Scribd
Upload
647 views9 pages

Lab2: Public Key Infrastructure: Task1: Becoming A Certificate Authority (CA)

This document summarizes a lab on public key infrastructure (PKI). It discusses how PKI addresses the problem of verifying public key ownership to prevent man-in-the-middle attacks for public key cryptography. The lab covers topics on public key encryption, PKI, certificate authorities (CAs), digital certificates, and configuring HTTPS on Apache web server using a self-signed certificate. It provides tasks to generate a self-signed CA certificate, create a certificate for localhost signed by the CA, and deploy the certificate on an Apache server to enable HTTPS.

Uploaded by

Jehanzeb Kayani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
647 views9 pages

Lab2: Public Key Infrastructure: Task1: Becoming A Certificate Authority (CA)

This document summarizes a lab on public key infrastructure (PKI). It discusses how PKI addresses the problem of verifying public key ownership to prevent man-in-the-middle attacks for public key cryptography. The lab covers topics on public key encryption, PKI, certificate authorities (CAs), digital certificates, and configuring HTTPS on Apache web server using a self-signed certificate. It provides tasks to generate a self-signed CA certificate, create a certificate for localhost signed by the CA, and deploy the certificate on an Apache server to enable HTTPS.

Uploaded by

Jehanzeb Kayani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Lab2: Public key infrastructure

Public key cryptography is the foundation of today’s secure communication, but it is subject to man-in-the
middle attacks when one side of communication sends its public key to the other side. The fundamental
problem is that there is no easy way to verify the ownership of a public key, i.e., given a public key and its
claimed owner information, how do we ensure that the public key is indeed owned by the claimed owner?
The Public Key Infrastructure (PKI) is a practical solution to this problem.

Students should be able to gain a better understanding of how PKI works, how PKI is used to
protect the Web, and how Man-in-the-middle attacks can be defeated by PKI. Moreover, students
will be able to understand the root of the trust in the public-key infrastructure, and what problems
will arise if the root trust is broken.
This lab covers the following topics:
1. Public-key encryption
2. Public-Key Infrastructure (PKI)
3. Certificate Authority (CA) and root CA
4. X.509 certificate and self-signed certificate
5. Apache, HTTP, and HTTPS

Task1: Becoming a Certificate Authority (CA)


In the following screenshot a self-signed certificate is generated by CA
Task2: Creating a Certificate for Localhost
The objective of this task is to generate a digital certificate for localhost using CA
created in previous Task.
In following screenshot, a public /private key pair generated:
Command: cd /home/seed/source/openssl/apps
In following screenshots, we can see server. Key file which is encrypted and
encoded.
Task3: Deploying certificate in an HTTPS web server
Creating your certificate signing request (CSR) with OpenSSL
Step1: Enable the ssl module on Apache2: a2enmod ssl

Step2: Restart the Apache2: service apache2 restart


Step3: Create the folder named ssl for saving the private key file and certificate signing request
file: mkdir /etc/apache2/ssl

Step4: Generate the files: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/etc/apache2/ssl/openssl.key -out /etc/apache2/ssl/openssl.crt
Step5: Enter the following information:

Configuring Your SSL Certificate:


Step6: Edit the file named default-ssl.conf in the path /etc/apache2/sites-available/
Step7: Replace the text "/etc/ssl/certs/ssl-cert-snakeoil.pem" with the
"/etc/apache2/ssl/openssl.crt":
Step8: Replace the text "/etc/ssl/private/ssl-cert-snakeoil.key" with the
"/etc/apache2/ssl/openssl.key"
Configuring the SSL Certificate for your website:
Create the file named localhost-ssl.conf in the path /etc/apache2/sites-available/

Enter following code


Open browser and type https://localhost
Show Certificate detail

You might also like