For all its warts, OpenSSL is one of the most successful and most important open source projects. It’s successful because it’s so widely used; it’s important because the security of large parts of the Internet infrastructure relies on it. The project consists of a high-performance implementation of key cryptographic algorithms, a complete TLS and PKI stack, and a command-line toolkit. I think it’s safe to say that if your job has something to do with security, web development, or system administration, you can’t avoid having to deal with OpenSSL on at least some level. The majority of the Internet is powered by open source products, and most of them rely on OpenSSL.

This book focuses on the command-line aspects of OpenSSL. Chapter 1, OpenSSL Command Line, will help users who need to perform routine tasks of key and certificate generation, and configure programs that rely on OpenSSL for TLS functionality. This chapter also discusses how to create a complete private CA, which is useful for development and similar internal environments. Chapter 2, Testing TLS with OpenSSL, focuses on server security testing using OpenSSL. Although sometimes time consuming, this type of low-level testing can’t be avoided when you wish to know exactly what’s going on.

Both chapters are borrowed from my larger work, called Bulletproof TLS and PKI. In fact, I started to write that book by first writing the OpenSSL chapters, releasing them as OpenSSL Cookbook in 2013. I wanted to do this because there is a serious lack of good and up to date documentation. As is often true complex and long-lived projects, the OpenSSL documentation you can find across the Internet is often wrong and outdated.