Securing .NET Web Services with SSL
How to Protect “Data in Transit” between Client and Remote Server
Application Security Series
|
|
Table of Contents Introduction Vulnerabilities Due To Insecure Communication Difference between SSL and TLS Securing Data Transmission with SSL Different Levels of Security Provided by SSL SSL Implementation Modes Server Certificate Only Server and Client Certificates SSL Certificates Certificate Issuing Methods Self-Signed Certificate Certificate Issued Using Self-Signed Root Certificate Certificate Issued through Local Certificate Authority Certificate Issued through Public Certificate Authority Test Certificates Server Test Certificates Creating Test Certificate Authority Creating Server Test Certificate for Specific Server Host Name Creating Server Test Certificate for localhost Creating Standalone Self-Signed Test Server Certificate (without CA Root) Obtaining Test Server Certificate from Public Certificate Authority Going to Production Client Test Certificate Creating Client Test Certificate using Root CA Certificate Implementing SSL on Server Web Server Configuration Server Application Configuration Server Application Code Changes Implementing SSL on Client Client Application Configuration Client Application Code Changes Additional Server Certificate Validations Performed by Client Testing Conclusion Resources |
|