The goal

The goal is to understand how to configure a website to transfer data over a secure channel by providing SSL encryption to a web site implemented on HTTP

Why do you need to learn this?

Most websites require user authentication to allow individual access to content. If any of these websites fail to provide communicating over a secure channel, attackers can attempt to intercept the data passing through them. As a security admin, you need to ensure that your company’s website provides encryption to the communications passing through HTTP channel.

Case

web/cloud servers use HTTPS to transfer data securely. HTTPS is implemented on websites that collect information such as login passwords and banking information.

Network Topology

Preparation

Install Wampserver

1: Login Domain Controller

2: install WampServer from here (https://www.wampserver.com/en/)

3: If you encounter an error like this, you can download Visual C++ Redistributable for Visual Studio 2012 Update 4 from here. (https://www.microsoft.com/en-us/download/details.aspx?id=30679#)

This solves the problem.

Set up a Database for Local WordPress setup

You can check how to do it from here

https://www.wpbeginner.com/wp-tutorials/how-to-install-wordpress-on-your-windows-computer-using-wamp/

Demo

4: To start WampServer, click Start > All Program > WampServer

5:Open any browser and type, https://localhost/wordpress in the address bar and press Enter

6:You won’t be able to access the website, as SSL is not enable on the server where the website is deployed. So, to browse the website over secure channel (https/SSL) , you need to enable SSL on the website server.

7:To launch System Properties, search “This PC”, right-click This PC, and right-click and select Properties

8:System properties window appears as shown in the screenshot, click Advanced system settings link

9:The System Properties window appears; go to Advanced tab, and click Environment Variables

10: The Environment Variables window appears; click New. Under User variable for Administrator section.

11: In the New User Variable window, enter the variable name openssl_conf, enter the variable value C:\wamp64\bin\apache\apache2.4.46\conf\openssl.cnf and click OK

12: Click OK in the Environment Variable window, and then click OK in the System Properties window.

13:Navigate to the location C:\wamp64\bin\apache\apache2.4.46\bin and open php.ini with Notepad++ (if you don’t have it, you should install it)

14: php.ini file opens in Notepad++, scroll down for line 924, and uncomment the line by removing “;” before the code, and save the file

15:Navigate to C:\wamp64\bin\apache\apache2.4.46, press Shift + right-click of your mouse on bin folder and select Open Command Window here.

16:The command prompt appears. Type following and press Enter

set openssl_conf -C:\Wamp64\bin\apache\apache2.4.46\conf\openssl.cnf

17: Now the environment variable is set to openssl.cnf. Type following

openssl genrsa -des3 -out server.key 1024

to create a server private key named server with 1024 bit encryption.

You will be asked to enter a passphrase for the generated key. Type a passphrase of your choice and press Enter. The passphrase will not be visible. Also, you will be asked to re-enter the same password for the purpose of verification. So, retype the password and press Enter.

18: Apache for windows does not support private keys that are password protected, so you need to remove passphrase from the RSA private key. So type the following command

openssl rsa -in server.key -out server.pem

You will be asked to enter the pass phrase for the server.key. So type the one you have assigned in the previous task.

19: Type following command and press Enter (type the passphrase for the private key)

openssl req -new -key server.key -out server.csr

20: You will be asked to enter information such as your country, state, city, etc. Fill in your details in the respective fields. The information you provide in these fields will be incorporated into your certificate request.

21: Type following command and press Enter. Type passphrase for server.key and press Enter.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

22: All the keys have been successfully created. These can be viewed in the location C:\wamp64\bin\apache\apache2.4.46\bin

23:Create a directory named ssl in the location C:\wamp64\bin\apache\apache2.4.46\conf

and move all the created keys from C:\wamp64\bin\apache\apache2.4.46\bin to C:\wamp64\bin\apache\apache2.4.46\conf\ssl

24: Click WampServer icon in the notification area, select Apache > Apache modules > ssl_module. Wampserver restarts as soon as you select ssl_module.

25: Navigate to C:\wamp64\bin\apache\apache2.4.46\conf\extra and open httpd-ssl.conf with Notepad++. Scroll down to view the port on which apache is listening. Ensure that the port number is 443.

26: Scroll down and comment the line by adding # before the code.

27: Scroll down the file and change the following

DocumentRoot to “C:/Wamp64/www/”

ServerName to localhost:443

Errorlog to “C:/Wamp/logs/ssl_error.log”

TransferLog to “C:/Wamp/logs/ssl_access.log”

SSLEngine in on

28: SSLCertificateFile to “C:\wamp64\bin\apache\apache2.4.46\conf\ssl\server.crt”

SSLCertificateKeyFile to “C:\wamp64\bin\apache\apache2.4.46\conf\ssl\server.pem”

29: Change the Directory location to “C:/wamp64/www/”

Add the following lines

options Indexes FollowSymLinks MultiViews

AllowOverride All

Order allow, deny

allow from all

30: Change the CustomLog path to “C:/wamp64/logs/ssl_request.log” Then save it.

31: Navigate to C:\wamp64\bin\apache\apache2.4.46\conf and open httpd.conf with Notepad++

Uncomment the above by removing # before the code. Then save.

31: Navigate to C:\wamp64\bin\apache\apache2.4.46, Shift + mouse right-click on bin folder, and select Open command Window here.

32: In the command prompt, type httpd -t and press Enter. If all the syntax you enter is correct, it returns a message “Syntax OK”

33: Close the command prompt and all other open windows. Click WampServer icon and Restart All services.

34:Launch a command prompt, type netstat -an |more

This will list all the ports running on the machine. Ensure port 443 is listening.

35: Launch a web browser and type https://localhost/wordpress

Certificate error webpage appears , click Continue to this website (not recommended).

36:You will be redirected to the page (on https channel) as shown in the screenshot

Conclusion

You learned how to encrypt data using SSL