wiki:netsec2018apache

HTTPS with Self-Signed Certificates

In this Lab we will install a web server (Apache2) and enable https with the use of self-signed ssl certificates. Lab session has to be done in the ubuntu VM

Install Apache2

Apache is a web server application that is widely used in the internet for more than 20 years and it is a well-documented piece of Free and Open Source Software managed by Apache Foundation. (https://httpd.apache.org/)

Before installing we need to update our repositories. Therefore we will first add debian apache repo to our list and do a update on the list. Since we will be using sudo commands, It will ask you for your user's password as these processors will be granted root privileges.

sudo add-apt-repository ppa:ondrej/apache2

When Asked press ‘Enter’ to Continue. Once the ppa is imported do an update.

sudo apt-get update

Once the repo lists are updated run,

sudo apt-get install apache2

When asked press Y and hit Enter to continue, and the installation will proceed.

Check installed apache version details by issuing,

$ apache2 -v

Now go to your host machine. Open a web browser and type IP address of your Ubuntu VM. You will get the Apache default page.

Self-Signed Certificate

Use the following Command to create the certificate and the key

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt

You will be asked series of questions, answer them carefully

Country Name (2 letter code) [AU]:LK
State or Province Name (full name) [Some-State]:Kandy
Locality Name (eg, city) []:Peradeniya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst
Organizational Unit Name (eg, section) []:IT Team
Common Name (e.g. server FQDN orYOUR name) []:
Email Address []:info@yourname.ac.lk

Once finished, it will create two files in /etc/ssl. Private will be saved as apache_prv.key and certificate will be saved as apache_crt.crt

Configure apache

lets create virtual host files for the web

sudo nano /etc/apache2/sites-available/lab.conf

Include the following

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
         ServerAdmin admin@yourname.ac.lk
         DocumentRoot /var/www/html
         <Directory /var/www/html>
                  Require all granted
         </Directory>
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         SSLEngine on
         SSLCertificateFile      /etc/ssl/certs/apache_crt.crt
         SSLCertificateKeyFile /etc/ssl/private/apache_prv.key
         <FilesMatch "\.(cgi|shtml|phtml|php)$">
                  SSLOptions +StdEnvVars
         </FilesMatch>
         <Directory /usr/lib/cgi-bin>
                  SSLOptions +StdEnvVars
         </Directory>
         </VirtualHost>
</IfModule>

Now enable this site and ssl by

sudo a2enmod ssl
sudo a2ensite lab.conf

Try browsing from your host machine https://<IP address of the Ubuntu VM>, you will be warned about the untrusted connection as it is a self-signed authentication.

Last modified 17 months ago Last modified on Jun 13, 2018, 2:14:00 PM