Hardware Reference
In-Depth Information
From a technical level, SSL is an extension of the HTTP protocol that ensures that usernames and passwords
cannot be monitored by packet sniffers watching the traffic to your home machine. However, because the security
handshaking takes place before the domain name, only one virtual site may use SSL. 12 In our case, this would be our
private house control web site.
The self-signed authentication certificate is valid for a certain number of days and applied to the web server
on boot-up. To stop this certificate being copied and used on another web server (thus eliminating its purpose as
a security mechanism), you will have to type a passphrase (a longer form of password, which should at least 20
characters and contain several words, to avoid basic dictionary attacks) when creating the certificate and at any time
it is used, converted, or applied to a web server. Longer phrases are naturally better, but should you forget the phrase,
you will have to revoke that certificate and issue a new one.
SSL self-signed certificates are generated with several (rather opaque) commands. There are many examples on
the Web detailing these in varying degrees of detail. For our purposes, you care not about the why, merely the how.
So, as root, begin with this:
cd /etc/apache2
mkdir ssl
cd ssl
and issue the following commands, filling in the prompts as requested:
openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.pem
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 30 -in server.csr -signkey server.key -out server.crt
chmod 600 *
You can then add an SSL host to your available sites list by cloning the existing 001-control version and
wrapping it with the following:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
# Normal configuration data goes here...
SSLEngine on
SSLCertificateFile server.pem
SSLCertificateKeyFile server.key
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
You should then restart the web server with this:
a2enmod ssl
a2ensite 002-control-ssl
apache2ctl graceful
4HEREARESOLUTIONSTOTHECONTRARYDETAILEDONTHE)NTERNETBUTTHEYARETOOCOMPLEXTOBEDISCUSSEDHERE
Search WWH ::




Custom Search