Udgivet i Skriv en kommentar

Setting up an SSL secured Webserver

This guide will explain how to set up a site over https. The tutorial uses a self signed key so will work well for a personal website or testing purposes. This is provided as is so proceed at your own risk and take backups!

1. Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache’s interface to OpenSSL. Use yum to get them if you need them.

yum install mod_ssl openssl

Yum will either tell you they are installed or will install them for you.

2. Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands

# Generate private key
openssl genrsa -out ca.key 1024 

# Generate CSR
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Move the files to the correct locations
mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr

Then we need to update the Apache SSL configuration file

vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

Change the paths to match where the Key file is stored. If you’ve used the method above it will be

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for the Certificate Key File a few lines below. If you’ve followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache

/etc/init.d/httpd restart

All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. Firefox 3 won’t let you connect at all but you can override this.

3. Setting up the virtual hosts

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this

<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>

To add a sister site on port 443 you need to add the following at the top of your file

NameVirtualHost *:443

and then a VirtualHost record something like this:

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>

Restart Apache again using

/etc/init.d/httpd restart

4. Configuring the firewall

You should now have a site working over https using a self-signed certificate. If you can’t connect you may need to open the port on your firewall. To do this amend your iptables rules:

iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v
Udgivet i Skriv en kommentar

Få TDC WG111v2 USB dongle at virke på OpenSUSE

1. Login as root.
2. Download ndiswrapper.
3. Gunzip (or use Konquerer for KDE) the downloaded Gzip archive and extract to something like /root/ndiswrapper
4. Put the WG111v2 CD into your CD drive.
5. Copy the drivers in drivers/winxp to a local folder.
6. Open a Console window.
7. cd to your ndiswrapper source directory.
8. At the console, type the following:

make uninstall

When that command finishes, type this:

make

After that, type this:

make install

9. cd to your driver-holding folder.
10. Type

ndiswrapper -i net111v2.inf

at console.
Then type

ndiswrapper -l

if it says: net111v2 driver present hardware present
then that worked.
11. Type

ndiswrapper -m

at the console
then type

depmod -a

Afterwards type modprobe ndiswrapper
if it pops up with no error, continue.
12. At console, type

iwconfig wlan0 .

if it comes up like this:
wlan0 IEEE 802.11g ESSID:”off/any” Nickname:”linux”
Mode:Managed Frequency:2.462 GHz Access Point: 00:00:00:00:00:00
Bit Rate=54 Mb/s Tx-Power:20 dBm Sensitivity=0/3
RTS thr=2346 B Fragment thr=2400 B
Encryption key:off
Power Management:off
Link Quality:100/100 Signal level:-52 dBm Noise level:-256 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
13. Then type iwlist wlan0 scan.
If you can see your access point, type:
iwconfig wlan0 ESSID xxxx , where xxxx is the Service Set IDentifier (SSID) of your router
14. At this point, YaST will pop up, asking if you would like to register the new Network Device. Click yes.
15. At the YaST2 window, click add.
16. Set the following values:
Device Type=Wireless
Hardware Configuration Name=wlan0
Module Name=ndiswrapper
Then check USB.
Press next.
Set these values:
ESSID=(Your SSID Name)
Authentication=(your encryption type-choose shared key for wep/Open for none)
Key Input Type=Passphrase if WPA Key was generated by a keyword.
Encryption Key=Your passphrase.
If using WEP, go to 17. Else, Click finish and go to 18.
If using no encrytion, say yes to the next box, then click next.
17. Click Wep Keys if you are using WEP.
Click Passphrase if your key was generated by a keyword.
Type the Keyword in the box, click ok on both the WEP Dialogue and the Main YaST window.
Click next.
Click next again.
18. Wait while YaST writes your networking configuration.