Module – 15 Setting up SSL secured Webserver with RHEL 6.4

What is SSL Certificate?

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser.

https

Let us understand the basics

  • Why SSL Certificate exists?
  • What is encryption?
  • Why encrypt?
  • How encryption works?
  • What is Identification?
  • How can we trust other computer?

Why SSL Certificate exists?

encyidenti

What is encryption?

  • Encryption is the most effective way to achieve data security.
  • To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.
  • Unencrypted data is called plain text ; encrypted data is referred to as cipher text.

Why to encrypt?

  • Encryption protects our data.
  • It protects our data when it’s sitting on our computers and in data centers, and it protects it when it’s being transmitted around the Internet.
  • It protects our conversations, whether video, voice, or text.
  • It protects our privacy.
  • It protects our anonymity.
  • And sometimes, it protects our lives.

How encryption works?

  • Encryption uses a complex algorithm called a cipher in order to turn normalized data (plaintext) into a series of seemingly random characters (ciphertext) that is unreadable by those without a special key in which to decrypt it.
  • Those that possess the key can decrypt the data in order to view the plaintext again rather than the random character string of ciphertext

Public Key Encryption (Asymmetric)

  • encryption uses the recipient’s public key as well as a (mathematically) matching private key.

publickey

Private Key encryption (symmetric)

  • Where Private Key – or symmetric – encryption differs from Public Key encryption is in the purpose of the keys themselves.
  • There are still two keys needed to communicate, but each of these keys is now essentially the same

 

What is SSL and what are Certificates & what is the actual steps being followed?

The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works.

1. A browser requests a secure page (usually https://).

2. The web server sends its public key with its certificate.

3. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.

4. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.

5. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.

6. The web server sends back the requested html document and http data encrypted with the symmetric key.

7. The browser decrypts the http data and html document using the symmetric key and displays the information.

Oky…Let us go to practical lab:

Step:1 Install Package

  • yum install mod_ssl
  • Yum install openssl

Step:2 # Generate private key

  • openssl genrsa -out ca.key 2048

Step:3 # Generate CSR (Certificate Signing request_

  • openssl req -new -key ca.key -out ca.csr

Step:4 # Generate Self Signed Key

  • openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Step:5 # Copy the files to the correct locations

  • cp ca.crt /etc/pki/tls/certs/ca.crt
  • cp ca.key /etc/pki/tls/private/ca.key
  • cp ca.csr /etc/pki/tls/private/ca.csr

 

Step:6 Then we need to update the Apache SSL configuration file               vi +/SSLCertificateFile —->  /etc/httpd/conf.d/ssl.conf

Step:7 Change the paths to match where the Key file is stored.If you’ve used the method above it will be

                 SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for the Certificate Key File a few lines below. If you’ve followed the instructions above it is:

                 SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Step:8

Add the following lines in /etc/httpd/httpd.conf to automatically redirect your connections from HTTP to HTTPS service.

Example: when you hit http://www.example.com, it will be re-direct to https://www.example.com

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}  [R=301,L]

  •  

    Step: 9

    Quit and save the file and then restart Apache

      /etc/init.d/httpd restart

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>