Escolar Documentos
Profissional Documentos
Cultura Documentos
an
Tutorial Windows
CONTENTS
OVERVIEW .......................................................................................................................................1 SCENARIO ........................................................................................................................................2
INSTALL APACHE SERVER FOR WINDOWS (WEB SERVER) ................................................................ 3 INSTALL SIMPLE AUTHORITY PROGRAM. ...................................................................................... 8 GENERATE THE CERTIFICATES ................................................................................................... 11 INSTALL WEBSITE CERTIFICATE .................................................................................................. 21 CONFIGURE WEBSITE TO REQUIRE SSL AND CLIENT CERTIFICATE .................................................... 23 TRUST THE CERTIFICATE ROOT.................................................................................................. 25 WEB AUTHENTICATION USING THE INSTALLED CERTIFICATE IN THE TOKEN ...................................... 27
ABOUT SOFTLOCK ..........................................................................................................................32
Tutorial Windows
OVERVIEW
This document provides an installation guide step by step providing the user with the needed information about securing Apache server website by preventing any access except for clients only have trusted certificate . And how to use the simple authority program in generating certificates for both the Clients and the server Machine.
Tutorial Windows
SCENARIO
Tutorial Windows
4- After the installation progress bar complete a new window will appear to create shortcut for the Xampp accept the default value and press enter
Tutorial Windows
6- To enable Xampp to work without drive letter accept the default n and press enter
7- Now the program will install Apache, SSL , MYSQL and some added features. Press the return key to continue.
Tutorial Windows
8- Now the program will configure the apache configuration file php.ini with the default values press return to continue.
10- Now we have our new apache server installed correctly. To run the server open the start menu-> all programs and select the Xampp control panel from the Xampp for windows program.
Tutorial Windows
11- In the opened panel click start button to run the apache server.
Tutorial Windows
13- To be sure that everything is ok open your internet explorer and enter the following link http://localhost or http://machine_name where machine name is the server computer name or IP address .
Tutorial Windows
2.
Click on the run button -> the next step will ask you for the installation folder keep it as default as we will change it later in the coming steps.
Tutorial Windows
3.
Click the Install to complete the setup and after the successful installation message appear let the Run Simple Authority box checked so that the application run automatically after click on the finish button.
4. 5. 6. 7.
Now the simple authority will run automaticaly got to Tools => options to change the instalation folder. In the new dispalyed frame browse the General tab and change the Data directory path to a new installation path in my case Ill make it D:\SA setup . Note : I have craete the CA setup : folde inside the D drive to hold all the output data and certficates whixh we will ganerate later . Message box will inform you that you will loss all the orevoius craeted data click ok.
Tutorial Windows
8.
In the Identity files tab change the output folder to the same path selected above Dont forget to close the programe after changing the instalation path so that the changes can be saved.
10
Tutorial Windows
2.
Enter the Certificate authority required informations then clock the OK button .
11
Tutorial Windows
3.
During the creation of the new root a progress par will run. Move the mouse inside the progress frame or press any random keys on the keyboard to complete the process. The program is just collect random data for keys generation. After completion a successful message will be appeared.
12
Tutorial Windows
4.
The new CA is now created with a random information click on the edited user button to edited the CA informations. Select the certificate type as Certification authority.
5.
Right clock on the CA name on the users window and select New Certificate. The program will ask you about the CA password you have entered in the previous steps .and ask you to enter a new password for the generated Certificate so that no one can use this certificate without this password. And a message box will inform you that the generation completed and the give its path.
13
Tutorial Windows
6.
You will find 2 generated files (.p12 and .cer) double click on the .p12 file to convert the certificate to .pfx file so that we can use it later to install the CA certificate in both the client and server machine.
14
Tutorial Windows
7.
In the certificate import wizard click next. You will be asked to enter the certificate password enter it and select mark this key as exportable then click next.
8.
In the next step keep the default option automatically select the certificate store and click next then finish. a message box will inform you that the certificate is imported successfully
15
Tutorial Windows
9.
To get the root certificate as a .pfx file open your internet explorer select Tools from the menu bar then select Internet options . And open the Content tab.
10. In the Certificates frame click the Certificates button a new window will appear containing the system installed certificates.
16
Tutorial Windows
11. Select the Personal tab and click the mouse in the CA certificate in our case it is named Softlock CA and then click the Export button. 12. The certificate export wizard will appear click next in the welcome window then select yes export the private key. And click next in the next step keep the defaults for the export file format and click next.
17
Tutorial Windows
13. The wizard will ask you to enter the new password for the certificates this password will be entered later by anyone want to use this certificate. Enter it twice then click next. 14. Then the wizard will ask you to browse for the location where you want the certificate to be stored select the path and give a name to the file for example Softlock CA and click next then finish.
18
Tutorial Windows
16. Now the SoftlockCA.pfx file is stored in the path was given above we will use it in the coming steps. 17. Back to our simple authority program to generate the Server (Website) certificate and click the New user button and enter the website information .the certificate type must be SSL server and the user name must be as the server machine name in our case it is Test. then Click the edit user button to save the user information.
18. Click the New Certificate button and generate the Server certificate using the actions from step 5 to 16. 19. After the generating and saving the server certificate as a .pfx file create a new user and name it client and repeat the steps from 5 to 16 to generate the client certificate. Note that the certificate type for the client must be General purpose.
19
Tutorial Windows
20
Tutorial Windows
3- A new dialog will appear to ask you for the location where to store the server.crt file.
21
Tutorial Windows
4- Now we have the server.crt file open with any text editor it will appear like this.
5- The file contain both the private key and the public certificate but each of them sperated in a special section. 6- To get the private key copy and paste the section started by -----BEGIN RSA PRIVATE KEY----- and ended by -----END RSA PRIVATE KEY----7- Paste this section in a new text file and name it server.ky 8- Copy and paste the section started by -----BEGIN CERTIFICATE----- and ended by -----END CERTIFICATE----- and paste it in a new text file and name it server.crt. 9- Now we have the server public certificate server.crt and the server private key server. key files. 10- To configure to website server public certificate go to the following path C:\xampp\apache\conf\ssl.crt .You will find the server default certificate replace it with our new server.crt file 11- To configure the server private key go to the following location C:\xampp\apache\conf\ssl.key.You will find the server. Key file replace it with our new server. Key file.
22
Tutorial Windows
23
Tutorial Windows
4- To configure the web server to request the client certificate open the HTTP-SSL.CONF file you will find it at C:\xampp\apache\conf\extra. Open the file with the text editor and remove the comment symbol (#) from the SSLVerifyClient require and SSLVerifyDepth 10 directives. To make it as follow:# Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. SSLVerifyClient require SSLVerifyDepth 10
24
Tutorial Windows
4- Copy the new server-ca.crt file and place it at C:\xampp\apache\conf\ssl.crt 5- Copy the same file and place it at the same location C:\xampp\apache\conf\ssl.crt but this time with the name ca-bundle.crt. 6- open the httpd-ssl.cong file again and remove the comment symbol (#)from the following directives :SSLCertificateChainFile "conf/ssl.crt/server-ca.crt" SSLCACertificateFile "conf/ssl.crt/ca-bundle.crt"
25
Tutorial Windows
26
Tutorial Windows
4. 5.
Accept the defaults in the certificate store window and click next then finish. You will be asked for the place to store the certificate select Softlock certificate store then click ok
27
Tutorial Windows
6.
The token will ask you to enter the User PIN to insure that only the token owner can store certificates on it . Enter the pin then click ok.
7.
A message box will appear to inform you that the Clint certificate stored in the token successfully
8. 9.
Before going to test we have to install the root public certificate at the client machine At the client machine right click on the Root.CER file and select install certificate and complete with the wizard by click next and yes to trust the new Root 10. Now be sure that the token is connected to the client PC, Open Internet Explorer and enter the server access link or its IP into the Address bar. And make sure that you use the SSl in the URL in our case it will be https://test. A Client Authentication dialog box appears and shows a Users certificate in the list. Click the View Certificate button.
28
Tutorial Windows
11. In the Certificate dialog box choose your certificate and Click OK.
29
Tutorial Windows
12. You will be asked to enter the password of your token with an on screen keyboard to provide more security.
30
Tutorial Windows
31
Tutorial Windows
ABOUT SOFTLOCK
Softlock is the worlds leading progressive, innovative, expanding national and international company in the field of digital security. Our aim is to gain customer satisfaction, on time and every time. We are established since 1997 to create quality security and to keep the value for whats important in your life. Our high quality service and excellent benefits and the ability of being reliable and responsible put us as a leader on the top of digital security companies. Softlock provides unique products and solutions, which cover many security areas fulfilling customers need in different market sectors. We provide a set of products and solutions covering the following areas: software protection, data encryption, security hardware, digital signature, secure identification and authentication, secure online distribution of digital Contents. Softlock supports different market sectors like; governmental institutes, organizations, banks, software development companies, multimedia software and game producers, media and eBooks publishers and individual users. Softlock value comes from the continuous research, the integrated products, the realistic implementations, and the successful support since 1997. Softlock is recognized in the local market as the only owner and provider of digital security services. Softlock is uniquely identified in the global market by the integrated products and the research based development.
32