The goal is to understand how to configure a website to transfer data over a secure channel by providing SSL encryption to a web site implemented on HTTP
Why do you need to learn this?
Most websites require user authentication to allow individual access to content. If any of these websites fail to provide communicating over a secure channel, attackers can attempt to intercept the data passing through them. As a security admin, you need to ensure that your company’s website provides encryption to the communications passing through HTTP channel.
web/cloud servers use HTTPS to transfer data securely. HTTPS is implemented on websites that collect information such as login passwords and banking information.
1: Login Domain Controller
2: install WampServer from here (https://www.wampserver.com/en/)
3: If you encounter an error like this, you can download Visual C++ Redistributable for Visual Studio 2012 Update 4 from here. (https://www.microsoft.com/en-us/download/details.aspx?id=30679#)
This solves the problem.
Set up a Database for Local WordPress setup
You can check how to do it from here
4: To start WampServer, click Start > All Program > WampServer
5:Open any browser and type, https://localhost/wordpress in the address bar and press Enter
6:You won’t be able to access the website, as SSL is not enable on the server where the website is deployed. So, to browse the website over secure channel (https/SSL) , you need to enable SSL on the website server.
7:To launch System Properties, search “This PC”, right-click This PC, and right-click and select Properties
8:System properties window appears as shown in the screenshot, click Advanced system settings link
9:The System Properties window appears; go to Advanced tab, and click Environment Variables
10: The Environment Variables window appears; click New. Under User variable for Administrator section.
11: In the New User Variable window, enter the variable name openssl_conf, enter the variable value C:\wamp64\bin\apache\apache2.4.46\conf\openssl.cnf and click OK
12: Click OK in the Environment Variable window, and then click OK in the System Properties window.
13:Navigate to the location C:\wamp64\bin\apache\apache2.4.46\bin and open php.ini with Notepad++ (if you don’t have it, you should install it)
14: php.ini file opens in Notepad++, scroll down for line 924, and uncomment the line by removing “;” before the code, and save the file
15:Navigate to C:\wamp64\bin\apache\apache2.4.46, press Shift + right-click of your mouse on bin folder and select Open Command Window here.
16:The command prompt appears. Type following and press Enter
set openssl_conf -C:\Wamp64\bin\apache\apache2.4.46\conf\openssl.cnf
17: Now the environment variable is set to openssl.cnf. Type following
openssl genrsa -des3 -out server.key 1024
to create a server private key named server with 1024 bit encryption.
You will be asked to enter a passphrase for the generated key. Type a passphrase of your choice and press Enter. The passphrase will not be visible. Also, you will be asked to re-enter the same password for the purpose of verification. So, retype the password and press Enter.
18: Apache for windows does not support private keys that are password protected, so you need to remove passphrase from the RSA private key. So type the following command
openssl rsa -in server.key -out server.pem
You will be asked to enter the pass phrase for the server.key. So type the one you have assigned in the previous task.
19: Type following command and press Enter (type the passphrase for the private key)
openssl req -new -key server.key -out server.csr
20: You will be asked to enter information such as your country, state, city, etc. Fill in your details in the respective fields. The information you provide in these fields will be incorporated into your certificate request.
21: Type following command and press Enter. Type passphrase for server.key and press Enter.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
22: All the keys have been successfully created. These can be viewed in the location C:\wamp64\bin\apache\apache2.4.46\bin
23:Create a directory named ssl in the location C:\wamp64\bin\apache\apache2.4.46\conf
and move all the created keys from C:\wamp64\bin\apache\apache2.4.46\bin to C:\wamp64\bin\apache\apache2.4.46\conf\ssl
24: Click WampServer icon in the notification area, select Apache > Apache modules > ssl_module. Wampserver restarts as soon as you select ssl_module.
25: Navigate to C:\wamp64\bin\apache\apache2.4.46\conf\extra and open httpd-ssl.conf with Notepad++. Scroll down to view the port on which apache is listening. Ensure that the port number is 443.
26: Scroll down and comment the line by adding # before the code.
27: Scroll down the file and change the following
DocumentRoot to “C:/Wamp64/www/”
ServerName to localhost:443
Errorlog to “C:/Wamp/logs/ssl_error.log”
TransferLog to “C:/Wamp/logs/ssl_access.log”
SSLEngine in on
28: SSLCertificateFile to “C:\wamp64\bin\apache\apache2.4.46\conf\ssl\server.crt”
SSLCertificateKeyFile to “C:\wamp64\bin\apache\apache2.4.46\conf\ssl\server.pem”
29: Change the Directory location to “C:/wamp64/www/”
Add the following lines
options Indexes FollowSymLinks MultiViews
Order allow, deny
allow from all
30: Change the CustomLog path to “C:/wamp64/logs/ssl_request.log” Then save it.
31: Navigate to C:\wamp64\bin\apache\apache2.4.46\conf and open httpd.conf with Notepad++
Uncomment the above by removing # before the code. Then save.
31: Navigate to C:\wamp64\bin\apache\apache2.4.46, Shift + mouse right-click on bin folder, and select Open command Window here.
32: In the command prompt, type httpd -t and press Enter. If all the syntax you enter is correct, it returns a message “Syntax OK”
33: Close the command prompt and all other open windows. Click WampServer icon and Restart All services.
34:Launch a command prompt, type netstat -an |more
This will list all the ports running on the machine. Ensure port 443 is listening.
35: Launch a web browser and type https://localhost/wordpress
Certificate error webpage appears , click Continue to this website (not recommended).
36:You will be redirected to the page (on https channel) as shown in the screenshot
You learned how to encrypt data using SSL