Encrypting Web Servers using SSL

In SSL/TLS, a CA Certificate (Certificate Authority Certificate) is a digital certificate issued by a trusted authority (CA) that verifies the identity of websites or services. The CA Chain (or certificate chain) is a sequence of certificates that begins with the server's certificate, followed by one or more intermediate certificates, and ends with the root CA certificate. This chain establishes a path of trust from the CA to the server's certificate. The Key (specifically, the private key) is a cryptographic key that remains confidential on the server and is used to encrypt and decrypt data as well as to sign the certificate request, ensuring secure communication.

---

LAB : Encrypting Apache2 Web server using SSL

Installing Apache2 Web server

# sudo apt update
# sudo apt install apache2
# sudo apt enable apache2

~ General Apache2 Service Commands
# sudo systemctl (restart , stop , restart , disable) apache2

Apach2 Default config page

By default the apach2 web server is running on HTTP we need to configure ssl for running it on HTTPS

Configuring SSL

• Step - 1 : Generating the Private Key (.key)

# openssl genrsa -out ghoulsec.key 2048
~ Where 2048 is the key size & rsa is the key algorithm 

• Step - 2 : Generating the Key Signing Request (.csr)

# openssl req -new -key ghoulsec.key -out ghoulsec.csr

~ The following information will be asked
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Gujarat
Locality Name (eg, city) []:Ahmedabad
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Ghoulsec
Organizational Unit Name (eg, section) []:Ghoulsec
Common Name (e.g. server FQDN or YOUR name) []:Ghoulsecurity
Email Address []:ghoulsec@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Admin@123
An optional company name []:

• Step - 3 : Generating the Self Signed Certificate (.crt)

# openssl x509 -req -days 365 -in ghoulsec.csr -signkey ghoulsec.key -out ghoulsec.crt

• Step - 4 : Genarat`ing CA-Chain (.bundle)

# cat ghoulsec_intermediate.crt ghoulsec.crt > ghoulsec.ca-chain.bundle

• Step - 5 : Installing SSL on Apache2

# sudo a2enmod ssl
# sudo a2ensite default-ssl.conf

Now we will edit the default configuration file to point out our self signed certificates

# cp /home/ghoul/ghoulsec.key /etc/ssl/private/
# cp /home/ghoul/ghoulsec.crt /etc/ssl/certs/
# sudo nano /etc/apache2/default-ssl.conf
# sudo systemctl restart apache2

Edits done on the apche2 config files

Website is Redirected to the HTTPS protocol & SSL is successfully configured.