Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:configure_tls_security [2016/09/27 23:35] billdozor |
linux_wiki:configure_tls_security [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 4: | Line 4: | ||
Configuring TLS security (certificates). | Configuring TLS security (certificates). | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Lab Setup ====== | ||
+ | |||
+ | The following virtual machines will be used: | ||
+ | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
+ | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
+ | |||
+ | **Previous Sections Completed** | ||
+ | * [[linux_wiki: | ||
+ | * Except leave listening on port 80/tcp | ||
+ | * [[linux_wiki: | ||
---- | ---- | ||
Line 17: | Line 30: | ||
Create a key and certificate with openssl - check syntax | Create a key and certificate with openssl - check syntax | ||
<code bash> | <code bash> | ||
- | cat / | + | cat / |
</ | </ | ||
* This line contains the syntax you are looking for: answers | / | * This line contains the syntax you are looking for: answers | / | ||
Line 24: | Line 37: | ||
Create a key and certificate with openssl | Create a key and certificate with openssl | ||
<code bash> | <code bash> | ||
- | openssl req -newkey rsa:2048 -keyout / | + | openssl req -newkey rsa:2048 -keyout / |
</ | </ | ||
+ | |||
+ | \\ | ||
+ | Prompts from the openssl cert create | ||
+ | <code bash> | ||
+ | Country Name (2 letter code) [XX]:US | ||
+ | State or Province Name (full name) []:Here | ||
+ | Locality Name (eg, city) [Default City]:Right | ||
+ | Organization Name (eg, company) [Default Company Ltd]:Ur Co | ||
+ | Organizational Unit Name (eg, section) []: | ||
+ | Common Name (eg, your name or your server' | ||
+ | Email Address []: | ||
+ | </ | ||
+ | * For the purposes of the lab, the ' | ||
---- | ---- | ||
Line 31: | Line 57: | ||
====== Configuring a Site with a TLS Certificate ====== | ====== Configuring a Site with a TLS Certificate ====== | ||
- | Edit virtual host file and add a tcp/443 listen entry | + | Edit virtual host file and add a tcp/443 listen entry for bluesite |
<code bash> | <code bash> | ||
- | vim / | + | vim / |
< | < | ||
- | ServerAdmin admin@myvhost.example.com | + | ServerAdmin admin@bluesite.example.com |
- | DocumentRoot / | + | DocumentRoot / |
- | ServerName | + | ServerName |
- | + | ||
- | SSLCertificateFile / | + | |
- | SSLCertificateKeyFile / | + | SSLCertificateFile / |
- | + | SSLCertificateKeyFile / | |
- | ErrorLog logs/myvhost-ssl-error_log | + | |
- | CustomLog logs/myvhost-ssl-access_log combined | + | ErrorLog logs/bluesite-ssl-error_log |
+ | CustomLog logs/blusite-ssl-access_log combined | ||
</ | </ | ||
</ | </ | ||
Line 64: | Line 91: | ||
Visit the secure site | Visit the secure site | ||
<code bash> | <code bash> | ||
- | https://testsite.example.com | + | https://bluesite.example.com |
</ | </ | ||
Line 73: | Line 100: | ||
Redirect http to https. | Redirect http to https. | ||
- | Using mod_rewrite | + | \\ |
+ | Option 1: Using Redirect (**Apache documentation recommends this method**) | ||
<code bash> | <code bash> | ||
< | < | ||
- | ServerName | + | ServerName |
- | + | ||
- | | + | |
- | RewriteRule ^(/.*)$ | + | |
</ | </ | ||
</ | </ | ||
- | Using Redirect | + | \\ |
+ | Option 2: Using mod_rewrite | ||
<code bash> | <code bash> | ||
< | < | ||
- | ServerName | + | ServerName |
- | + | ||
- | | + | |
+ | RewriteRule ^(/.*)$ | ||
</ | </ | ||
</ | </ |