1 Apache and Virtual Sites and SSL Dorcas Muthoni.

Slides:



Advertisements
Similar presentations
HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.
Advertisements

Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Introduction to OpenSSL Jing Dalhousie University.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Apache ssl Objectives Contents Practical Summary Setup Apache + ssl
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Apache Web Server Quick and Dirty Steve Gibbard for SANOG 16 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Configuring a Web Server. Overview  Understand how a Web server works  Install IIS (Internet Information Services) and Apache Web servers  Examine.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)
APACHE SERVER By Innovationframes.com »
Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.
SquirrelMail for Webmail AfNOG 2013 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Lusaka, Zambia (Original Materials by Joelja)
Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.
Secure Sockets Layer (SSL) Fred Schank Kevin Wetter.
SSL Technology Overview and Troubleshooting Tips.
Linux Operations and Administration
2440: 141 Web Site Administration Web Server Configuration Instructor: Enoch E. Damson.
CSCI 6962: Server-side Design and Programming
Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.
Public-key Infrastructure. Computer Center, CS, NCTU 2 Public-key Infrastructure  A set of hardware, software, people, policies, and procedures.  To.
Web Services CSCI N321 – System and Network Administration Copyright © 2007,2008 by Scott Orr and the Trustees of Indiana University.
Onno W. Purbo openssl Onno W. Purbo
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Apache HTTP mod_ftp William A. Rowe, Jr. ASF Member, httpd and APR projects Sr. Software Engineer, Covalent Technologies.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011.
Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Web Server Quick and Dirty Evelyn NAMARA for AfNOG 2014 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Web Server Quick and Dirty Ayitey Bulley for AfNOG 2011 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Web Server Quick and Dirty Kevin G. Chege for AfNOG 2013 (Originally by Joel Jaeggli for AfNOG 2007) ‏
LinuxChix Apache. Serving Webpages The layer 7 protocol (HTTP) is what our browsers talk to get us the websites we can't seem to live without. HTTP is.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Apache with SSL and php Apache with ssl support should be the basic platform for providing web services... There are several different implementations.
Advanced Sendmail Part 1
Web Server Administration Chapter 6 Configuring a Web Server.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Web Server Administration Chapter 6 Configuring a Web Server.
APACHE Apache is generally recognized as the world's most popular Web server (HTTP server). Originally designed for Unix servers, the Apache Web server.
Apache with SSL building from source Apache with ssl support should be the basic platform for providing web services... There are several different implementations.
Web and Proxy Server.
TOPIC: HTTPS (Security protocol)
Apache with SSL building from source
Apache web server Quick overview.
Apache Security with SSL Using FreeBSD
Chapter 8 Building the Transaction Database
Unix System Administration
(Originally by Joel Jaeggli for AfNOG 2007)‏
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Public-key Infrastructure
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Public-key Infrastructure
APACHE WEB SERVER.
Unit 8 Network Security.
Electronic Payment Security Technologies
Presentation transcript:

1 Apache and Virtual Sites and SSL Dorcas Muthoni

2 Scope What is Apache What is Apache+mod_ssl+Vhosts Digital Signatures Installing Apache+mod_ssl Configuring Apache+Vhosts Your webserver Configuring Apache+mod_ssl

3 What is Apache HTTP Webserver: accepts HTTP requests from clients (web browsers), and serves them HTTP responses along with optional data contents By Apache Group and originally written for UNIX, but now runs under Linux, OS/2, Windows and other platforms. As of April 2008 Apache served 50.42% of all websites. Developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.

4 What is Apache+mod_ssl+Vhosts mod_ssl Apache HTTP Server module mod_ssl provides an interface to the OpenSSL library, which provides Strong Encryption using the Secure Sockets Layer and Transport Layer Security protocols. SSL provides for secure communication between client and server by allowing mutual authentication, the use of digital signatures for integrity, and encryption for privacy virtual hosts allows one Apache installation to serve many different actual websites. For example, one machine, with one Apache installation could simultaneously serve

5 Digital Signatures Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are.cryptographic protocols that provide secure communications on the Internet for such things as web browsing, , Internet faxing, instant messaging and other data transfers digital signature: type of asymmetric cryptography used to simulate the security properties of a handwritten signature on paper.  one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key.

6 Secure Transaction src:

7 Installing Apache+mod_ssl Lets install Apache with mod_ssl  mod_ssl: module provides strong cryptography for the Apache webserver via SSL and TLS protocols by the help of the Open Source SSL/TLS toolkit OpenSSL Installation  # portinstall apache Enable apache to start automatically on boot # vi /etc/rc.conf Add apache22_enable="YES"

8 Configuring Apache+Vhosts  cd /usr/local/etc/apache22/  vi httpd.conf Review key the conf file  ServerRoot "/usr/local" : top of the directory tree under which the server's configuration, error, and log files are kept  Listen 80 : bind Apache to specific IP addresses and/or ports  ServerAdmin: Your address, where problems with the server should be ed.  DocumentRoot: The directory out of which you will serve your documents.  ErrorLog: The location of the error log file

9 Configuring Apache+Vhosts Supplemental configuration  The configuration files in the etc/apache22/extra/ directory can be included to add extra features or to modify the default configuration of the server Virtual hosts # Virtual hosts Include etc/apache22/extra/httpd-vhosts.conf SSL/TLS # Secure (SSL/TLS) connections # Include etc/apache22/extra/httpd-ssl.conf (to be enabled in a later session)‏

10 Your webserver Create the directory for your files in the Document Root # mkdir /usr/local/www/apache22/data Test apache: # telnet localhost 80 not running Start apache # apachectl start Create a page for your home # ee /usr/local/www/apache22/data/index.html Visit your homepage, on your browser  Or

11 Configuring Virtual Hosts Supplemental configuration cd /usr/local/etc/apache ee extra/httpd-vhosts.conf (last directive for those who did not install apache22)‏ If you want to maintain multiple domains/hostnames on your machine you can setup VirtualHost containers for them.  e.g. med.youruni.ac.ke, bs.youruni.ac.ke With name-based virtual hosts the server doesn't need to worry about IP addresses Almost any Apache directive may go into a VirtualHost container.

12 Configuring Virtual Hosts ServerAdmin DocumentRoot /usr/local/www/data/site1 ServerName site1.test.sae.ws.afnog.org ErrorLog "/var/log/site1-error_log" # CustomLog "/var/log/site1-access_log" ServerAdmin DocumentRoot /usr/local/www/data/site2 ServerName site2.test.sae.ws.afnog.org ErrorLog "/var/log/site2-error_log" # CustomLog "/var/log/site2-access_log"

13 Configuring Apache+mod_ssl Supplemental configuration  On the httpd.conf # Secure (SSL/TLS) connections Include etc/apache22/extra/httpd-ssl.conf (to be enabled in a later session)‏ # ee extra/httpd-ssl.conf

14 Configuring Apache+mod_ssl Supplemental configuration  On the httpd.conf # Secure (SSL/TLS) connections Include etc/apache22/extra/httpd-ssl.conf (to be enabled in a later session)‏ # ee extra/httpd-ssl.conf

15 Key Generation Generate a Private Key The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text. # openssl genrsa -des3 -out server.key 1024 Enter paraphrase Simple paraphrase

16 Generate a CSR (Certificate Signing Request)‏ Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. # openssl req -new -key server.key -out server.csr

17 Remove Passphrase from Key Apache will ask for the pass-phrase each time the web server is started # cp server.key server.key.org # openssl rsa -in server.key.org -out server.key

18 Generating a Self-Signed Certificate At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

19 Installing the Private Key and Certificate Ensure  server.crt  server.key Are in the Apache config directory

20 Configuring SSL Enabled Virtual Hosts edit /extra/httpd-ssl.conf SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean- shutdown CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

21 Restart Apache and Test

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.