User:Alvonruff/HTTPS Notes
Jump to navigation
Jump to search
Apache
- dnf install mod_ssl
- systemctl restart httpd
- httpd -M
- cd /etc/httpd/conf.d
- Create file isfdb2.org.conf
- Add the following contents:
<VirtualHost *:80>
ServerName stage.isfdb2.org
DocumentRoot /var/www/html
ServerAlias isfdb2.org
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
</VirtualHost>
- service httpd restart
Certificate Support Software
- dnf install epel-release
- dnf install snapd
- dnf install certbot
- dnf install python3-certbot-apache
Certificates
- certbot --apache
- Select isfdb2.org
- systemctl restart httpd
The New Password Algorithm
wikiPass = record[0][1]
# Extract the various fields stored in the user_password field
fields = string.split(str(wikiPass), ":")
encryption = fields[1]
hashAlgo = fields[2]
cost = int(fields[3])
keylen = int(fields[4])
# Decode the salt and key fields
base64_salt = fields[5]
base64_key = fields[6]
salt = base64.b64decode(base64_salt)
dbaseKey = base64.b64decode(base64_key)
submittedKey = pbkdf2_hmac(hashAlgo, password.encode('utf-8'), salt, cost)
if binascii.hexlify(submittedKey) != binascii.hexlify(dbaseKey):
doError('Bad password')
Issues to Resolve
- The front page is still labeled insecure, while all other pages seem ok.
- This cleared up, but unsure why.
- Can not log into the wiki, nor the isfdb
- Clearing out the cookies fixed the wiki issue.
- Mediawiki is using pbkdf2, while isfdb is using md5, so the next step is obvious...
- Prepending www doesn't seem to work:
- If we traverse from an external site (or the web browser) to a www.isfdb2.org URL, it works (as it should)
- If we configure the isfdb variables to www.isfdb2.org, it does not work
- As such, this is likely not an issue.