You are hereSSL

SSL

ModSecurity Console signed ssl certificate

HOWTO have the ModSecurity Console work with signed certificates:

Import the CA’s / certificate chain

Place the public key of the Certificate Authority in a file (one file per item in the chain), and import the files with the following command:

[servername]$ keytool -v -import -trustcacerts -keystore keystore \
   -file ../cacert1.txt -alias "ca1"
[servername]$ keytool -v -import -trustcacerts -keystore keystore \
   -file ../cacert2.txt -alias "ca2"

When promted for a password enter : password

Create the private key:

First we generate the private key. 
[servername]$  keytool -genkeypair -alias "mykey" -keystore keystore \
   -validity 1825 -keyalg RSA -keysize 2048
Enter keystore password: password  (not shown while typing)
Re-enter new password: password  (not shown while typing)
What is your first and last name?
  [Unknown]:  modseccon.home.vandeplas.com
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:  Home
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:  BE
Is CN=modseccon.home.vandeplas.com, OU=Unknown, O=Home, L=Unknown, ST=Unknown, C=BE correct?
  [no]:  yes
 
Enter key password for <mykey>
     (RETURN if same as keystore password):

Generate a CSR:

The CSR is the Certificate Signing Request that will be send to the Certificate Authority. This authority will need to confirm you are the owner of the domain name specified.

[servername]$ keytool -certreq -v --keystore keystore -alias "mykey"
Enter keystore password: password  (not shown while typing)

Copy paste the CSR (include the ---BEGIN--- and ---END---) in a file and then make sure it's signed by the Certificate Authority. Then wait for the signed certificate.

Import Signed Certificate in keytool:

Copy paste the signed certificate (include the ---BEGIN--- and ---END---) in a file like signedcert.txt.
Then import the thing into the keystore using the following command:

[servername]$ keytool -v -import -trustcacerts -keystore keystore \
   -file ../signedcert.txt -alias "mykey"

(if you get an error about certificate chain, then you didn’t import the CAcertificates correctly

Copy the keystore to the right location:

Make sure ModSecurity Console is not running. 
[servername]$ cp keystore ./templates/com.thinkingstone.console.ConsoleComponent/ssl/keystore
[servername]$ cp keystore ./var/data/main/console/ssl/keystore

Start up ModSecurity Console and enjoy your https website!

Relevant Content: 
One week before HAR
Watchguard Fireware SSL-VPN Vulnerability
Hacking for Beer - BruCON 12 days left for early bird tickets
Sharing safely your internet connection with dd-wrt and multiple SSIDs.
Installing BackTrack 4 beta on a USB disk

I Love Belgium... and you?

About Me
GnuPG Public Key Still More LinkedIn profile
Photos
Projects
WeIDS 2.0 Linux Lessons WiFi Auth Project
Documentation
Acer Aspire 2012 WLMi Acer TM 4002 WLMi IR-receiver (Win)(NL)
Links
Ubuntu Belgium Planet Grep
FOSDEM BruCON Profoss hacker emblem www.cacert.org Get OpenOffice Get Firefox Get Thunderbird
What is OpenID?