SSL Certificates Tutorial

Tue 30 March 2021

TLS versus SSL

TLS (Transport Layer Security Layer) and SSL (Secure Sockets Layer) are protocols which provide secure communication. Both are cryptographic protocols which encrypt data and authenticate a connection when transfering date on the internet.

TLS is a more recent version of SSL, it is based on SSL and was developed in response to known vulnerabilities in SSLv3. SSL is the term commonly used, and generally refers to TLS.

How does it work?

When you install a SSL certificate on your web server, it includes a public key and a private key that authenticate your server and let your server encrypt and decrypt data.

Generate SSL cerficiates for localhost*

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
  printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

To find the available JDK packages available for your system you can use apt search, to install for example java-8 and java-11 JDK:

sudo apt install -y openjdk-8-jdk openjdk-11-jdk

You should now have both java versions intalled at /usr/lib/jvm. To list the available versions on your system run:

sudo update-alternatives --config java

You should now see the following:

There are 2 choices for the alternative java (providing /usr/bin/java).

  Selection    Path                                            Priority   Status
------------------------------------------------------------
  0            /usr/lib/jvm/java-11-openjdk-amd64/bin/java      1111      auto mode
  1            /usr/lib/jvm/java-11-openjdk-amd64/bin/java      1111      manual mode
* 2            /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java   1081      manual mode

Press <enter> to keep the current choice[*], or type selection number:

Usually simply selecting a java version from the provideded menu is sufficient, however in some situations a program might use an environment variable, e.g. JAVA_HOME, if this is the case, note that you need to update your .bashrc, i.e. provide export JAVA_HOME=/usr/lib/jvm/java-8-oracle.

Alternatively you can use a script to quickly switch between java versions:

sudo update-java-alternatives -s java-8-oracle
export JAVA_HOME=/usr/lib/jvm/java-8-oracle/
export PATH=$PATH:$JAVA_HOME

Category: Security