Homework help

Question # 40521
  • Computer Science
    8 months ago
    $20

    Complete the attached lab and upload the files to show that you did the work.

    Log into Athena and then use Putty to connect to icarus.cs.weber.edu to complete the assignment. If you are running Linux or a Macintosh you may connect to Icarus via ssh. Follow the directions on the lab. Substitute your name (i.e. John Doe) where the lab uses www.yourname.com

    Please submit the file as a .doc or .pdf attachment with your name (I.e. JohnDoe_CreatingCertificateLab.doc or JohnDoe_CreatingCertificateLab.pdf)

    Creating a SSL Certificate
    Please take screen shots of your work and explain what you did and what you have learned.
    If you want to convert your website from HTTP to HTTPS, you need to get a SSL certificate
    from a valid organization like Verisign or Thawte. You can also generate self signed SSL
    certificate for testing purpose.
    In this article, let us review how to generate private key file (server.key), certificate signing
    request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache
    server with mod_ssl.
    Key, CSR and CRT File Naming Convention
    I typically like to name the files with the domain name of the HTTPS URL that will be using this
    certificate. This makes it easier to identify and maintain.

    Instead of server.key, use www.yourname.com.key
    Instead of server.csr, use www.yourname.com.csr
    Instead of server.crt, use www.yourname.com.crt

    1. Generate Private Key on the Server Running Apache + mod_ssl
    First, generate a private key on the Linux server that runs Apache webserver using openssl command as shown below.
    openssl genrsa -des3 -out www.yourname.com.key 1024 (Note that www.yourname.com should be www.WaldoWildcat.com if your name was Waldo Wildcat)

    -------------------------
    Generating RSA private key, 1024 bit long modulus
    .......................................++++++
    ...................................................++++++
    e is 73547 (0x01001)
    Enter pass phrase for www.yourname.com.key: (this would be a password that you chose to enter)
    Verifying - Enter pass phrase for www.yourname.com.key:

    Run the following command to make sure the file was generated (Note the it is a lower case L and not the number 1)
    ls -ltr www.yourname.*
    -rw-r--r-- 1 root root 963 Jun 13 20:26 www.yourname.com.key


    To see what the generated private key looks like the following.

    cat www.yourname.com.key

    -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,485B3C6371C9916E ymehJu/RowzrclMcixAyxdbfzQphfUAk9oK9kK2 jadfoiyqthakLKNqw9z1MoaqkPyqeHevUm26no AJKIETHKJADFS2BGb0n61/Ksk8isp7evLM4+QY KAQETKjdiahteksMJOjXLq+vf5Ra299fZPON7yr -----END RSA PRIVATE KEY-----

    2. Generate a Certificate Signing Request (CSR)

    Using the key generate above, you should generate a certificate request file (csr) using openssl as shown below. openssl req -new -key www.yourname.com.key -out www.yourname.com.csr

    Enter pass phrase for www.yourname.com.key: (Pass phrase is any password you choose to use)

    You are about to be asked to enter information that will be incorporated into your certificate request.

    What you are about to enter is what is called a Distinguished Name or a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value, If you enter '.', the field will be left blank.

    -----

    Country Name (2 letter code) [GB]:

    US State or Province Name (full name) [Berkshire]:California

    Locality Name (eg, city) [Newbury]:Los Angeles

    Organization Name (eg, company) [My Company Ltd]:The Geek Stuff Organizational

    Unit Name (eg, section) :IT

    Common Name (eg, your name or your server's hostname) : yourname

    Email Address:

    Please enter the following 'extra' attributes to be sent with your certificate request

    A challenge password []:

    An optional company name []:

    Run the following command to make sure the file was created

    ls -ltr www.yourname.*

    ------------------------

    -rw-r--r-- 1 root root 963 Jun 13 20:26 www.yourname.com.key

    -rw-r--r-- 1 root root 664 Jun 13 20:35 www.yourname.com.csr

    3. Generate a Self-Signed SSL Certificate

    For testing purpose, you can generate a self-signed SSL certificate that is valid for 1 year using openssl command as shown below.

    openssl x509 -req -days 365 -in www.yourname.com.csr -signkey www.yourname.com.key -out www.yourname.com.crt (Note this entire command is all on one line)

    Signature ok

    subject=/C=US/ST=California/L=Los Angeles/O=yourname/OU=IT/CN=www.yourname.com

    Getting Private key

    Enter pass phrase for www.yourname.com.key:

    Run the following command to make sure file was created

    ls -l www.yourname.*

    -rw-r--r-- 1 root root 963 Jun 13 20:26 www.yourname.com.key

    -rw-r--r-- 1 root root 664 Jun 13 20:35 www.yourname.com.csr

    -rw-r--r-- 1 root root 879 Jun 13 20:43 www.yourname.com.crt

    Run the following command to see the contents of the certificate

    cat www.yourname.com.crt

    -----BEGIN CERTIFICATE-----

    haidfshoaihsdfAKDJFAISHTEIHkjasdjadf9w0BAQUFADCB kjadfijadfhWQIOUQERUNcMNasdkjfakljasdBgEFBQcDAQ kjdghkjhfortoieriqqeurNZXCVMNCMN.MCNaGF3dGUuY29

    -----END CERTIFICATE-----
    You can use this method to generate Apache SSL Key, CSR and CRT file in most of the Linux, Unix systems including Ubuntu, Debian, CentOS, Fedora and Red Hat.

    4. Explain what you learned by doing this lab. Why did you go through each of the steps? Why did one step's output feed into another step's input? What was the end result and how would this be used on a web server?

    Original source found at: http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/ 

    Attachments: