Week6_Walkthrough - morgan-hanrahan/Tech-Journal GitHub Wiki

HTTPS

Creating a new CentOS server

  • Select New Virtual Machine
  • Point to the downloaded ISO
  • Name it whatever you wish
  • Disk Size: 30 GB as a single file
  • Uncheck "Automatically power on this VM after creation"
  • Use Bridged networking
  • Follow installation prompts
  • Don't forget to set ROOT password
  • Create a user account that you can use with SCP to copy files to the server
    • useradd _username_
    • passwd _username WantedPassword_
    • usermod -aG wheel _username_
  • Make sure SSHD is running
  • Update firewall to always all port 22 (SSH/SCP)

Setting up Apache/HTTPD

  1. Run dhclient to request ip address
  2. Double check you received an IP address
  3. Install Apache
    • yum install -y httpd
  4. Firewall Commands
    • firewall-cmd --permanent --add-port=80/tcp
    • firewall-cmd --reload
    • firewall-cmd --query-port=80/tcp
  5. Start httpd service
    • systemctl start httpd
  6. Check Apache Status
    • systemctl status httpd

Creating the Certificate Authority

  • File System Prep

    • cd /etc/pki/CA
    • touch index.txt- CA uses to keep track of certs
    • echo 1000 > serial - Every cert must have a different serial this is used to assign serial #'s to certs

  • Creating the CA's private key and certificate

    • openssl genrsa -des3 -out private/cakey.pem 2048
    • openssl req -new -x509 -days 365 -key private/cakey.pem -out cacert.pem- Use Skiff101 for organization name, unti name, and common name

  • Creating the certificate request on the web server

  • Generate private key for web server and certificate request.

    • openssl req -newkey rsa:2048 -keyout websrv.key -out websrv.csr
    • scp websrv.csr _username_@_IPaddress_:/etc/pki/CA

  • Signing the cert on the CA

    • openssl ca -out websrv.crt -infiles websrv.csr
    • scp websrv.crt _username_@_IPaddress_:/

  • Verifying

    • Make sure the following files have outputs using the cat command:
      • cacert.pem
      • websrv.key
      • websrv.crt

Setting up Cert & Key on Web server

  • Copy the files into the following locations:
    • Web Server Cert: /etc/pji/tls/certs
    • Web Server Private Key: /etc/pki/tls/private
  • Install mod-ssl for Apache yum -y install mod_ssl
  • Update /etc/httpd/conf.d/ssl.conf file
    • Find SSLCertificateFile and change path to /etc/pki/tls/certs
    • Find SSLCertificateKeyFile and change path to /etc/pki/tls/private
  • Update firewall to allow port 443
  • Reload firewall
  • Restart httpd
  • Browse to your server using HTTPS - it should be a success