...
Using putty or ssh, connect to your Snare Central Server as the 'snare' user, attain administrator-level privileges by running the command: "sudo -s" (and enter your snare user password), then enter following commands:
Code Block cd /etc/apache2/ssl openssl req -out snare.csr -new -newkey rsa:2048 -sha256 -nodes -keyout privkey.pem
It will then request C/CN details. The "C" field should be a two-letter country code. The CN should be the DNS name of the Snare Server; the same address that you will put into your web browser to connect to the server. Other fields, as appropriate based on your geographic location and organisational details.
Once the command completes, a snare.csr will be created. You will need to transfer it to your CA to sign Using the commands below elevate the permissions on the newly created CSR file and move it to the /tmp location.
Code Block chmod 755 snare.csr mv snare.csr /tmp
To validate that the snare.csr file moved correctly, perform the below commands.
Code Block cd /tmp ls
This should then list the contents of the /tmp directory and there you should see your snare.csr file.
Using a tool such as WinSCP or an SFTP tool, copy the snare.csr file over to your CA server and create your cert for example snare.crt (generally by copy/pasting the contents into a web form).
Please ensure that the certificate provided by your CA is exported in base64/PEM format.
The certificate you get back from your CA needs to replace the contents of the apache.pem file.Please transfer the certificate created to the Snare Server, and copy it to /tmp directory using your preferred SFTP tool.
run the below commands to update the apache.pem with the new cert details in the /tmp directory.
Code Block cd /tmp mv snare.crt /etc/apache2/ssl/apache.pem
Note: you will need to transfer the files to either /tmp or /home/snare as you can only use SFTP/scp for non root accounts. Once you copy the files to the Snare Central server, log in to the CLI, sudo to root-level user access as highlighted above, then move the files to the correct locations.
To When the file is updated, reload the web server with the new keys execute:
Code Block /etc/init.d/apache2 restart
If things are not working as expected then run the following to help diagnose the problems
check the log files for Apache cat /var/log/apache2/error.log, errors may indicate problems with certificate files, miss matches in public private keys or problems with the apache ssl configuration files if they were altered.
run “service apache2 status” this will show details around potential errors with apache not running.
once the errors are corrected apache should start and run correctly.
...