jump to navigation

Setting up SSL on Apache October 28, 2010

Posted by maxmil in : Apache,Java,Security , add a comment

Just had to set up SSL on Apache which uses mod proxy to forward requests to Tomcat.

So that i don’t forget here are the steps and commands that i had to execute.

Create self signed certificate

1) Create private key

openssl genrsa -des3 -out server.key 1024

2) Create csr

openssl req -new -key server.key -out server.csr

NOTE: CN should correspond to domain (may use *)

3) Remove passphrase from private key

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

4) Generate self signed certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5) Copy key and certificate

cp server.crt /etc/ssl/certs/
cp server.key /etc/ssl/private/

Configure Apache

1) Make sure mod_ssl is loaded

a2enmod ssl

2) Modify path to key in default virtual host /etc/apache2/sites-available/default-ssl

SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

Configure Java

1) Connect to apache en browser via https to get certificate. Confirm security exception.

Note that if you already have an exception confirmed you can delete (in firefox Edit > Preferences > Advanced > View Certificates > Servers)

2) Export certificate (in firefox Edit > Preferences > Advanced > View Certificates > Authorities).

3) Navegate to JVM: /usr/lib/jvm/java-sun-x/jre/lib/security

4) Import:

keytool -import -alias servername -keystore cacerts -file /exported/server.pem

NOTE: The default password for the jdk keystore is “changeit”

Adding new pgp keys to apt September 22, 2008

Posted by maxmil in : Debian,Security , add a comment

I’ve had to search for this too many times its about time that i jot it down here.

After adding a new repository to my /etc/apt/sources.list i often get an error something like

W: GPG error: http://some.address Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY XXXXXXXXXX

The solution is a two liner


gpg --keyserver hkp://subkeys.pgp.net --recv-keys XXXXXXXXXX
gpg --export --armor XXXXXXXXXX | sudo apt-key add -

Where XXXXXXXXXX is the key in the original error message.

Setting up sudoers on SUSE August 20, 2008

Posted by maxmil in : Security,SUSE , add a comment

Just been given a SUSE box to set up. The default configuration of sudo is different to what i’m used to. By default sudo will ask for the password of the targetted user (that is root in most cases) not the users own password.

To change this back to asking for the users own password just comment the line (and possibly the line following it:
Defaults targetpw

Subverting Ajax January 13, 2007

Posted by maxmil in : Ajax,javascript,Security , add a comment

Security risks related to Ajax and ways to execute javascript using XSS.

http://www.wisec.it/vulns.php?page=9

http://www.wisec.it/rdr.php?fn=Projects/1158-Subverting_Ajax.pdf