Eric Rescorla's book SSL and TLS is a good start. There are many online references and tutorials, but I can't say I've found any I'm especially fond of. SSL and TLS is now quite old (unless he's written a new edition; the one I have is from 2001), but TLS 1.2 is not so terribly different from 1.0 as to make the book misleading. Basically the past fourteen years have seen some protocol tweaks and suites with new cryptographic primitives (ciphers, digests, combining modes, etc). These have important security ramifications but don't introduce major new conceptual matters.
To answer your specific question below: certificates are not called certificate requests. Those are two different things. A certificate request is a message sent to a CA asking it to generate a signed certificate. ________________________________ From: openssl-users [openssl-users-boun...@openssl.org] on behalf of Lion Kimbro [lionkim...@gmail.com] Sent: Friday, February 27, 2015 1:23 PM To: openssl-users@openssl.org Subject: [openssl-users] Getting General SSL Help Hello, thank you. I'm wondering: Where can I go to get answers to basic questions about SSL? I've been learning about SSL while using OpenSSL to make SSL certificates for work, and I have a lot of questions. For example, one of my questions is: "Why are certificates called certificate requests?" I would think that a request for a certificate would be a message on the order of [a machine encoded:] "Hello would you please send me your certificate?", or "Hello, would you please send me your certificate for example.net<http://example.net>?" Instead, I find that a certificate request (crt) is an actual certificate file? I'm having difficulty finding in my research, answers to basic questions like this. What's a good forum on the Internet for finding answers to more fundamental SSL questions like this? Thank you, Lion Kimbro Click here<https://www.mailcontrol.com/sr/MZbqvYs5QwJvpeaetUwhCQ==> to report this email as spam. This message has been scanned for malware by Websense. www.websense.com
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
