Versions Compared

Old Version 8

changes.mady.by.user jorge.rueda

Saved on

compared with

New Version 9

changes.mady.by.user Steve Challans

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
   /etc/init.d/apache2 restart

  1. Using putty or ssh, connect to your Snare Central Server as the 'snare' user, attain administrator-level privileges by running the command: "sudo -s" (and enter your snare user password), then enter following commands:

    Code Block
       cd /etc/apache2/ssl
   openssl req -out snare.csr -new -newkey rsa:2048 -sha256 -nodes -keyout privkey.pem

    It will then request C/CN details. The "C" field should be a two-letter country code. The CN should be the DNS name of the Snare Server; the same address that you will put into your web browser to connect to the server. Other fields, as appropriate based on your geographic location and organisational details.

  2. Once the command completes, a snare.csr will be created. You will need to transfer it to your CA to sign (generally by copy/pasting the contents into a web form).

    Please ensure that the certificate provided by your CA is exported in base64/PEM format.
    The certificate you get back from your CA needs to replace the contents of the apache.pem file.

  3. Please transfer the certificate to the Snare Server, and copy it to

    Code Block
       /etc/apache2/ssl/apache.pem

    Note: you will need to transfer the files to either /tmp or /home/snare as you can only use SFTP/scp for non root accounts. Once you copy the files to the Snare Central server, log in to the CLI, sudo to root-level user access as highlighted above, then move the files to the correct locations.

  4. To reload the web server with the new keys execute:

    Code Block
       /etc/init.d/apache2 restart

  5. If things are not working as expected then run the following to help diagnose the problems

    1. check the log files for Apache cat /var/log/apache2/error.log, errors may indicate problems with certificate files, miss matches in public private keys or problems with the apache ssl configuration files if they were altered.

    2. run “service apache2 status” this will show details around potential errors with apache not running.

    3. once the errors are corrected apache should start and run correctly.

Snare Central TLS Listener

...

The Collector can be configured to support separate files for private/public keys, or can use a single container file (pem) that includes both keys. Depending on user needs the procedure is very similar:

  1. Stop Collector with the following command:

    $ sudo /etc/init.d/snare stop
    

  1. Upload and copy certificate files into the correct directory, with the correct filename. Assuming the source private and public keys are in separate files and the names are MyTLSCert-Public.pem and MyTLSCert-Private.pem:

    $ sudo cp MyTLSCert-Public.pem /data/SnareConfig/TLSServer-Public.pem
    $ sudo cp MyTLSCert-Private.pem /data/SnareConfig/TLSServer-Private.pem
    $ sudo chown root: /data/SnareConfig/*.pem
    $ sudo chmod 400 /data/SnareConfig/*.pem

  1. ALTERNATIVELY, if your public and private keys are in a single file (MyTLSCert.pem):

    $ sudo cp MyTLSCert.pem /data/SnareConfig/TLSServer.pem
    $ sudo chown root: /data/SnareConfig/*.pem
    $ sudo chmod 400 /data/SnareConfig/*.pem

...