ABHIONLINUX
Site useful for linux administration and web hosting

2009/09/16

SSL

Generating a Certificate Signing Request (CSR)
To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:

$ openssl genrsa -des3 -out server.key 1024

To create the CSR:-

run the following command at a terminal prompt:
$ openssl req -new -key server.key -out server.csr



Creating a Self-Signed Certificate:-

To create the self-signed certificate, run the following command at a terminal prompt:

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Installing the Certificate:-

You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands at a terminal prompt:

$ sudo cp server.crt /etc/ssl/certs
$ sudo cp server.key /etc/ssl/private


Now simply configure any applications, with the ability to use public-key cryptography, to use the certificate and key files. For example, Apache can provide HTTPS.

To configure Apache for HTTPS add the following three lines to the /etc/apache2/sites-available/subversion file

SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

Configure Apache Server (https) the Repository:-

We need to be sure the right modules are enabled

$ a2enmod dav
$ a2enmod dav_svn
We must set up virtual host for subversion server. File that you can put in /etc/apache2/sites-available/default (original file).so we can copy the original file (default) to duplication file (subversion).
$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/subversion.
Edit file $ sudo vim /etc/apache2/sites-available/subversion

NameVirtualHost 192.170.50.61:443

ServerAdmin webmaster@localhost
#SSLCertificate
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

DAV svn
SVNPath /home/svn/repos
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
#Required authentication
Require valid-user
# Require encryption
SSLRequireSSL

ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On



Symbolic link:-

Be sure to make a symbolic link to that file in /etc/apache2/sites-enabled:

$ ln –s /etc/apache2/sites-available/subversion/ /etc/apache2/sites-enabled


Open Port Number:-

Add "Listen 443" to /etc/apache2/ports.conf:

$ sudo vim /etc/apache2/ports.conf

Listen 443



Subversion main configuration file:-

Edit /etc/apache2/mods-available/dav_svn.conf configuration file and follow the instructions:
$ sudo vim /etc/apache2/mods-available/dav_svn.conf


DAV svn
SVNPath /home/svn/repos
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
SSLRequireSSL


User authentication:-

To add the first user, you can run the following command:

$ sudo htpasswd -c /etc/apache2/dav_svn.passwd suresh



Note: If you have just installed SVN, the passwd file will not yet exist and needs to be created using the "-c" switch. Adding any users after that should be done without the "-c" switch to avoid overwriting the passwd file.

Direct repository you can run the following command:

$ sudo svn co file:///home/svn/repos



You should start apache service
$ sudo /etc/init.d/apache2 start

No comments:

Post a Comment