[go: up one dir, main page]
Scribd
Upload
71 views5 pages

SWL 1.2 2848bhbh

The document discusses certificate authorities (CAs) that issue digital certificates for secure messaging and SSL certificates. It also provides steps for installing an SSL certificate on Windows server and Linux servers both with and without Plesk.

Uploaded by

19bcs2856
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
71 views5 pages

SWL 1.2 2848bhbh

The document discusses certificate authorities (CAs) that issue digital certificates for secure messaging and SSL certificates. It also provides steps for installing an SSL certificate on Windows server and Linux servers both with and without Plesk.

Uploaded by

19bcs2856
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Course Name: Securing Windows with linux Lab Course Code: CSP-457

Experiment:2

Aim: Knowledge about the CA server Using Certificates and SSL in windows.

Software Required: Windows operating system, Windows server, Ethereal for analysing
captures session.

Description: In this experiment we will learn about CA and SSL certificates.

Steps:
Certification Authorities:
A certificate authority (CA) is a trusted third-party organization or company that issues
digital certificates used to create digital signatures and encryption keys. The role of the CA
in this process is to guarantee the identity of the party granted the certificate. Usually, this
means that the CA has an arrangement with a financial institution that provides information
to validate the grantee's identity.
To install digital certificates for secure messaging, you must select a CA from whom to
obtain the certificates. There are many CAs to choose from, and most of them do business on
the World Wide Web. Some of the best known are:
·Verisign, Inc.
·Entrust Technologies.
·Baltimore Technologies.
·Thawte.
There are also numerous lesser known CAs, which might be appropriate if they are well
known in a particular geographical region or industry. One of the systems participating in a

Name: Shubham Bharti UID: 19BCS2848


Course Name: Securing Windows with linux Lab Course Code: CSP-457
secure integration might even serve as CA for the other participants. Each CA provides a
unique set of security services and has its own way of handling digital certificates.
Before you implement secure messaging with PeopleSoft Integration Broker, investigate the
available CAs, select one or more from whom you will obtain digital certificates, and
familiarize yourself with their policies and procedures.
Certificate Authorities, or Certificate Authorities / CAs, issue Digital Certificates. Digital
Certificates are verifiable small data files that contain identity credentials to help websites,
people, and devices represent their authentic online identity (authentic because the CA has
verified the identity). CAs play a critical role in how the Internet operates and how
transparent, trusted transactions can take place online. CAs issue millions of Digital
Certificates each year, and these certificates are used to protect information, encrypt billions
of transactions, and enable secure communication.
An SSL Certificate is a popular type of Digital Certificate that binds the ownership details of
a web server (and website) to cryptographic keys. These keys are used in the SSL/TLS
protocol to activate a secure session between a browser and the web server hosting the SSL
Certificate. In order for a browser to trust an SSL Certificate, and establish an SSL/TLS
session without security warnings, the SSL Certificate must contain the domain name of
website using it, be issued by a trusted CA, and not have expired.

What goes into running a CA?


As a trust anchor for the Internet, CAs have significant responsibility. As such running a CA
within the auditable requirements is a complex task. A CA’s infrastructure consists of
considerable operational elements, hardware, software, policy frameworks and practice
statements, auditing, security infrastructure and personnel. Collectively the elements are
referred to as a trusted PKI (Public Key Infrastructure).
Certificates come in many different formats to support not just SSL, but also authenticate
people and devices, and add legitimacy to code and documents. Visit the Global Sign
Products section for more.

Name: Shubham Bharti UID: 19BCS2848


Course Name: Securing Windows with linux Lab Course Code: CSP-457
The Problem with SSL Certificates
Years ago, certificate authorities used to verify a website’s identity before issuing a
certificate. The certificate authority would check that the business requesting the certificate
was registered, call the phone number, and verify that the business was a legitimate operation
that matched the website.
Eventually, certificate authorities began offering “domain-only” certificates. These were
cheaper, as it was less work for the certificate authority to quickly check that the requester
owned a specific domain (website).
Phishers eventually began taking advantage of this. A phisher could register the domain
paypall.com and purchase a domain-only certificate. When a user connected to paypall.com,
the user’s browser would display the standard lock icon, providing a false sense of security.
Browsers didn’t display the difference between a domain-only certificate and a certificate
that involved more extensive verification of the website’s identity.
Public trust in certificate authorities to verify websites has fallen – this is just one example of
certificate authorities failing to do their due diligence. In 2011, the Electronic Frontier.
How to install an SSL certificate on a Linux Server USING Plesk.
It is a web hosting platform that has a very simple configuration. This simple configuration
helps all web hosting providers to manage a lot of virtual hosts easily and on a single server.
Ever since its conception, Plesk has been coming up as a preferred choice for all the web
hosting companies
1. First Log into the control panel of Plesk.
2. Then, Select Domain;
3. The third step implies choosing the domain to be updated.
4. In the next step click on the ‘Add New Certificate’ icon.
5. Save the certificate name in the ‘Certificate Name’ box.
One would have the certificate and key files saved on the local computer. These certificate
and key files are provided by the certificate authority and are important for the installation.

Name: Shubham Bharti UID: 19BCS2848


Course Name: Securing Windows with linux Lab Course Code: CSP-457
6. The next step is to find these files. Open these in a Notepad or in other similar text formats
from where one can copy the text.
7. Copy the entire text of the files.
8. Paste them in the correct boxes. Reading through the content and the box name in Plesk
will give one an idea where to paste it.
9. Next, click on the ‘Send Text’ button.
10. Go to the ‘Hosting Section’. It is on the domain screen.
11. Click ‘Set-up’ from this section. A drop down list will follow.
12. The next step is to click on the ‘new certificate’ from the drop down list.
13. Click ‘Ok’ to finish.

How to install SSL Certificate on Linux servers that do not have Plesk.
1. The first and foremost step is to upload the certificate and important key files. One can
upload the files to the server using – S/FTP.
2. Login to Server. It is important to log in via SSH. Logging in via SSH will help the user to
become the root user.
3. Give Root Password.
4. One can see /etc/httpd/conf/ssl.crt in the following step. Move the certificate file here
5. Next move key file also to /etc/httpd/conf/ssl.crt
It is important to ensure the security of the files that has been moved. One can keep the files
secure by restricting permission. Using ‘chmod 0400’ will help users to securely restrict
permission to the key.
6. Next Go to etc/httpd/conf.d/ssl.conf. Here the user will find Virtual Host Configuration set
up for the domain.
7. Edit Virtual Host Configuration.
8. Restart Apache.

Name: Shubham Bharti UID: 19BCS2848


Course Name: Securing Windows with linux Lab Course Code: CSP-457

Conclusion:
From the above information we have learned about CA’s and SSL certificates and, how we
can install SSL certificates on the windows server.

Name: Shubham Bharti UID: 19BCS2848

You might also like