The document summarizes a presentation about using SSL with Joomla. It covers the basics of SSL, how to configure SSL in Joomla, and some advanced SSL topics. The presentation includes three parts that discuss the basics of SSL, using SSL with Joomla, and advanced SSL configuration options and techniques. It provides an overview of SSL certificates and encryption, as well as how to set SSL in Joomla and code to use SSL.
2. Myself
Co-founder of Yireo, loving both Joomla! as Magento
Developer of MageBridge, Dynamic404 (+ some more)
Author of Joomla! 1.5 templating book (2009, Dutch only)
Trainings for VMware ESX, HP-UX, Linux (<2007)
Trainings for Tibetan Government in Exile (TCRC)
Cycled from Holland to Spain (2012, 2500+ kms)
Favorite dish Ayam Percik (chicken in coconut-curry, Malay)
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
3. Joomla! & SSL
Part I - Basics of SSL
Part II - Usage in Joomla!
Part III - Advanced topics
Slides: http://slideshare.net/yireo
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
4. Part I
Basics of SSL
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
6. About HTTPS and SSL
HTTPS = HTTP Secure
SSL = Secure Socket Layer
Most common implementation is OpenSSL
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
7. SSL and encryption
Two types of encryption
Authentication of server (certificate)
Encryption of traffic (key-exchange)
Factors
Numbers of bits: 128, 256, 512, 1024, 2048
Ciphers: Diffie-Helman (cert), HMAC (TLS), SHA / MD5 (SSL)
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
8. Certificate Authorities (CA)
Root CAs = Trusted by your browser
Intermediate CAs = Trusted by Root CAs (used in chain)
Your certificate = Trusted by the commercial CAs
Self-signed certificate = Trusted by no one by you
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
9. What do you need?
SSL-certificate
CommonName (sometimes Chamber-of-Commerce check)
Is valid for 1 or multiple domainnames (wildcard)
Expires after a certain date
Vendors: GeoTrust, GlobalSign, Comodo, Thawte, TrustWave
Dedicated IP-address
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
10. Part II
Usage in Joomla!
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
12. What about partial SSL?
Enforce HTTPS on those pages needed
Enforce non-HTTPS (HTTP) on all other pages
Slight performance gain
Secure pages
Shop (VirtueMart, MageBridge, HikaShop, Tienda)
Contact-form
Forum-pages
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
17. Getting an official SSL-cert
Generate a private SSL-key + CSR
Use CSR to purchase a new SSL-certificate
Install the new SSL-certificate in your webserver
SSL-key
SSL-certificate
SSL Root CA certificate
SSL chain-certificate (optional) for intermediate CAs
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
18. Getting a self-signed SSL-cert
Generate a private SSL-key and a self-signed SSL-certificate
Install the new SSL-certificate in your webserver
SSL-key
SSL-certificate
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
22. Common Apache-directives
SSLEngine on
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-rootca.crt
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
23. Chain-workaround
Tip: Instead of using seperate files, you can also copy all SSLcertificates to 1 single certificate-file:
Personal SSL-certificate
Intermediate SSL-certificate 1
Intermediate SSL-certificate 2
Intermediate SSL-certificate 3
Root SSL-certificate
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
24. Extended Validation (EV)
Validation of your company by CA
Registry in Chamber of Commerce
Check for financial behaviour (outstanding payments)
Check for legal problems
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
25. Is SSL actually safe?
Hacking of CA-servers
DNS hijacking
Decryption-attacks (SSLstrip, BREACH)
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
26. TLS: Multiple certs with 1 IP
TLS Extension Server Name Indication (SNI)
Apache 2.2.12 >
OpenSSL 0.9.8j
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo
27. About SPDY and HTTP 2.0
SPDY
Developed by Google
Does not work without HTTPS (TLS)
Requires additional modules in webserver (Apache, Nginx)
HTTP 2.0
Using SPDY as starting point
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo