CISS-125 Project 3 – HTTPS

Posted on By William Jojo
CISS-125-Project

For this project you will install certificates into web servers (Apache and IIS) and configure them to support HTTPS.

Learning outcomes

  • Planning and design.
  • VMware guest modifications.
  • Modifying application software.
  • Secure Communications and Protocols.
  • Installing key and certificates for HTTPS.

Apache on Ubuntu

If you have not already done so, install the Apache server on Ubuntu – we are NOT using the entire LAMP implementation.

apt install apache2

Note: For each of these upcoming browser bits, do not add an exception. Simply enjoy what you are seeing…

Now browse to the site http://hostname.ciss125.net. If you see the Apache default page that tells you all about Apache, then things are going well.

If you see a message saying it cannot connect to the server, then there is either a problem with the install, a typo in the server name, an issue with the URL or there is a DNS issue. Stop and resolve this with your instructor.

Now browse to the same host, but use https instead. You should receive a message that it is unable to connect. This is because there is no secure protocol established yet.

To turn on HTTPS, use the following:

a2enmod ssl
service apache2 reload

Now browse to your site. You should receive an error something like secure connection failed, response too long. Although we have told Apache to support SSL, there is no configuration setup to show it how.

Setup the secure site with:

a2ensite default-ssl.conf
service apache2 reload

Now browse to your server again and you will receive the self-signed cert warning. This is due to the fact that, by default, the Apache package has a self-signed certificate installed and configured. We will now change that to use the certificate you have created.

Edit the /etc/apache2/sites-enabled/default-ssl.conf with gedit and modify the lines that begin with:

SSLCertificateFile
SSLCertificateKeyFile
SSLCACertificateFile

These lines need to be modified to point to the certificate files using their full pathnames. The pathnames are the complete paths to the files. You should place the certificate and the intermediate.crt in /etc/ssl/certs.

The private key should be placed in /etc/ssl/private.

Then, your lines would look something like:

SSLCertificateFile /etc/ssl/certs/certificatefile.crt
SSLCertificateKeyFile /etc/ssl/private/mykeyfile.key
SSLCACertificateFile /etc/ssl/certs/intermediate.crt

IIS on Windows Server

The IIS server should already be installed from a previous project. You should have already submitted a CSR and received a signed certificate from the instructor’s CA. And, you should have already imported the CA certificate for the in-house CA.

Now browse to the site http://hostname.ciss125.net. If you see the IIS default page that tells you all about IIS, then things are going well.

If you see a message saying it cannot connect to the server, then there is either a problem with the install, a typo in the server name, an issue with the URL or there is a DNS issue. Stop and resolve this with your instructor.

Now browse to the same host, but use https instead. You should receive a message that it is unable to connect. This is because there is no secure protocol established yet.

At this point, return to the instructions for creating a CSR for IIS 10 and complete the procedure to install the certificate.