Just heard about security concerns and username/passwords being scanned over the network. This is the weakness of the HTTP protocol. One solution is to use the HTTPS with OpenSSL.
With reference to http://www.centos.org/docs/5/html
Step 1: Install the SSL components
yum install mod_ssl openssl
Step 2: Create the certificates
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr
Step 3: Configure Apache to use the certificates
vi /etc/httpd/conf.d/ssl.conf
Search for the SSLCertificateFile and SSLCertificateKeyFile lines and point it to the correct TLS directory.
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/ca.crt
# nicholas
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Restart apache server
service httpd restart
Step 4: Assign Apache to use a secure folder for the HTTPS while redirecting the port 80 of the HTTP to another folder.
vi /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
</virtualhost *:80>
<directory>
AllowOverride All
</directory>
DocumentRoot /var/www/html
ServerName servername.com
</virtualhost>
NameVirtualHost *:443
<virtualhost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<directory>
AllowOverride All
</directory>
DocumentRoot /var/www/vhosts/servername/httdocs
ServerName tservername.com
</virtualhost>
Restart Apache server. The virtual host can be verified with the command
httpd -S
Step 5: Test the HTTPS and HTTP
Use a web browser to access with HTTP and HTTPS, both should point to different directory.
Certain web browsers do not know about cacert as a validation server. This can be done easily with following steps.
Step 1. Download from www.cacert.org the Root Certificates for class 1 and 3 PKI keys.
Step 2. Use firefox to add these root keys.
Choose edit ->Preferences ->Advanced ->Encryptions ->View Certificates
Choose Authorities ->Import
Choose both of the root keys that was downloaded
Step 3. Restart the web browser.
Looking at alternative computer software solutions for a variety of reasons. This includes price, computer security, virus prevention and reliability. Here are my notes and great that if it helps you, otherwise please understand what you are doing and not follow blindly. All works expressed are my own and does not necessarily express the products or organisations mentioned here.
2 comments:
Nick, some time back I sent out an email detailing the dangers of using clear-text HTTP, obviously my recipients either did not care or understand what I was trying to say.
Here's hoping after reading your entry the proverbial apple will land on their crowns.
To some its still a safe world out there.
Post a Comment