Professional Documents
Culture Documents
Lab1a - Self-Signed HTTPS Report 222002905
Lab1a - Self-Signed HTTPS Report 222002905
Lab - Cryptography
222002905
Objectives
To understand the concept of digital certificates
Tools:
1. Debian 11 Virtual Machine
2. Apache HTTP Server
3. Putty (Optional, but recommended)
4. Downloads/Installations should be done while on NUST network
Summary
The purpose of this lab is to allow students to generate a key and use the key to create a certificate for a
website running on Apache. The website should then be running with SSL on port 443 after successful
configuration.
Deliverables
1. Detailed report of the steps you took to achieve the objective of the lab.
NB: All steps should be explained (Their purposes).
1. Make sure that you Debian system can ping the local repository.
Hint: Make sure the VM’s network card is in NAT mode and can communicate with the outside
network.
(Insert screenshot)
2. Enter the following entry in the Debian virtual Machine’s sources list located in /etc/apt/ directory.
a. Source list is in the directory mentioned below. Use your Linux expertise to navigate to that
directory.
(Insert screenshot)
b. Use a text editing tool (nano) to open the file: sources.list
(Insert screenshot)
NB: Verify that the following lines are in the sources.list file, alternatively add them to the file and save:
deb http://deb.debian.org/debian/ bullseye main
deb-src http://deb.debian.org/debian/ bullseye main
deb http://security.debian.org/debian-security bullseye-security main
deb-src http://security.debian.org/debian-security bullseye-security main
deb http://deb.debian.org/debian/ bullseye-updates main
deb-src http://deb.debian.org/debian/ bullseye-updates main
# apt-get update
5. Edit the index file of the new apache web server and write: “Welcome to Lab1”. Restart the apache2
service after that.
(Insert screenshots and explain commands used)
1. Echo “Welcome to Lab 1” > /var/www/html/index.html
The command <echo> is used to edit the index file of apache web server. It will pass on the text or
string in double quotes next to it into the index of the file.
2. systemctl restart apache2
Restarts apache2 service
3. hostname -I
This command reveals only the ip address of the Debian machine.
Enter the IP Address of your apache web server from another computer to see that the server is indeed
running. If it’s running, notice that it is running on http. Not secures, right??? Let’s the SSL module to
secure our website.
6. Enable apache ssl module with the following commands, then restart apache2 service.
7. Create a directory under the apache2 directory to store the certificate and key.
(Insert screenshot)
Make sure that the key and certificate have been created, then change permissions for all files in the ssl
directory.
# ls -l /etc/apache2/ssl/
-This command displays the contents of the ssl directory in a list of lines
# chmod 600 /etc/apache2/ssl/*
- This command gives the owner full read and write access to the file and no other user can access
the file.
9. Finally, configure apache to use the newly created certificate. To do this, open and edit the
default-ssl.conf file with the following configurations.
NB: The IP address that should be entered here is the IP address of your Debian virtual machine.
This will configure the apache web server to use port 443 for http requests.
-Look for “sslcertificatefile”, and enter the location and name of the certificate you created at point 8.
- Also, “sslcertificatekeyfile”, and enter the location and name of the certificate you created at point 8.
SSLCertificateFile
SSLCertificateKeyFile
11. Run the netstat command to see that port 443 is indeed listening (on the debian apache web server)
# netstat -ant | grep 443
If all configurations have been done properly, proceed through the security warning to access your https
website.
13. View the certificate from the web browser, study the certificate and write a summary of
what information you are able to get from the certificate.
(Insert screenshot)
You can also use the command below to view the certificate information.
14. Repeat this task, this time with details of your own. Take a screen shot of your newly created
certificate and send it with the summary to your practical lecturer.
(Insert screenshot)
SUMMARY OF INFORMATION OBTAINED FROM THE CERTIFICATE
1. UNDER GENERAL INFORMATION THERE IS:
- Common Name
- Organization name
- Organizational Unit for Issued for and Issued by, validity period and fingerprints
2. UNDER DETAILS
- Certificate Hierarchy
Shows the sever name-ISS
- Certificate Fields shows:
Version
Serial Number
Certificate Signature Algorithm
Issuer details and validity
- Subject
- Subject Public Key Info
- Certificate Signature Value
- Fingerprints
NOTE: The purpose is to learn. Have fun. If you need assistance, just ask and it will be offered.