The
month of February is a month of love. This is the month when most of the
chocolate establishments make have their revenues. Now talking about love, love
is one thing that is based on trust. You cannot have the later without the
former. However nobody and especially those responsible for enterprise
applications can afford the luxury of trusting the paths in which the valued
information passes.
Let’s
try to understand what am talking about. Most
systems are web based and even more now that as I said in an earlier
post the word cloud no longer means the
sign of rain. Now when a company
employee uses a web browser to access
the company system then they are trying
to request data from a remote server. This will involve the initial login which
involves passing the username and password. The browser will encrypt the
password for you but after that all that information that is passed along is
open to tapping by a person with the right tools usually called the Adversary
or simply the hacker.
Inorder
to make sure that this does not happen , we need to encrypt all the requests
coming from the client and decrypt them at the server and viceversa. This involves creating a host which supports
communication over the protocol : https.
1.
We
start this procedure by editing the httpd-vhosts.conf found at the path xampp\apache\conf\extra.
Delete
the scripts you have now from the previous post and replace with the one below.
<VirtualHost
www.thetaitanstore.com:443>
ServerAdmin admin@thetaitanstore.com
DocumentRoot "D:\Virtual Sites hosted
here\thetaitanstore"
ServerName www.thetaitanstore.com
ServerAlias thetaitanstore.com
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData
+StrictRequire
SSLCertificateFile
"C:\xampp\apache\conf\ssl.crt\server.crt"
SSLCertificateKeyFile
"C:\xampp\apache\conf\ssl.key\server.key"
CustomLog "D:\Virtual Sites hosted
here\thetaitanstore\logs\access" common
<Directory
/>
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory
"D:\Virtual Sites hosted here\thetaitanstore">
Options Indexes FollowSymLinks
MultiViews
AllowOverride FileInfo
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Note
that the SSL communications are now being done through port 443 as opposed to
port 80.
The
script above shows that we have a private key file and a public key file. These
are contained in the SSL certificates for authentication purposes. So now let’s
go on and generate our own SSL certificate.
In
order to enable the encryption of your password, you must create an SSL
certificiate (containing your public key) and a server private key. XAMPP
provides a default certificate/key that can be used, but it is better to create
a new one since the default key is available to anyone who downloads XAMPP. If
someone knows your key, they can decrypt your packets.
XAMPP
provides a batch file for creating a new certificate/key with random encryption
keys. To execute this batch file, do the following:
- Open a command window
(Start->Run, type “cmd” and press “OK)
- cd c:\xampp\apache
- makecert
You will then
see this:
C:\xampp\apache>newcert
Loading 'screen' into random state -
done
Generating a 1024 bit RSA private
key
............................++++++
.....................................++++++
writing new private key to
'privkey.pem'
Enter PEM pass phrase:
Enter in a
pass phrase for decrypting your private server key, and press Enter. Write down
this passphrase so you don’t forget it. Now you will be asked to verify it:
Verifying - Enter PEM pass phrase:
Enter your
passphrase a second time and hit Enter. Now, you’ll see this:
-----
You are about
to be asked to enter information that will be incorporatedinto your certificate
request.What you are about to enter is what is called a Distinguished Name or a
DN.There are quite a few fields but you can leave some blank.
For some
fields there will be a default value,
If you enter
'.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
Enter in your
2 letter country code. You’ll be asked for a few more items (shown below).
Enter is what you think is most appropriate, but stop when you are asked for
“Common Name”
State or Province Name (full name) [Some-State]:KE
Locality Name (eg, city) []:NAIROBI
Organization Name (eg, company) [CREATIVE COMMONS]: THE
TAITAN STORE
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:www.thetaitanstore.com
For “Common
Name”, you need to enter in the DNS name or IP address of your website. The
name that you enter in here will need to match the server name that is entered
into the browser that is accessing the page. It is important that this common
name match the address that goes into a browser, otherwise you will get extra
warnings when navigating to your secure web pages. If you are running this
website over the public internet on an IP address that changes sometimes, you
can use a Dynamic DNS service such as dyndns.org to get a free domain name that
always points to your server. After you enter in the “Common Name”, you are
asked for more information. Fill in what you think is appropriate, but it is OK
to just hit ENTER to accept the defaults. Eventually, you will be asked for the
pass phrase for privkey.pem:
Email Address []:
Please enter the following 'extra'
attributesto be sent with your certificate request
A challenge password []:
An optional company name []:
Enter pass phrase for privkey.pem:
4.
Enter
the pass phrase that you created earlier, and now you will see this:
writing
RSA key
Loading
'screen' into random state - done
Signature
ok
subject=/C=xx/ST=xx/L=xxxx/O=xxx/CN=commonname
Getting
Private key
—–
Das
Zertifikat wurde erstellt.
The
certificate was provided.
Press
any key to continue . . .
C:\xampp\apache>
You
are now finished creating your SSL certificate and private key. The
makecert.bat script will move your server private key and certificates in the
appropriate directories for you.
3. Remember to restart Apache for the
configuration changes to take effect.
Now
you have your fully configured SSL powered virtual host.
