Owl River - SSL and tcpdump presentation test slides

Owl River - SSL and tcpdump presentation test

Protecting Sheila Wagner's lasagna recipe

443 recipe - 80 recipe
43transfer - 80 transfer
80 recipe -- no redirect, and no markup

http://www.owlriver.org/transfer/index.phps - the code that links 
into presentation directory of the recipe
http://www.owlriver.org/recipe/index.phps - the presentation code
which tests if the SSL was used, and if not, moves to SSL; then does minimal
markup

We have a set of show and tell slides, demonstrating seamless movement of a user's web page request into https, and do a chalk talk on installing a certificate from http://www.cacert.org/

[root@www html]# ls /root/
anaconda-ks.cfg  install.log.syslog  private.key
install-key.txt  ks.php.txt          server.csr
install.log      ks-profile.txt      server-signed.cert
[root@www html]# cp ~/
[root@www html]#



	Gen a cert private.key, and server.csr 

		openssl req -nodes -new -keyout private.key -out server.csr

	Have it signed by the CA, using the server.csr

		https://www.cacert.org/

	Put the displayed signed key in: server.crt

		cp server.crt /etc/httpd/conf/ssl.crt/server.crt

	Put the private.key in /etc/httpd/conf/ssl.key/server.key

		cp private.key /etc/httpd/conf/ssl.key/server.key

	Edit the ServerName in /etc/httpd/conf/httpd.conf to make sure 
		it matches the cert

	Restart the webserver, and check:

		/var/log/httpd
			ssl_error_log and error_log	


	Validate it with a browser

Other Voices:
UMN How-To summary
- or - Google for "self signed SSL certificate" for an overview of the whole process

Written for OSU Secwog, 2 Feb 2006 by Russ Herrold ( herrold at owlriver dot com ), revised for ClueCon 2006, 1 Aug 2006

https://www.owlriver.org/