكل اتصال ثابت‬
 This actually is the core structure in the SSL API (Application Programming
Interface).
 At run-time ‫ في وقت التشغيل‬the application usually deals with this
structure ‫ بناء‬which has links to mostly all other structures. ‫والتى لها روابط‬
‫فى الغالب بجميع الهياكل األخرى‬

 SSL Encryption keys:

 Encryption keys are created in pairs, a public key and its associated
‫ المرتبطة بها‬private key.
 Data encrypted with a given public key can be decrypted only with the
associated private key; this means that data is readable ‫ قابلة للقراءة‬by only
the intended recipient.
 The SSL/TLS protocol uses a pair of keys:
 Private key
 Public
 These keys is used to authenticate, secure and manage secure connections.
 These keys are a linked pair ‫هما زوجان مرتبطان‬of text files and are created
together as a pair when you create your Certificate Signing Request (CSR).
 When performing authentication, SSL uses a technique called public-key
cryptography.
 Public-key cryptography is based on the concept of a key pair, which
consists of a public key and a private key.
 Data that has been encrypted with a public key can be decrypted only with
the corresponding private key.

 It is not possible to install an SSL certificate on the Load Master ‫سيد‬

‫التحميل‬without the private key.
 A new CSR (certificate signing request) must be generated to create a new
private key. This can be done within Certificates & Security > Generate
CSR.
 SSL uses public-key algorithms to exchange ‫يبادل‬encryption key
information and digital certificate information for authentication.
 Public-key cryptography (also known as asymmetric cryptography) uses two
different encryption keys.
o A public key to encrypt data and an associated‫مرتبط‬ private key to
decrypt it.

 When performing authentication, ‫ المصادقة‬SSL uses a technique

called public-key cryptography.
 Private key is the single most important component of your SSL
certificate.
 Private Key is used for authentication and a symmetric key exchange ‫تبادل‬
during establishment of an SSL/TLS session.
 Private Key is a part of the public key infrastructure ‫ بنية تحتية‬that is
generally used in case of SSL certificates.
 The Private key is a code that is generated along with CSR code, which you
submit to our website during the SSL activation. ‫التنشيط‬
 Both codes are generated in pair on the hosting server for the website.
 The private key is uniquely associated ‫ المرتبطة بشكل فريد‬with the owner
and is not made public ‫ لم يتم األعالن عنها‬.
 The private key is used to compute a digital signature that may be verified
using the corresponding public key.

 How do I get a private key?

Locating a private key in Windows
1. Open Microsoft Management Console.‫وحدة ادارة‬
2. In the Console Root,‫ فى جذر وحدة التحكم‬expand Certificates (Local
Computer)
3. Locate the certificate in the Personal or Web Server folder.
4. Right click the certificate.

5. Select Export.‫حدد تصدير‬

6. Follow the guided wizard. ‫معالج موجه‬

 How to create SSL key?

o Steps to generate a key and CSR.Configure ‫تكوين‬
o A certificate for multiple domain names. ‫ألسماء النطاقات المتعددة‬
o Set the Open SSL configuration environment variable (optional)
o Generate a key.
o Create a certificate signing request to send to a certificate authority.
o Send the CSR to a certificate authority to obtain an SSL certificate.
 How long is an SSL key?
 As per the current technological standard, the 2048-bit SSL RSA key length
is considered secure.
 A 1024-bit key is outdated, and a 4096-bit SSL key is the latest one and isn't
yet supported by most browsers.

 SSL Certificates:
 An SSL certificate is a bit of code on your web server that provides security
for online communications.
 When a web browser contacts your secured website, the SSL certificate
enables an encrypted connection.
 It's kind of like sealing a letter ‫ختم خطاب‬in an envelope before sending it
through the mail.
 These digital certificates are data files used to cryptographically link ‫رابط‬
‫ التشفير‬an entity ‫ كيان‬with a public key. ‫مفتاح عام‬
 Web browsers use them to authenticate ‫ للمصادقة‬content sent from web
servers, ensuring trust in content delivered online.
 SSL/TLS certificates and cryptographic keys are crucial ‫ مهم‬in ensuring
secure connections and safeguarding ‫ حماية‬information during transmission.
However, even with robust ‫ قوي‬security measures.
 Client certificates tend to ‫ تميل إلى‬be used within private organizations to
authenticate requests to remote servers. ‫الى الخوادم البعيدة‬
 Whereas server certificates are more commonly known as TLS/SSL
certificates and are used to protect servers and web domains. ‫مجاالت الويب‬
 How to generate SSL certificate?
 Steps to generate a key and CSR.Configure ‫ تكوين‬a certificate for
multiple domain names.‫ألسماء النطاقات المتعددة‬
1. Set the Open SSL configuration environment variable (optional)‫متغير‬
)‫بيءة التكوين (أختيارى‬
2. Generate a key.
3. Create a certificate signing request (CSR) to send to a certificate
authority.
4. Send the CSR to a certificate authority to obtain an SSL certificate.

 How to use SSL?

To have the secure connection on the site, the following steps need to be
done:
 Purchase‫ شراء‬the SSL certificate.
 Activate it.
 Validate ‫التحقق من صحة‬the certificate - confirm the domain ownership
‫تأكيد ملكية المجال‬and verify business information (only for OV and EV
certificates)
 Install the certificate on the hosting server.

 How to detect SSL?

To check an SSL certificate on any website, all you need to do is follow
two simple steps:
1. First, check if the URL of the website begins with HTTPS, where S
indicates it has an SSL certificate.
2. Second, click on the padlock icon ‫رمز القفل‬on the address bar to check all
the detailed information related to the certificate.
 SSL Encryption Techniques

 There are two types of encryption in widespread ‫ واسع االنتشار‬use today:

o Symmetric encryption.
o Asymmetric encryption.
 The name derives ‫ يشتق‬from whether or not the same key is used for
encryption and decryption.
 SSL uses both symmetric and asymmetric encryption algorithms.
 SSL/TLS uses both asymmetric and symmetric encryption to protect the
confidentiality and integrity ‫ السرية والنزاهة‬of data-in-transit. ‫البيانات في‬
‫العبور‬
 Symmetric algorithms use the same key to encrypt and decrypt data.
 They are faster than asymmetric algorithms but can be insecure.
 Symmetric encryption is used to exchange ‫ للتبادل‬data within the secured
session.
 Asymmetric algorithms use a pair of keys.
 Asymmetric encryption is used to establish a secure session between a client
and a server.
 Most of today's SSL/TLS certificates offer 256-bit encryption strength.
 This is great as it's almost impossible to crack the standard 256-bit
cryptographic key.

 CSR:
 CSR (Certificate Signing Request) is an encoded message that contains
public key and other relevant information such as a common name,‫أسم‬
‫ شاءع‬locality ‫محلية‬and SAN (Storage Area Network) entries‫( ادخاالت‬if
applicable).
 [A storage area network (SAN) is a dedicated high-speed network ‫هى شبكة‬
‫مخصصة عالية السرعة‬or subnetwork that interconnects and presents shared
pools ‫حمامات مشتركة‬of storage devices to multiple servers. The availability
and accessibility‫ التوفر وامكانية الوصول‬of storage are critical concerns for
enterprise computing.] ‫المخاوف الحاسمة لحوسبة المؤسسات‬.

 The difference between SSL and SSH

 The key difference between SSH (Secure Socket Shell) ‫غالف المقبس اآلمن‬
vs. SSL is that:
o SSH is used for creating a secure tunnel ‫ نفق‬to another computer from

which you can issue commands, ‫ إصدار األوامر‬transfer data, etc.

o On the other end, SSL is used for securely transferring data between two

parties – it does not let you issue commands as you can with SSH.‫اليسمح‬
‫ لك بأصدار األوامر كم يمكنك مع‬SSH

 TLS (Transport Layer Security):

 SSL is now replaced with TLS.

 Is the up-to-date encryption protocol that is still being implemented online.

 A primary use case of TLS is encrypting the communication between web

applications and servers, such as web browsers loading a website.
 TLS encrypts data sent over the Internet to ensure that eavesdroppers
‫المتنصتون‬and hackers are unable to see what you transmit which is
particularly useful for private and sensitive information such as passwords,
credit card numbers, and personal correspondence.
 TLS protocol uses both asymmetric/public key and symmetric cryptography,
and new keys for symmetric encryption have to be generated for each
communication session. Such keys are called "session keys."
 TLS, is a widely adopted ‫ متبنى‬security protocol designed to facilitate
privacy and data security for communications over the Internet.

 The difference between SSL and TLS:

 However, SSL is an older technology that contains some security flaws.
 TLS is the upgraded version of SSL that fixes ‫يصلح‬existing SSL
vulnerabilities.
 TLS authenticates more efficiently and continues to support encrypted
communication channels.

 CA (Certificate authority):
 A certificate authority can help you prove that you own a digital entity ‫انك‬
‫تمتلك كيانا رقميا‬like a website or an email address.
 This same organization can issue ‫يمكن لهذة المنظمة نفسها ان‬
‫تصدر‬cryptographic keys used to protect information from hackers
‫المتسللين‬and other bad actors. ‫الجهات الفاعلة السيئة‬
 Some people use certificate authorities for human verification. ‫للتحقق‬
‫البشرى‬
 They help secure the internet for both organizations and users.
 The main goal of a CA is to verify the authenticity and trustworthiness
‫ الجدارة بالثقة‬of a website, domain ‫ ِاخِتصاص‬and organization so users know
exactly who they're communicating with online and whether that entity can
be trusted with their data.

 It is a trusted entity ‫ كيان موثوق به‬that issues SSL certificates. ‫الذي يصدر‬
‫ شهادات‬SSL.
 These digital certificates are data files used to cryptographically link ‫رابط‬
‫ التشفير‬an entity ‫ كيان‬with a public key. ‫مفتاح عام‬

 How does SSL certificate authority work?

 Website owners need to obtain an SSL certificate from a certificate
authority, and then install it on their web server
 A certificate authority is an outside party ‫طرف خارجى‬who can confirm
‫يتأكد‬that the website owner is who they say they are. ‫مالك الموقع هم من‬
‫يقولون انهم‬
 They keep a copy of the certificates they issue.‫اصدروها‬

 How do certificate authorities verify identity? ‫التحقق من الهوية‬

 The request includes your distinguished ‫ مميز‬name, your public key, and
your signature.
 A distinguished name (DN) is a unique identifier ‫ معرف فريد‬for each user
or host for which you are applying for a certificate.
 The CA checks your signature using your public key and performs some
level of verification of your identity.

 How do I get an SSL certificate for my website?

 You can purchase an SSL certificate and install it yourself or purchase ‫شراء‬
a managed SSL Service.
 If you do it on your own, you need to purchase the SSL and then: Go
through the process of requesting, verifying, downloading, installing,
redirecting HTTP traffic, and checking your SSL certificate installation.
 How to download SSL certificate?
Downloading an SSL certificate
 1. Sign in to PEM (Privacy Enhanced Mail) ‫بريد الخصوصية المعزز‬Partner
Repository as a Sponsor Administrator.
2. Click Directory. ...
3. Click Settings > Configurations > PEPPOL Certificates.
4. In the Actions column, select Certificate from the list for the appropriate
company.
5. Click the version for which you want to download the certificate.
[(Privacy Enhanced Mail) A standard for secure email on the Internet. It
supports encryption, digital signatures and digital certificates as well as
both private and public key methods]
 AES (Advanced Encryption Standard)
o AES is an algorithm that uses the same key to encrypt and decrypt protected
data.
o ) AES is preferable to use in SSL due to its faster encryption and decryption
speeds, making it suitable for encrypting large amounts of data. Secure
communications.
o AES 256-bit encryption is the strongest and most robust encryption standard
that is commercially available today.
 RSA (Rivest-Shamir-Adleman)
o RSA encryption is one of the oldest public-key cryptography systems,
but it's still widely used today.
o RSA key is a private key based on RSA algorithm.
o An RSA key pair includes a private and a public key.
o The RSA private key is used to generate digital signatures, and the RSA
public key is used to verify digital signatures.
 o RSA is typically used for key exchange in SSL/TLS protocols, ensuring a
secure channel for data transmission between clients and servers.

- Rigorous: ‫صارم‬
- Ultimately: ‫أخيرا‬
- Relies: ‫تعتمد‬
- Credentials: ‫أوراق اعتماد‬
- Identity: ‫هوية‬
- Malware: ‫البرمجيات الخبيثة‬
- Verify: ‫يؤكد‬
- Targets: ‫األهداف‬
- Issues: ‫مشاكل‬
- Padlock: ‫قفل‬
- Eavesdroppers: ‫المتنصتون‬