How to enable SSL

From Netmon

Jump to: navigation, search

Certain customers may wish to secure their Netmon device by only allowing access through SSL (also known as HTTPS). This guide instructs on how to disable normal HTTP access and forces users to access their Netmon device using SSL only.

This guide requires command prompt access to your Netmon device.

Note: Upgrading your Netmon device to a newer version will erase these changes. You must go through this guide again after upgrading to a new version.

Creating the Certificates

First we must create the certificate file used during SSL authentication. To do this, run the following commands. 

mkdir /etc/apache2/ssl
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
chmod a+r /etc/apache2/ssl/apache.pem
ls /etc/apache2/ssl/

The last command will output the name of two files, like so: 

880f3db8  apache.pem

Write down the name of the file which has a name composed of random numbers and letters, in this case it is 880f3db8. We will need this file name later.

Changing the Apache Configuration

Run the command 

nano /etc/apache2/sites-available/default

It will show you a text file with the following content 

NameVirtualHost *
<VirtualHost *>
        ServerAdmin admin@netmon.ca

        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

</VirtualHost>

Make the following changes to this content in the text editor 

NameVirtualHost *:443
Listen 443
<VirtualHost *:443>
        ServerAdmin admin@netmon.ca

        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.pem
        SSLCertificateKeyFile /etc/apache2/ssl/880f3db8
</VirtualHost>

Notice the second last line requires the file name we wrote down in the previous step

Reload Apache and Test

To make the changes take effect, run 

/etc/init.d/apache2 reload

Open your web browser, and access 

https://192.168.1.20

Where 192.168.1.20 is the IP address of your Netmon device. You should receive a message about accepting the certificate.

This is now the only way to access your Netmon device. Any requests to http://192.168.1.20 will fail.

Retrieved from "http://wiki.netmon.ca/index.php/How_to_enable_SSL"
Personal tools