932
edits
Changes
m
Adding https support
Now that the webmail application is using an encrypted connection when communicating with the email servers, it is time to encrypt the client's connection to the web server.
# First you need to generate a new certificate for apache on your vm1 machine by issuing the following commands::* TODO: complete this section<source lang="bash">mkdir /etc/ssl/{private,certs}openssl genrsa -des3 -out vm1.andrewsmith.ops.key 2048chmod 600 vm1.andrewsmith.ops.keyopenssl req -new -key vm1.andrewsmith.ops.key -out vm1.andrewsmith.ops.csropenssl x509 -req -days 365 -in vm1.andrewsmith.ops.csr -signkey vm1.andrewsmith.ops.key -out vm1.andrewsmith.ops.crtopenssl rsa -in vm1.andrewsmith.ops.key -out vm1.andrewsmith.ops.key.nopassmv vm1.andrewsmith.ops.key.nopass vm1.andrewsmith.ops.keyopenssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650chmod 600 vm1.andrewsmith.ops.key cakey.pemcp vm1.andrewsmith.ops.key cakey.pem /etc/ssl/privatecp vm1.andrewsmith.ops.crt cacert.pem /etc/ssl/certs</source>
::'''NOTE:''' This process is identical to what you've done for the other two certificates.
#Install the mod_ssl package to allow apache to use ssl.
#Add the following parameters to the apache configuration file:
<source lang="bash">
SSLEngine on
SSLCertificateFile "<absolute path to the .crt file>"
SSLCertificateKeyFile "<abolute path to the .key file>"
</source>
#restart apache and modify your firewall to allow traffic to port 443.
#Open a web-browser on your host and try to connect to https://vm1.<yourdomain>.ops/webmail
::You should get a security exception similar to the one's you saw with the email, and for the same reason (the site you are trying to contact has a self-signed certificate). Add the exception and login to access your email.
{{Admon/important |Backup your VMs!|You MUST perform a '''full backup''' of ALL of your VMs whenever you complete your '''OPS335 labs''' or when working on your '''OPS335 assignments'''. You should be using the dump command, and you should use the Bash shell script that you were adviced to create in order to backup all of your VMs.}}
