INVESTIGATION OF DIGITAL CERTIFICATES : Creation of self-signed certificate on Windows 8
Malygin, Evgeny (2014)
Malygin, Evgeny
Mikkelin ammattikorkeakoulu
2014
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2014052810627
https://urn.fi/URN:NBN:fi:amk-2014052810627
Tiivistelmä
The purpose of this study was to create a free of charge self-signed certificate for a local domain. Such certificate can be used for analysing and testing a web server, checking operability of a system with SSL certificate, etc. The use of such certificate gives an idea about all challenges of working with HTTPS protocol.
The practical part of this document includes all phases of creating a self-signed certificate on a local web server. It starts from installation webserver itself, DNS server and configuration of all parameters. The next step is creation of self-signed certificate on the server using OpenSSL and applying it to the web site. The last phase of the practical part is testing and analysis of the certificate in different browsers. The tests were analysed with Wireshark, as software for capturing packets during the transmission.
The results of the project have shown that a self-signed certificate encrypts the transmitting data using HTTPS protocol. Despite the fact that certificate works as a normal certificate, issued by Trusted Certificate Authority, and vulnerabilities were not found, it has limited implementation. First of all it should not be used for web services with critical data (banks, on-line stores, money exchange, etc.), because it does not provide identity of the server and visitors could easily become a victim of a man-in-the-middle attack.
The material contained in this project can be successfully used for education purposes, practical usage of SSL certificates and for web development.
The practical part of this document includes all phases of creating a self-signed certificate on a local web server. It starts from installation webserver itself, DNS server and configuration of all parameters. The next step is creation of self-signed certificate on the server using OpenSSL and applying it to the web site. The last phase of the practical part is testing and analysis of the certificate in different browsers. The tests were analysed with Wireshark, as software for capturing packets during the transmission.
The results of the project have shown that a self-signed certificate encrypts the transmitting data using HTTPS protocol. Despite the fact that certificate works as a normal certificate, issued by Trusted Certificate Authority, and vulnerabilities were not found, it has limited implementation. First of all it should not be used for web services with critical data (banks, on-line stores, money exchange, etc.), because it does not provide identity of the server and visitors could easily become a victim of a man-in-the-middle attack.
The material contained in this project can be successfully used for education purposes, practical usage of SSL certificates and for web development.