Assessment Prep - jude-lindale/Wiki GitHub Wiki
CA & Server Setup
Both
- check that the network adapter is set to bridged
- power on both machines and run through basic setup
- Run
nmtui
and under network press space over 'automatically connect
- run `systemctl restart network'
Server
- install Apache/httpd
yum install -y httpd
- Enable httpd:
systemctl enable httpd
- Start the httpd service:
systemctl start httpd
- Let's check the current Apache status:
systemctl status httpd
- allow http through firewall
firewall-cmd --permanent --add-port=80/tcp
- Reload firewall config:
firewall-cmd --reload
- Verify that firewall is open:
firewall-cmd --query-port=80/tcp
- check web server by running
curl http://Your_IP_Here | grep "working properly"
CA
- run
useradd jude
which created a profile,
- Then
passwd jude [password]
which put a password for the user
- allow ssh through firewall
firewall-cmd --permanent --add-port=22(either /tcp, /ssh, /scp)
- Reload firewall config:
firewall-cmd --reload
Certificate Authority
CA
cd /etc/pki/CA
touch index.txt
(CA uses to keep track of certs)
echo 1000 > serial
(used to assign serial #’s to certs)
- create private key
openssl genrsa -des3 -out private/cakey.pem 2048
- create CA Cert
openssl req -new -x509 -days 365 -key private/cakey.pem -out cacert.pem
Server
- create cert request
openssl req -newkey rsa:2048 -keyout websrv.key -out websrv.csr
- send csr file to CA
scp websrv.csr jude@IPADD:/tmp
CA
- sign cert
openssl ca -out websrv.crt -infiles websrv.csr
- send signed cert back
scp websrv.crt jude@ipadd:/tmp
Configuring Apache for HTTPS
- Setting up Certificate and Key on web server:
Web Server certificate: /etc/pki/tls/certs
Web server private key: /etc/pki/tls/private
- install mod-ssl for apache
- update
/etc/httpd/conf.d/ssl.conf
- Find SSLCertificateFile and make sure the path and filename match your certificate file
- Find SSLCertificateKeyFile and make sure the path and filename match your key file
- Save file
- Update firewall to allow port 443
firewall-cmd --permanent --add-port=443/tcp
- Reload firewall config:
firewall-cmd --reload
- Restart httpd `systemctl restart httpd'