Tls¶
43 cards — 🟢 8 easy | 🟡 11 medium | 🔴 9 hard
🟢 Easy (8)¶
1. What is a certificate chain and why must the server send intermediate certificates?
Show answer
A certificate chain goes: Root CA (trusted by OS) -> Intermediate CA -> Leaf/Server cert. The server must send the leaf plus intermediates because the client only has root CAs in its trust store. Missing intermediates is the #1 cause of "works in browser but fails in curl."2. How do you test a TLS connection and view the certificate chain using openssl?
Show answer
openssl s_client -connect example.com:443 -servername example.com. This shows the full TLS handshake, certificate chain, negotiated cipher, and TLS version. Add 2>/dev/null | openssl x509 -text -noout to see certificate details.Remember: "TLS handshake: ClientHello → ServerHello → Certificate → Key Exchange → Finished." TLS 1.3 reduced this to one round trip.
3. How do you check when a TLS certificate expires?
Show answer
openssl x509 -in cert.pem -enddate -noout (local file). For a remote server: echo | openssl s_client -connect host:443 2>/dev/null | openssl x509 -enddate -noout.Remember: "TLS 1.2 = minimum acceptable today. TLS 1.3 = preferred." TLS 1.0 and 1.1 are deprecated since 2020.
4. What is the ACME protocol and how does it enable automated certificate issuance?
Show answer
ACME (Automatic Certificate Management Environment) is the protocol behind Let's Encrypt. The client proves domain ownership via challenges: HTTP-01 (place a file at /.well-known/acme-challenge/), DNS-01 (create a TXT record), or TLS-ALPN-01. After verification, the CA issues a signed certificate. DNS-01 is required for wildcard certificates and works even when the server is not publicly accessible.5. What are the common TLS certificate file formats and how do you convert between them?
Show answer
PEM (.pem, .crt): Base64-encoded, most common on Linux. DER (.der, .cer): binary format, used by Java and Windows. PKCS#12 (.p12, .pfx): bundles cert + key + chain, password-protected.Convert PEM to DER: openssl x509 -in cert.pem -outform DER -out cert.der
Convert PEM to PKCS#12: openssl pkcs12 -export -in cert.pem -inkey key.pem -out bundle.p12
6. What is a certificate chain and what are its three levels?
Show answer
Root CA (self-signed, in trust store) signs an Intermediate CA, which signs the Server Certificate. The client verifies the chain upward to a trusted root.Remember: "HSTS tells browsers to always use HTTPS." Header: Strict-Transport-Security: max-age=31536000.
Gotcha: HSTS is hard to undo — start with a short max-age while testing.
7. What is a SAN (Subject Alternative Name) and why is it preferred over CN?
Show answer
SAN lists additional identities (domains, IPs) a certificate is valid for. Modern browsers require SAN; CN alone causes NET::ERR_CERT_COMMON_NAME_INVALID errors.Remember: "SNI = Server Name Indication." It lets multiple HTTPS sites share one IP. The client sends the hostname in the TLS handshake.
8. How do you check a remote server's certificate expiry date from the command line?
Show answer
echo | openssl s_client -connect app.example.com:443 -servername app.example.com 2>/dev/null | openssl x509 -noout -datesRemember: "OCSP = Online Certificate Status Protocol." It checks if a cert is revoked. OCSP stapling lets the server include the check.
🟡 Medium (11)¶
1. What are the main steps of a TLS 1.2 handshake?
Show answer
1. ClientHello (client sends supported versions, ciphers, SNI). 2. ServerHello (server picks version, cipher). 3. Certificate (server sends cert chain). 4. Key Exchange (both sides). 5. ChangeCipherSpec (switch to encrypted). 6. Finished (handshake complete). TLS 1.3 reduces this to 1 round trip.Remember: "Certificate chain: leaf → intermediate → root CA." Browsers trust roots; servers send leaf + intermediates.
Gotcha: Missing intermediate certificates cause "untrusted" errors on some clients.
2. What four algorithms does a TLS cipher suite define?
Show answer
Key Exchange (RSA, ECDHE, DHE), Authentication (RSA, ECDSA), Encryption (AES-GCM, ChaCha20), and MAC/integrity (SHA256, SHA384). Example: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. Modern configs should avoid RC4, 3DES, CBC mode, and static RSA key exchange.Remember: "Let's Encrypt = free, automated TLS certificates." Uses ACME protocol. Certs expire every 90 days — automate renewal.
3. What is SNI and why does it matter for TLS debugging?
Show answer
SNI (Server Name Indication) sends the requested hostname during the TLS handshake, allowing servers to present the correct certificate for each domain on shared hosting. Without SNI (-servername flag in openssl), you may get the wrong certificate.Gotcha: Certificate expiry is the #1 TLS outage cause. Monitor with: openssl s_client -connect host:443.
Remember: "Set calendar reminders or automate renewal. Expired certs = outage."
4. What is the difference between CN and SAN in a certificate, and which takes precedence?
Show answer
CN (Common Name) is the legacy hostname field in the Subject. SAN (Subject Alternative Name) is the modern field supporting multiple hostnames and wildcards. SANs take precedence; modern browsers require SANs and ignore CN. Check with: openssl x509 -text -noout | grep -A1 "Subject Alternative Name".5. What is mTLS and when would you use it?
Show answer
mTLS (mutual TLS) requires both client and server to present certificates and verify each other. Standard TLS only verifies the server. Use mTLS for service-to-service communication in zero-trust networks, API authentication, and microservice mesh (e.g., Istio uses mTLS by default). The client needs its own certificate signed by a CA the server trusts, adding certificate lifecycle management overhead.6. What is certificate pinning and why has it fallen out of favor?
Show answer
Certificate pinning hardcodes the expected certificate or public key hash in the client, rejecting any other certificate even if validly signed. It prevents CA compromise attacks but creates operational nightmares: a pinned certificate rotation requires client updates. If the pin expires before clients update, the service becomes unreachable. HPKP (HTTP Public Key Pinning) was deprecated by browsers in 2018 due to these risks.7. What is OCSP stapling and why is it preferred over standard OCSP?
Show answer
Standard OCSP requires the client to contact the CA's OCSP responder to check if a certificate is revoked, adding latency and leaking browsing history. With OCSP stapling, the server periodically fetches a signed OCSP response from the CA and includes ("staples") it in the TLS handshake. This is faster, more private, and eliminates the single-point-of-failure of the OCSP responder being down.8. How does cert-manager automate TLS in Kubernetes?
Show answer
cert-manager watches Certificate custom resources, requests certificates from a configured Issuer (Let's Encrypt, internal CA, etc.), stores them in Kubernetes Secrets, and auto-renews before expiry using the renewBefore field.Remember: "PEM = base64 text format, DER = binary format." Most tools use PEM (.pem, .crt, .key files).
9. What is the role of a CSR (Certificate Signing Request) in certificate issuance?
Show answer
A CSR contains the public key and identity information (CN, SAN) and is sent to a CA for signing. The CA validates the request and returns a signed certificate. The private key never leaves the requestor.Remember: "Self-signed certs work for encryption but not trust." Browsers show warnings because no CA vouches for the identity.
10. What is mTLS and when is it used?
Show answer
Mutual TLS requires both client and server to present certificates for authentication. It is used for service-to-service communication where both sides must prove identity, common in service meshes and internal APIs.Remember: "mTLS = both sides present certificates." Server authenticates client AND client authenticates server. Used in service meshes and zero-trust.
11. What is the correct sequence for manual certificate rotation in Kubernetes?
Show answer
1) Generate new certificate, 2) Update the K8s Secret, 3) Trigger rollout restart of pods using the cert, 4) Verify new cert is served, 5) Revoke the old certificate.Remember: "Cipher suite = key exchange + authentication + encryption + MAC." Weak suites (RC4, 3DES) must be disabled.
🔴 Hard (9)¶
1. How do you diagnose and fix "unable to verify the first certificate" in openssl?
Show answer
This error means the server is not sending intermediate certificates, so the chain cannot be verified. Fix: concatenate the leaf cert and intermediate(s) into a single file (cat server.crt intermediate.crt > fullchain.pem) and configure the server to use fullchain.pem.2. What security improvements does TLS 1.3 provide over TLS 1.2?
Show answer
TLS 1.3 removes insecure ciphers (RC4, 3DES, static RSA key exchange), allows only AEAD ciphers (AES-GCM, ChaCha20-Poly1305), reduces handshake to 1-RTT (or 0-RTT for resumed sessions), and combines key exchange with authentication for a faster, more secure handshake.3. How do you obtain and auto-renew TLS certificates with Let's Encrypt?
Show answer
Obtain: certbot certonly --webroot -w /var/www/html -d example.com. Test renewal: certbot renew --dry-run. Auto-renew: enable the systemd timer (systemctl enable certbot-renew.timer) or add a cron job. Certificates are valid for 90 days; certbot renews at 30 days remaining.4. How do cipher suites differ between TLS 1.2 and TLS 1.3?
Show answer
TLS 1.2 has ~37 cipher suites mixing key exchange, authentication, encryption, and MAC. TLS 1.3 reduced this to 5 suites: only AEAD ciphers (AES-128-GCM, AES-256-GCM, ChaCha20-Poly1305) with separate key exchange negotiation. TLS 1.3 removed RSA key exchange (no forward secrecy), CBC mode (padding oracle attacks), RC4, 3DES, and SHA-1. This simplification eliminates entire classes of vulnerabilities.5. What are the most useful openssl s_client flags for debugging TLS issues?
Show answer
-connect host:port (basic connection)-servername host (SNI, critical for shared hosting)
-showcerts (display full certificate chain)
-verify_return_error (fail on verification error)
-CAfile /path/to/ca.pem (custom CA bundle)
-tls1_2 or -tls1_3 (force specific version)
-cipher or -ciphersuites (test specific ciphers)
Combine with | openssl x509 -text -noout to decode the certificate details.
6. What is forward secrecy and why is ECDHE required for it?
Show answer
Forward secrecy ensures that compromising the server's long-term private key does not compromise past session keys. ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) generates a unique key pair per session. Even if the server key is later stolen, past traffic cannot be decrypted. Static RSA key exchange lacks forward secrecy because the same server key decrypts all sessions. TLS 1.3 mandates forward secrecy by only allowing ephemeral key exchange.7. What are HTTP-01 and DNS-01 ACME challenge types, and when would you use each?
Show answer
HTTP-01 proves domain ownership by serving a token on port 80 — simple but requires public HTTP access. DNS-01 proves ownership via a DNS TXT record — works for wildcard certs and when port 80 is not accessible, but requires DNS API access.8. What does the error "x509: certificate signed by unknown authority" mean and how do you fix it?
Show answer
The client does not trust the CA that signed the server certificate. Fix by adding the CA certificate to the client's trust store, or by using a well-known public CA. In Kubernetes, this often means distributing the internal CA cert to all consuming pods.9. What is the difference between an Issuer and a ClusterIssuer in cert-manager?