Sponsored by

Thursday, May 1, 2008

Configure SSL on Linux

3:52 AM  Bejata Todd  No comments

Do the following:
1. From the terminal window (as root), create the file random byentering the following:
cat /dev/random > /tmp/random
2. Press some keys on the keyboard to generate random events which help tocreate the file.
3. Stop the process after about 15 seconds by pressing Ctrl+C.
4. Generate a server key by entering the following (on one line):
openssl genrsa -des3 -out /tmp/account.key-rand /tmp/random 1024
5. When prompted for a pass phrase, enter linux (twice).
6. Sign the key by entering the following (on one line):
openssl req -new -x509 -key /tmp/account.key-out /tmp/account.crt
7. When prompted for a pass phrase, enter novell; then enter thefollowing information:
8. Copy the files by entering the followingcommands:
cp /tmp/account.key /etc/apache2/ssl.key/cp /tmp/account.crt /etc/apache2/ssl.crt/
9. Delete the temporary files by entering the following:
rm /tmp/account*
10. Adjust the file system permissions by entering the followingcommands:
chmod 400 /etc/apache2/ssl.key/account.key
chmod 400 /etc/apache2/ssl.crt/account.crt
11. Open the file /etc/apache2/vhosts.d/accounting.conf in a text editor, and change the following lines:
www.account.com to
www.account.com:443 > and
ServerName www.account.com:80 to ServerName www.account.com:443
12. Add the following lines after the ServerName directive:
SSLEngine on
SSLCipherSuiteALL:ADH:EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULLSSL
CertificateFile /etc/apache2/ssl.crt/account.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/account.key
The lines starting with SSLCipherSuite, ALL:, and LOW:should be on one line.
13. Save and close the file.
14. Open the file /etc/sysconfig/apache2 in a text editor, and change the following lines:
APACHE_SERVER_FLAGS=”SSL”
APACHE_START_TIMEOUT=”10”
15. Save and close the file.
16. From the terminal window, check the syntax of the configuration file by entering the following:
apache2ctl configtest
17. Restart Apache by entering the following:
rcapache2 restart
18. When prompted for the pass phrase, enter linux. When prompted for the pass phrase, enter linux.
Configure a Web Application Server.
19. As the pass phrase has to be entered every time the server starts, you can prevent the server from being started automatically at boot by entering the following:
insserv -r apache2
20. From the Firefox browser, enter the following:
https://www.account.com
As the certificate used in this exercises is self-signed, the browser displays a warning.
21. In the warning dialogs, select Continue and Forever to view theweb site.
22. In the login dialog, enter a username of geeko with a password of linux.
23. After the page displays, close the Firefox browser and all other open windows.

Posted in: ,

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More