Friday, March 19, 2010

Misc 4

(This uses the topology found in Misc 3)
Now I'll be moving on to web-servers. We'll first set up basic HTTP, then move on to HTTPS. We'll need to install apache2 web-server through:
apt-get install apache2

The web-server should be functional upon installation so it's not too much configuration going on here. HTTP stands for Hyper-Text Transfer Protocol. It listens to TCP port 80, and it is an application layer protocol. When you browse to localhost, you should see a message that says "It works!". The file shown is actually stored in /var/www/.

After you fiddle around with the index.html file, it's time to begin the real work of securing the web access through HTTPS. HTTPS listens to TCP port 443. The 'S' in HTTPS means Secure. This security is provided through SSL/TLS, so you will need to install openssl if you haven't:
apt-get install openssl

Now we'll need to use a provided script to generate an RSA keypair for use in apache2. The script generates the keypair in the directory it's being invoked from, so create an "ssl" folder in /etc/apache2/ and type:
/usr/lib/ssl/misc/CA.pl -newcert

Fill in the information as accurately as possible. Do not forget the PEM pass phrase because you'll need it every time you start your web-server. After the wizard, you should have two files: newcert.pem (Public) and newkey.pem (Private)

Before we assign the keys, we'll need to enable the SSL module. By default apache2 only listens to port 80. To enable the SSL module, use the Apache 2 Enable Module command:
a2enmod ssl

You'll should have a default-ssl file in sites-available. That is the file you need to use to specify the certificate. It also contains various parameters for SSL. Modify the file so that the lines containing "SSLCertificateFile" and "SSLCertificateKeyFile" look like:
SSLCertificateFile ssl/newcert.pem
SSLCertificateKeyFile ssl/newkey.pem

Now you'll need to enable the sites using:

Doing so will enable both HTTP and HTTPS access. To allow only one, use a2dissite to disable.

No comments :

Post a Comment