Assessment Prep - jude-lindale/Wiki GitHub Wiki

CA & Server Setup

Both

  • check that the network adapter is set to bridged
  • power on both machines and run through basic setup
  • Run nmtui and under network press space over 'automatically connect
  • run `systemctl restart network'

Server

  • install Apache/httpd yum install -y httpd
  • Enable httpd: systemctl enable httpd
  • Start the httpd service: systemctl start httpd
  • Let's check the current Apache status: systemctl status httpd
  • allow http through firewall firewall-cmd --permanent --add-port=80/tcp
  • Reload firewall config: firewall-cmd --reload
  • Verify that firewall is open: firewall-cmd --query-port=80/tcp
  • check web server by running curl http://Your_IP_Here | grep "working properly"

CA

  • run useradd jude which created a profile,
  • Then passwd jude [password] which put a password for the user
  • allow ssh through firewall firewall-cmd --permanent --add-port=22(either /tcp, /ssh, /scp)
  • Reload firewall config: firewall-cmd --reload

Certificate Authority

CA

  • cd /etc/pki/CA
  • touch index.txt (CA uses to keep track of certs)
  • echo 1000 > serial (used to assign serial #’s to certs)
  • create private key openssl genrsa -des3 -out private/cakey.pem 2048
  • create CA Cert openssl req -new -x509 -days 365 -key private/cakey.pem -out cacert.pem

Server

  • create cert request openssl req -newkey rsa:2048 -keyout websrv.key -out websrv.csr
  • send csr file to CA scp websrv.csr jude@IPADD:/tmp

CA

  • sign cert openssl ca -out websrv.crt -infiles websrv.csr
  • send signed cert back scp websrv.crt jude@ipadd:/tmp

Configuring Apache for HTTPS

  • Setting up Certificate and Key on web server:
    • Web Server certificate: /etc/pki/tls/certs
    • Web server private key: /etc/pki/tls/private
  • install mod-ssl for apache
    • yum -y install mod_ssl
  • update /etc/httpd/conf.d/ssl.conf
    • Find SSLCertificateFile and make sure the path and filename match your certificate file
    • Find SSLCertificateKeyFile and make sure the path and filename match your key file
    • Save file
  • Update firewall to allow port 443 firewall-cmd --permanent --add-port=443/tcp
  • Reload firewall config: firewall-cmd --reload
  • Restart httpd `systemctl restart httpd'