CSC

CRIPTOGRAFIE ȘI SECURITATE CIBERNETICĂ

 

Laborator

6. Securitatea comunicațiilor web

Apache httpd : SSL/TLS Setting
 
Configure SSL/TLS setting to use secure encrypt HTTPS connection.
[1]
Get SSL Certificate, refer to here.
[2] Enable SSL/TLS settings.
[root@www ~]#
dnf -y install mod_ssl
[root@www ~]#
vi /etc/httpd/conf.d/ssl.conf
# line 59 : uncomment

DocumentRoot "/var/www/html"
# line 60 : uncomment and specify hostname

ServerName
www.srv.world:443
# line 101 : change to the one got in [1]

SSLCertificateFile
/etc/letsencrypt/live/www.srv.world/cert.pem
# line 109 : change to the one got in [1]

SSLCertificateKeyFile
/etc/letsencrypt/live/www.srv.world/privkey.pem
# line 118 : change to the one got in [1]

SSLCertificateChainFile
/etc/letsencrypt/live/www.srv.world/chain.pem
[root@www ~]#
systemctl restart httpd

[3] If you'd like to set HTTP connection to redirect to HTTPS (Always on SSL/TLS), Set RewriteRule to each Host settings.
For example, if you set Virtual Hostings like the link here, Add RewriteRule like follows. Or It's possible to set RewriteRule in [.htaccess] not in [httpd.conf].
[root@www ~]#
vi /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
    DocumentRoot /var/www/html
    ServerName www.srv.world
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

[root@www ~]#
systemctl restart httpd

[4] If Firewalld is running, allow HTTPS service. HTTPS uses 443/TCP.
[root@www ~]#
firewall-cmd --add-service=https

success
[root@www ~]#
firewall-cmd --runtime-to-permanent

success
[5] Verify to access to the test page from any client computer with Web browser via HTTPS.

...

 

 

 

CSC

curs,laborator,

proiect,referat

Master - RCC

an 2

(FIESC)