Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
linux_wiki:configure_tls_security [2016/08/28 23:51] billdozor created |
linux_wiki:configure_tls_security [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure | + | ====== Configure |
**General Information** | **General Information** | ||
Line 7: | Line 7: | ||
---- | ---- | ||
- | ====== | + | ====== |
+ | |||
+ | The following virtual machines will be used: | ||
+ | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
+ | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
+ | |||
+ | **Previous Sections Completed** | ||
+ | * [[linux_wiki: | ||
+ | * Except leave listening on port 80/tcp | ||
+ | * [[linux_wiki: | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Create a Cert ====== | ||
Install require packages | Install require packages | ||
Line 15: | Line 28: | ||
\\ | \\ | ||
- | Create | + | Create |
<code bash> | <code bash> | ||
- | openssl genpkey | + | cat / |
</ | </ | ||
+ | * This line contains the syntax you are looking for: answers | / | ||
\\ | \\ | ||
- | Create | + | Create |
<code bash> | <code bash> | ||
- | openssl req -new -key testsite.example.com.key -out testsite.example.com.csr | + | openssl req -newkey rsa: |
</ | </ | ||
- | * Prompted for informational questions that will be used for domain ownership validation. | ||
- | * Completed CSR is sent to a certificate authority | ||
- | |||
- | ===== Self-Signed Cert ===== | ||
- | |||
- | If not sending the CSR to a certificate authority, you can create a self-signed cert. (Usually only for development systems or testing) | ||
\\ | \\ | ||
- | Self sign a CSR | + | Prompts from the openssl cert create |
<code bash> | <code bash> | ||
- | openssl x509 -req -days 365 -signkey testsite.example.com.key -in testsite.example.com.csr -out testsite.example.com.crt | + | Country Name (2 letter code) [XX]:US |
+ | State or Province Name (full name) []:Here | ||
+ | Locality Name (eg, city) [Default City]: | ||
+ | Organization Name (eg, company) [Default Company Ltd]:Ur Co | ||
+ | Organizational Unit Name (eg, section) []: | ||
+ | Common Name (eg, your name or your server' | ||
+ | Email Address []: | ||
</ | </ | ||
+ | * For the purposes of the lab, the ' | ||
---- | ---- | ||
Line 42: | Line 57: | ||
====== Configuring a Site with a TLS Certificate ====== | ====== Configuring a Site with a TLS Certificate ====== | ||
- | Edit virtual host file and add a tcp/443 listen entry | + | Edit virtual host file and add a tcp/443 listen entry for bluesite |
<code bash> | <code bash> | ||
- | vim / | + | vim / |
< | < | ||
- | ServerAdmin admin@myvhost.example.com | + | ServerAdmin admin@bluesite.example.com |
- | DocumentRoot / | + | DocumentRoot / |
- | ServerName | + | ServerName |
- | + | ||
- | SSLCertificateFile / | + | |
- | SSLCertificateKeyFile / | + | SSLCertificateFile / |
- | + | SSLCertificateKeyFile / | |
- | ErrorLog logs/myvhost-ssl-error_log | + | |
- | CustomLog logs/myvhost-ssl-access_log combined | + | ErrorLog logs/bluesite-ssl-error_log |
+ | CustomLog logs/blusite-ssl-access_log combined | ||
</ | </ | ||
</ | </ | ||
Line 75: | Line 91: | ||
Visit the secure site | Visit the secure site | ||
<code bash> | <code bash> | ||
- | https://testsite.example.com | + | https://bluesite.example.com |
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Redirect to TLS ====== | ||
+ | |||
+ | Redirect http to https. | ||
+ | |||
+ | \\ | ||
+ | Option 1: Using Redirect (**Apache documentation recommends this method**) | ||
+ | <code bash> | ||
+ | < | ||
+ | ServerName bluesite.example.com | ||
+ | |||
+ | Redirect / https:// | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Option 2: Using mod_rewrite | ||
+ | <code bash> | ||
+ | < | ||
+ | ServerName bluesite.example.com | ||
+ | |||
+ | RewriteEngine on | ||
+ | RewriteRule ^(/ | ||
+ | </ | ||
</ | </ | ||
---- | ---- | ||