Difference between revisions of "User:Alvonruff/HTTPS Notes"
Jump to navigation
Jump to search
Line 71: | Line 71: | ||
* https://www.openssl.org/ | * https://www.openssl.org/ | ||
+ | * https://www.feistyduck.com/library/openssl-cookbook/online/ | ||
* https://www.itu.int/rec/T-REC-X.509/en | * https://www.itu.int/rec/T-REC-X.509/en | ||
* https://httpd.apache.org/docs/2.4/mod/mod_ssl.html | * https://httpd.apache.org/docs/2.4/mod/mod_ssl.html |
Revision as of 11:13, 16 September 2022
Apache
- dnf install mod_ssl
- systemctl restart httpd
- httpd -M
- cd /etc/httpd/conf.d
- Create file isfdb2.org.conf
- Add the following contents:
<VirtualHost *:80> ServerName stage.isfdb2.org DocumentRoot /var/www/html ServerAlias isfdb2.org ErrorLog /var/www/error.log CustomLog /var/www/requests.log combined Redirect permanent / https://isfdb2.org/ </VirtualHost>
- systemctl restart httpd
Certificate Support Software
- dnf install epel-release
- dnf install snapd
- dnf install certbot
- dnf install python3-certbot-apache
Certificates
- certbot --apache
- Select isfdb2.org
- systemctl restart httpd
Settings
- Change PROTOCOL in localdefs.py to "https"
- Change $wgServer in /var/www/html/wiki/LocalSettings.php to use https
- Go to the wiki and type MediaWiki:Sidebar in the search window. Edit that page and change http to https
The New Password Algorithm
This code replaces the current version in submitlogin.py:
wikiPass = record[0][1] # Extract the various fields stored in the user_password field fields = string.split(str(wikiPass), ":") encryption = fields[1] hashAlgo = fields[2] cost = int(fields[3]) keylen = int(fields[4]) # Decode the salt and key fields base64_salt = fields[5] base64_key = fields[6] salt = base64.b64decode(base64_salt) dbaseKey = base64.b64decode(base64_key) submittedKey = pbkdf2_hmac(hashAlgo, password.encode('utf-8'), salt, cost) if binascii.hexlify(submittedKey) != binascii.hexlify(dbaseKey): doError('Bad password')
Certificate Renewals
The current status of the certificates can be seen with: certbot certificates
A renewal can be performed with: /usr/bin/certbot renew --cert-name isfdb2.org
Issues to Resolve
None now.
Areas of Deeper Study
- https://www.openssl.org/
- https://www.feistyduck.com/library/openssl-cookbook/online/
- https://www.itu.int/rec/T-REC-X.509/en
- https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
- https://httpd.apache.org/docs/2.4/ssl/
- https://httpd.apache.org/docs/2.4/vhosts/
- https://eff-certbot.readthedocs.io/en/stable/
- https://github.com/certbot/certbot