#SSL/TLS
Encryption for secure communications.
#TLS Versions
| Version | Status | Recommendation |
|---|---|---|
| SSL 2.0/3.0 | Deprecated | ❌ Never use |
| TLS 1.0/1.1 | Deprecated | ❌ Avoid |
| TLS 1.2 | Supported | ✅ Acceptable |
| TLS 1.3 | Current | ✅ Preferred |
#Certificate Management
#Generate Self-Signed Certificate
bash
1openssl req -x509 -nodes -days 365 \
2 -newkey rsa:2048 \
3 -keyout private.key \
4 -out certificate.crt#Generate CSR (Certificate Signing Request)
bash
openssl req -new -newkey rsa:2048 \
-nodes -keyout domain.key \
-out domain.csr#Let's Encrypt with Certbot
bash
1# Install
2sudo apt install certbot python3-certbot-nginx
3
4# Get certificate
5sudo certbot --nginx -d example.com
6
7# Renew
8sudo certbot renew#Verify Certificates
bash
1# Check certificate
2openssl s_client -connect example.com:443
3
4# View certificate details
5openssl x509 -in cert.crt -text -noout
6
7# Check expiration
8echo | openssl s_client -connect example.com:443 2>/dev/null | \
9 openssl x509 -noout -dates[!TIP] Pro Tip: Use Let's Encrypt for free, automated TLS certificates!