Apache & HTTPS Assessment - wAlber47/Tech-Journal GitHub Wiki

This assessment will consist of a hands on portion, in which you will build one Certificate Authority and one Web Server from scratch. These will be configured to provide HTTPS. On this page, is a combination of all the labs in which we have done building up to this assessment. Following this guide in order should lead to success on the assessment.

Creating Simple Web Server

In order to provide HTTPS on a server, we must first install and configure our own Apache server.

  1. Download the VM's ISO file, change the Network Adapter to Bridged, and walk through the installation process. Make sure to turn on the "Network & Host Name" section of the CentOS installation summary. You will also have the option to make a new user account, make sure that this user is an Administrator. Restart the VM and log in as your new user.
  2. Run dhclient and then ip addr to see if you have an IP address. Keep track of it for later.
  3. Install Apache and HTTPD with sudo yum install -y httpd.
  4. We will also need to modify the firewall to allow Port #80/TCP. Remember to reload and make it permanent.
  5. Once we have opened the firewall, we can start httpd with sudo systemctl start httpd. Check the status and make sure it is running.
  6. To test the server is up and running, curl http://<ip-address> | grep "working properly" or navigate to the page in your browser.

Basic HTML Page

In case our web page needs to feature something basic, I've included this lab and it's basic information.

  1. For any Apache server, /var/www/html is the default root directory. Change to root and navigate there.
  2. In order to edit the page, use basic HTML to create a simple title and body.
  3. Once you've made changes, restart the service and check the web page through your browser.
  4. In case the page needs relative or absolute links inside them, here is that lab.

HTTPD Change Port

Similar to above, this may not be included in the lab, but having it included is better than not having it.

  1. All you have to do is vi /etc/httpd/conf/httpd.conf and edit the line that says "Listen 80" to say "Listen ".

Certificate Authority Lab Prep

This is the start of the Certificate Authority Process. All that happens here is creating the CA's VM and some very simplistic configuration.

  1. Download the ISO, swap to Bridged Networking, and follow the installation process. We will need a named user, so make sure to create that. AS well as changing the Network setting.
  2. Once logged in as your new user, allow Port #22/TCP through the firewall.
  3. Make sure SSHD is running on the system as we will need it later.

Certificate Authority Lab

In this part we will use OpenSSL to request and sign certificates.

  1. As sudo, move to /etc/pki/CA and run touch index.txt, as well as echo 1000 > serial.
  2. In order to create our CA's private key we need to run openssl genrsa -des3 -out private/cakey.pem 2048.
  3. To create the CA's certificate, run openssl req -new -x509 -days 365 -key private/cakey.pem -out cacert.pem.
    1. Make sure that Skiff101 is your Organization name, unit name, and common name.
    2. All the information must be the same later on, so make sure there are no typos.
  4. Back on the Web Server, we need to create a certificate request there. Run openssl req -newkey rsa:2048 -keyout websrv.key -out websrv.csr. Make sure to do this from a directory you can find easily.
    1. Make sure the entries match, and leave the 'extra' attributes blank.
  5. Use SCP to transfer websrv.csr to the Certificate Authority. scp websrv.csr root@<ip-address>:/etc/pki/CA
  6. On the Certificate Authority, we will sign the Certificate using openssl ca -out websrv.crt -infiles websrv.csr. After this, confirm that the .crt has information using ls -l and cat. If there is an error, run echo 1 > serial and try again.
  7. scp websrv.crt walber@<ip-address>:/home/walber will send the file back to the Apache web server.
  8. You will need to move the files to /etc/pki/tls/certs in order to proceed. sudo cp websrv.crt websrv.key /etc/pki/tls/certs

Configuring Apache for HTTPS

You will use the certificate file your group created to set up HTTPS on your web server.

  1. Check that "websrv.crt" and "websrv.key" both contain information.
  2. Install mod-ssl with yum -y install mod_ssl.
  3. Edit /etc/httpd/conf.d/ssl.conf, find SSLCertificateFile and SSLCertificateKeyFile and change both of them to match the path and file names on your server.
    1. SSLCertificateFile /etc/pki/tls/certs/websrv.crt
    2. SSLCertificateKeyFile /etc/pki/tls/certs/websrv.key
  4. Add Port #443 to the Firewall and reload.
  5. sudo vi /etc/httpd/conf/httpd.conf and edit "ServerName" to say ServerName <ip-address>.
  6. sudo systemctl restart httpd
  7. Navigate to your server using HTTPS and you should have success!
⚠️ **GitHub.com Fallback** ⚠️