While going through the manual of openssl, I thought it would be a good exercise to understand the signature verification process for educational purposes. As a fruit to my labor, I would also develop a simple script to automate the process.
OpenSSL is quite and extensive project. The docs for the
cli (openssl commands) gives you an overview on just how many things you can do with openssl. Knowing openssl is essential in the security field. I will use this post as a reference for frequent things I do with openssl and update it when needed.
Nginx is a great web server which offers very high performance with little resource consumption. This makes it ideal for docker containers, small embedded devices, or even just dealing with a ton of connections. I also often use Nginx’s powerful proxy capabilities. Nginx is one of those applications I use quite often, pretty much for anything related to
http(s). Having said that, it becomes very important for me to be able to deploy this in a secure manner.
Let’s Encrypt is awesome! This service allows you to automate the retrieval of as many valid TLS certificates as you wish, as long as you can “prove” that you own the domain. One of the first proofs that they offered was the
http-01 challenge. This proof works by essentially sending your domain a random
HTTP GET request string which your lets-encrypt client must receive and send back.