| 1 | = HTTPS with Self-Signed Certificates = |
| 2 | |
| 3 | In this Lab we will install a web server (Apache2) and enable https with the use of self-signed ssl certificates. Lab session has to be done in the ubuntu VM |
| 4 | |
| 5 | == Install Apache2 == |
| 6 | |
| 7 | Apache is a web server application that is widely used in the internet for more than 20 years and it is a well-documented piece of Free and Open Source Software managed by Apache Foundation. |
| 8 | (https://httpd.apache.org/) |
| 9 | |
| 10 | Before installing we need to update our repositories. Therefore we will first add debian apache repo to our list and do a update on the list. Since we will be using sudo commands, It will ask you for your user's password as these processors will be granted root privileges. |
| 11 | {{{ |
| 12 | sudo add-apt-repository ppa:ondrej/apache2 |
| 13 | }}} |
| 14 | |
| 15 | When Asked press ‘Enter’ to Continue. Once the ppa is imported do an update. |
| 16 | {{{ |
| 17 | sudo apt-get update |
| 18 | }}} |
| 19 | |
| 20 | Once the repo lists are updated run, |
| 21 | {{{ |
| 22 | sudo apt-get install apache2 |
| 23 | }}} |
| 24 | |
| 25 | When asked press '''Y''' and hit '''Enter''' to continue, and the installation will proceed. |
| 26 | |
| 27 | Check installed apache version details by issuing, |
| 28 | {{{ |
| 29 | $ apache2 -v |
| 30 | }}} |
| 31 | |
| 32 | Now go to your host machine. Open a web browser and type IP address of your Ubuntu VM. You will get the Apache default page. |
| 33 | |
| 34 | == Self-Signed Certificate == |
| 35 | |
| 36 | Use the following Command to create the certificate and the key |
| 37 | {{{ |
| 38 | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt |
| 39 | }}} |
| 40 | You will be asked series of questions, answer them carefully |
| 41 | {{{ |
| 42 | Country Name (2 letter code) [AU]:LK |
| 43 | State or Province Name (full name) [Some-State]:Kandy |
| 44 | Locality Name (eg, city) []:Peradeniya |
| 45 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst |
| 46 | Organizational Unit Name (eg, section) []:IT Team |
| 47 | Common Name (e.g. server FQDN orYOUR name) []: |
| 48 | Email Address []:info@yourname.ac.lk |
| 49 | }}} |
| 50 | Once finished, it will create two files in /etc/ssl. Private will be saved as apache_prv.key and certificate will be saved as apache_crt.crt |
| 51 | |
| 52 | == Configure apache == |
| 53 | |
| 54 | lets create virtual host files for the web |
| 55 | {{{ |
| 56 | sudo nano /etc/apache2/sites-available/lab.conf |
| 57 | }}} |
| 58 | |
| 59 | Include the following |
| 60 | {{{ |
| 61 | <IfModule mod_ssl.c> |
| 62 | <VirtualHost _default_:443> |
| 63 | ServerAdmin admin@yourname.ac.lk |
| 64 | DocumentRoot /var/www/html |
| 65 | <Directory /var/www/html> |
| 66 | Require all granted |
| 67 | </Directory> |
| 68 | ErrorLog ${APACHE_LOG_DIR}/error.log |
| 69 | CustomLog ${APACHE_LOG_DIR}/access.log combined |
| 70 | SSLEngine on |
| 71 | SSLCertificateFile /etc/ssl/certs/apache_crt.crt |
| 72 | SSLCertificateKeyFile /etc/ssl/private/apache_prv.key |
| 73 | <FilesMatch "\.(cgi|shtml|phtml|php)$"> |
| 74 | SSLOptions +StdEnvVars |
| 75 | </FilesMatch> |
| 76 | <Directory /usr/lib/cgi-bin> |
| 77 | SSLOptions +StdEnvVars |
| 78 | </Directory> |
| 79 | </VirtualHost> |
| 80 | </IfModule> |
| 81 | }}} |
| 82 | |
| 83 | Now enable this site and ssl by |
| 84 | {{{ |
| 85 | sudo a2enmod ssl |
| 86 | sudo a2ensite web1-ssl.conf |
| 87 | }}} |
| 88 | |
| 89 | Try browsing from your host machine https://<IP address of the Ubuntu VM>, you will be warned about the untrusted connection as it is a self-signed authentication. |