`
kenny319
  • 浏览: 8074 次
  • 性别: Icon_minigender_1
  • 来自: 上海
最近访客 更多访客>>
社区版块
存档分类
最新评论

Securing Http with SSL/TLS

    博客分类:
  • JAVA
阅读更多
Secure Sockets Layer (SSL) and Transport Layer Security (TLS, also known as SSL v3.1)  are the most popular protocols used in many web sites to secure web transactions.  It uses a different URL schema https other than http, and the port by default of https is 843 other than 80 of http by default.

Apache is the most widely used http server.  It will be chosen as http server of our GUI. Apache server has lots of extension modules could be used depends on your product’s requirement.  There is a SSL module, relies on openssl, could be used to secure http.

In order to use apache server we need to download the source code from its web site, and compile the source code to generate a binary version. There are some tools must be preinstalled in the build server before compiling apache server with SSL module:
• gcc
• openssl-devel
• apr/apr-util

apr/apr-util is optional because the apache source code package has included its source code. You can install it manually if you don’t have it in place. If you have a apr/apr-util with version less than 1.2, please upgrade them to 1.2 before compiling apache , and use the --with-apr/--with-apr-util option to specify the new installed apr/apr-util.

Install apr/apr-util manually:

# Build and install apr 1.2
cd srclib/apr
./configure --prefix=/usr/local/apr-httpd/
make
make install

# Build and install apr-util 1.2
cd ../apr-util
./configure --prefix=/usr/local/apr-util-httpd/ --with-apr=/usr/local/apr-httpd/
make
make install


After all of the tools have been installed, now start compiling apache server:

#Build and install apache, here you can specify other options to #enable or disable a module
./configure --enable-mods-shared=most --enable-ssl=shared \
--enable-proxy=shared --enable-proxy-http=shared \
--enable-rewrite=shared --with-apr=/usr/local/apr-httpd/ \
--with-apr-util=/usr/local/apr-util-httpd/ 
make
make install



If succeeding to build and install apache you will get a binary apache server under the default folder /usr/local/.

Then we need to enable https through the following steps:
• generate the private key and certificate against openssl tool
• modify httpd.conf and httpd-ssl.conf to specify the location of the private key and certificate.

Usually there are three methods to generate a certificate:
• A self-signed certificate: the easiest way to use and deploy
• Trusted CA signed certificate: the recommended way, but it usually needs an extra expensivie cost.
• Local CA signed certificate: used in intranet usually

We will use the self-signed certificate for in our GUI for easy deployment. That could be integrated into our installation package easily.

#generate a RSA private key with 1024 bit

openssl genrsa -out /usr/local/apache2/conf/server.key 1024

#generate a certificate signing request (csr)
openssl  req -new -key server.key -out server.csr

#generate a self-signed certificate
openssl req -x509 -days 365 -key server.key -in server.csr -out server.crt


Then we should modify /usr/local/apache2/conf/httd.conf. We only need to do the following modifications:

#uncomment the following item

Include conf/extra/httpd-ssl.conf

#turn on rewrite engine to rewrite http to https in case of wrong #address by mistake.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}



Also need to modify httpd-ssl.conf:

#uncomment the following items
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"


Now you can start apache server to check if the https works well by visiting the following address: https://{IP_ADDRESS}
分享到:
评论

相关推荐

    Bulletproof SSL and TLS,PDF , Ivan Ristic

    Bulletproof SSL and TLS by Ivan Ristić Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...

    Securing your Online Data Transfer with SSL

    新的协议如TLS(Transport Layer Security,传输层安全)已经取代了早期版本的SSL。TLS提供了更强大的加密算法和更灵活的安全配置选项,以应对日益复杂的网络安全威胁。 总之,SSL是保护在线数据传输不可或缺的一...

    java安全手册指南

    #### 九、SSL/TLS:确保客户端/服务器通信安全(SSL/TLS: Securing C/S communication) ##### SSL/TLS协议概述 - **SSL/TLS**:用于在客户端和服务器之间建立加密连接的协议。 - **握手协议**:建立安全连接前,...

    Network security with OpenSSL

    OpenSSL is a popular and effective open source version of SSL/TLS, the most widely used protocol for secure network communications. The only guide available on the subject, Network Security with ...

    Oreilly_Apache_Security_Mar_2005_eBook-LiB.zip_All They Need

    This all-purpose guide for locking down Apache arms readers with all the ... Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more.

    securing-portlets-with-spring-security

    - A: Spring Security 提供了多种方式来处理不同协议下的安全通信需求,包括使用 SSL/TLS 等加密协议来保障数据传输的安全性。 通过上述讨论,我们可以看到 Spring Security 为保护 Portlet 提供了一套完整的解决...

    tv-w02-securing-the-iot-connected-car-with-digital-identity.zip

    标题“tv-w02-securing-the-iot-connected-car-with-digital-identity”指向的主题是关于如何使用数字身份来保障物联网(IoT)连接汽车的安全。这个话题涉及到多个IT领域的关键知识点,包括物联网安全、车联网技术、...

    Lighttpd By Andre Bogus

    This includes configuring firewalls, securing SSL/TLS connections, implementing authentication mechanisms, and protecting against common web attacks such as SQL injection and cross-site scripting ...

    Cryptography and Network Security - Stallings - 5e

    - **Secure Protocols:** Discusses secure communication protocols such as SSL/TLS, SSH, and IPSec, which provide confidentiality, integrity, and authentication. - **Network Attacks:** Analyzes common ...

    Android Application Security Essentials

    SSL/TLS 132 Installing an application on an external storage 133 Summary 136 Chapter 8: Android in the Enterprise 137 The basics 138 Understanding the Android ecosystem 138 Device administration ...

    Streams apple

    - **Securing and Configuring the Connection**: Security measures, such as SSL/TLS, can be implemented to secure the connection. Listing 1 demonstrates the setup of a network socket stream. - **...

    apache security 安全

    SSL and TLS Section 4.1. Cryptography Section 4.2. SSL Section 4.3. OpenSSL Section 4.4. Apache and SSL Section 4.5. Setting Up a Certificate Authority Section 4.6. Performance ...

    [Mastering.Node.js(2013.11) 精通Node.js

    HTTPS, TLS(SSL), and securing your server 72 Creating a self-signed certificate for development 72 Installing a real SSL certificate 73 The request object 73 The URL module 74 The Querystring module ...

    Professional Microsoft Search SharePoint 2007 and Search Server

    2. **加密技术:** 介绍了几种常用的加密手段,如SSL/TLS协议,以确保数据传输的安全性。 3. **审计跟踪:** 讲解了如何通过审计日志来监控用户的搜索行为,及时发现潜在的安全威胁。 ### 九、自定义搜索体验 **...

Global site tag (gtag.js) - Google Analytics