Versions Compared

Old Version 9

changes.mady.by.user Steve Challans

Saved on

compared with

New Version Current

changes.mady.by.user tlapham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Using putty or ssh, connect to your Snare Central Server as the 'snare' user, attain administrator-level privileges by running the command: "sudo -s" (and enter your snare user password), then enter following commands:

    Code Block
       cd /etc/apache2/ssl
   openssl req -out snare.csr -new -newkey rsa:2048 -sha256 -nodes -keyout privkey.pem

    It will then request C/CN details. The "C" field should be a two-letter country code. The CN should be the DNS name of the Snare Server; the same address that you will put into your web browser to connect to the server. Other fields, as appropriate based on your geographic location and organisational details.

  2. Once the command completes, a snare.csr will be created. You will need to transfer it to your CA to sign Using the commands below elevate the permissions on the newly created CSR file and move it to the /tmp location.

    Code Block
    chmod 755 snare.csr
mv snare.csr /tmp

    To validate that the snare.csr file moved correctly, perform the below commands.

    Code Block
    cd /tmp
ls

    This should then list the contents of the /tmp directory and there you should see your snare.csr file.

  3. Using a tool such as WinSCP or an SFTP tool, copy the snare.csr file over to your CA server and create your cert for example snare.crt (generally by copy/pasting the contents into a web form).

    Please ensure that the certificate provided by your CA is exported in base64/PEM format.
    The certificate you get back from your CA needs to replace the contents of the apache.pem file.

  4. Please transfer the certificate created to the Snare Server, and copy it to /tmp directory using your preferred SFTP tool.

  5. run the below commands to update the apache.pem with the new cert details in the /tmp directory.

    Code Block
     cd /tmp
 mv snare.crt /etc/apache2/ssl/apache.pem

    Note: you will need to transfer the files to either /tmp or /home/snare as you can only use SFTP/scp for non root accounts. Once you copy the files to the Snare Central server, log in to the CLI, sudo to root-level user access as highlighted above, then move the files to the correct locations.

  6. To When the file is updated, reload the web server with the new keys execute:

    Code Block
       /etc/init.d/apache2 restart

  7. If things are not working as expected then run the following to help diagnose the problems

    1. check the log files for Apache cat /var/log/apache2/error.log, errors may indicate problems with certificate files, miss matches in public private keys or problems with the apache ssl configuration files if they were altered.

    2. run “service apache2 status” this will show details around potential errors with apache not running.

    3. once the errors are corrected apache should start and run correctly.

...