OpenSSL Cheat Sheet v1.1

I have released a new OpenSSL Cheat Sheet version. The version 1.1.

You can download the PDF here: https://albertx.mx/wp-content/uploads/2020/07/The-OpenSSL-Cheat-Sheet-v1.1.pdf

or access the online version, here: https://cheatography.com/albertx/cheat-sheets/openssl/

Release notes for version 1.1:

  • Inclusion of openssl command for generating random bytes specifying bytes of length for random data, in “Basics” section.
  • Added the command for displaying digital certificates information in Abstract Sintax Notation One, in “Digital Certificates” section.
  • Inclusion of command for generating a hash with its output in bytes, instead of hex encoding. This command is under “working with hashes” section.

TLS Server Certificate Management NIST Publication

Yesterday The National Institute of Standards and Technology released a new Special Publication ( SP 1800 – 16 ), guideline style, addressing security best practices and recommendations for managing almost everything around TLS and digital certificates.

This extraordinary guideline was written in collaboration with Digicert, Venafi, Thales, F5, MITRE, Symantec. All of them well known technology and security companies around the world.

The document has 4 different parts:

  1. An Executive Summary
  2. Security Risks and Recommended Best Practices
  3. Approach, Architecture and Security Characteristics
  4. How-to Guides.

This is a must for the administration of large-scale TLS server certificates, how to establish a formal TLS certificate management program and it also enumerates all elements that should be considered for inclusion in such a program.

It addresses some specific challenges like: The automatic renewal of digital certificates in production environments, working with DevOps and TLS certificates, implementing an architecture to be protected of attacks hidden in TLS connection tunnels, recommendations for key-lenght, signing algorithms, validity periods in digital certificates, recommendation for crypto-agility (a very popular topic in cryptography these days) and much more.

You can download the complete document directly from its site:

https://www.nist.gov/publications/securing-web-transactions-tls-server-certificate-management