#### LAB 2: INSTALLING SSL CERTIFICATE ON APACHE WEB SERVER

## LAB Objectives

* Secure our apache web server with an SSL certificate we just generated

## LAB Duration

	20 Minutes

## LAB Environment

On your lab machine hostX.ws.nsrc.org, check if apache is installed:

1.
	> dpkg -l | grep apache

	You should get something like

	ii  apache2                                2.2.22-1ubuntu1.8                       Apache HTTP Server metapackage
	ii  apache2-mpm-worker                     2.2.22-1ubuntu1.8                       Apache HTTP Server - high speed threaded model


	If you get no output, install Apache with the command
	
	> apt-get install apache2

2. Enabling Mod SSL

SSL module ships in with apache but by default isn't enabled

	> sudo a2enmod ssl

	> sudo restart apache2


## LAB tasks

----- Part 1: Copy the 'conf' folder to /etc/apache2------

** Before that rename your SSL certificate **

	> cd ~/conf
	> mv hostXwsnsrcorg.pem hostX.ws.nsrc.org.pem
	> sudo cp -r /home/sysadm/conf /etc/apache2

----- Part 2: Create an Apache VirtualHost ---------------

1. Create a VirtualHost and insert the content that follows below after the vi command. Ensure your vi is in INSERT mode before pasting.

> vi /etc/apache2/sites-available/hostX.conf

	<VirtualHost 10.10.0.X:443>
	ServerName hostX.ws.nsrc.org
	DocumentRoot /var/www/html/hostX

	SSLEngine On
	SSLCertificateFile /etc/apache2/conf/hostX.ws.nsrc.org.pem
	SSLCertificateKeyFile /etc/apache2/conf/hostX.ws.nsrc.org.key

	ErrorLog ${APACHE_LOG_DIR}/ssl.hostX.error_log
	CustomLog ${APACHE_LOG_DIR}/ssl.hostX.access_log combined
	</VirtualHost>

Enable your Virtual Host by executing:

	> sudo a2ensite hostX


Next Lets Create our VirtualHost Root Directory. Create an index.html 

	> sudo mkdir /var/www/html/hostX

	> cd /var/www/html/hostX

	> sudo vi index.html

You may copy a sample site from https://gist.github.com/old-campos/3870308 and paste in your index.html

2. Reload Apache

> sudo service apache2 reload

3. Launch your broswer and visit https://hostX.ws.nsrc.org

----- Part 3: Troubleshooting ------

If you have an error either in your Key and Certificate files, especially if you pasted then apache won't even restart. You need to check the log file to identify the error:

	sudo tail -fn 100 /var/log/apache2/error.log

---- Part 4: Redirect all HTTP Traffic to our SSL Virtual Host ---------

Hack this! Find a solution online!