The document summarizes a presentation about using SSL with Joomla. It covers the basics of SSL, how to configure SSL in Joomla, and some advanced SSL topics. The presentation includes three parts that discuss the basics of SSL, using SSL with Joomla, and advanced SSL configuration options and techniques. It provides an overview of SSL certificates and encryption, as well as how to set SSL in Joomla and code to use SSL.

1. Joomla! & SSL
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

2. Myself
Co-founder of Yireo, loving both Joomla! as Magento
Developer of MageBridge, Dynamic404 (+ some more)
Author of Joomla! 1.5 templating book (2009, Dutch only)
Trainings for VMware ESX, HP-UX, Linux (<2007)
Trainings for Tibetan Government in Exile (TCRC)
Cycled from Holland to Spain (2012, 2500+ kms)
Favorite dish Ayam Percik (chicken in coconut-curry, Malay)
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

3. Joomla! & SSL
Part I - Basics of SSL
Part II - Usage in Joomla!
Part III - Advanced topics
Slides: http://slideshare.net/yireo
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

4. Part I
Basics of SSL
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

5. Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

6. About HTTPS and SSL
HTTPS = HTTP Secure
SSL = Secure Socket Layer
Most common implementation is OpenSSL
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

7. SSL and encryption
Two types of encryption
Authentication of server (certificate)
Encryption of traffic (key-exchange)
Factors
Numbers of bits: 128, 256, 512, 1024, 2048
Ciphers: Diffie-Helman (cert), HMAC (TLS), SHA / MD5 (SSL)
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

8. Certificate Authorities (CA)
Root CAs = Trusted by your browser
Intermediate CAs = Trusted by Root CAs (used in chain)
Your certificate = Trusted by the commercial CAs
Self-signed certificate = Trusted by no one by you
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

9. What do you need?
SSL-certificate
CommonName (sometimes Chamber-of-Commerce check)
Is valid for 1 or multiple domainnames (wildcard)
Expires after a certain date
Vendors: GeoTrust, GlobalSign, Comodo, Thawte, TrustWave
Dedicated IP-address
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

10. Part II
Usage in Joomla!
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

11. Joomla! Global Configuration
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

12. What about partial SSL?
Enforce HTTPS on those pages needed
Enforce non-HTTPS (HTTP) on all other pages
Slight performance gain
Secure pages
Shop (VirtueMart, MageBridge, HikaShop, Tienda)
Contact-form
Forum-pages
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

13. Yireo SSLRedirect plugin
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

14. SSL in your code
Using the // protocol-prefix
//domain/path/ (instead of https://domain/path/)
Simply use Joomla! calls
JHTML::stylesheet() / JHTML::script()
$document = JFactory::getDocument()
JRoute::_()
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

15. Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

16. Part III
Advanced Topics
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

17. Getting an official SSL-cert
Generate a private SSL-key + CSR
Use CSR to purchase a new SSL-certificate
Install the new SSL-certificate in your webserver
SSL-key
SSL-certificate
SSL Root CA certificate
SSL chain-certificate (optional) for intermediate CAs
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

18. Getting a self-signed SSL-cert
Generate a private SSL-key and a self-signed SSL-certificate
Install the new SSL-certificate in your webserver
SSL-key
SSL-certificate
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

19. Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

20. Installing the SSL-cert
Apache
Nginx
Control panels
DirectAdmin
Plesk
CPanel
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

21. OpenSSL commands
Generate a private SSL-key + CSR
openssl req -out foobar.csr -pubkey -new -keyout foobar.key
Inspect a certificate
openssl x509 -inform pem -in foobar.crt -noout -text
Creating a self-signed certificate
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
foobar.key -out foobar.crt
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

22. Common Apache-directives
SSLEngine on
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-rootca.crt
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

23. Chain-workaround
Tip: Instead of using seperate files, you can also copy all SSLcertificates to 1 single certificate-file:
Personal SSL-certificate
Intermediate SSL-certificate 1
Intermediate SSL-certificate 2
Intermediate SSL-certificate 3
Root SSL-certificate
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

24. Extended Validation (EV)
Validation of your company by CA
Registry in Chamber of Commerce
Check for financial behaviour (outstanding payments)
Check for legal problems
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

25. Is SSL actually safe?
Hacking of CA-servers
DNS hijacking
Decryption-attacks (SSLstrip, BREACH)
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

26. TLS: Multiple certs with 1 IP
TLS Extension Server Name Indication (SNI)
Apache 2.2.12 >
OpenSSL 0.9.8j
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

27. About SPDY and HTTP 2.0
SPDY
Developed by Google
Does not work without HTTPS (TLS)
Requires additional modules in webserver (Apache, Nginx)
HTTP 2.0
Using SPDY as starting point
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo

28. thanks
Presentation “Joomla! and SSL” - http://slideshare.net/yireo
Jisse Reitsma (jisse@yireo.com) - Twitter @yireo