Configure SSL Certificates on App Volumes 3.0 - Telecommunications Blog

A blog for mobile communications systems GSM , UMTS and LTE

Recomended

Tuesday, June 30, 2020

Configure SSL Certificates on App Volumes 3.0


* First of all you need to download and install (OpenSSL) tool to your microsoft active directory then follow the steps below:

1- Generating root SSL certificate authority (CA):

01- Open C:\OpenSSL\bin\openssl.exe
02- Type : genrsa -out ca.key 2048
03- Type : req -new -key ca.key -out ca.csr
04- Complete any private information.
05- Copy content of (Root CA properties file) to : C:\OpenSSL\bin\
06- Type : x509 -req -in ca.csr -days 1095 -extfile rootssl.txt -sha256 -out ca.crt -signkey ca.key
07- Don't close (openssl.exe)

2- Generating hotspot SSL certificate:

01- Type : genrsa -out app-v.key 2048
02- Type : req -new -key app-v.key -out app-v.csr
03- Complete any private information.
04- Copy content of (SAN SSL properties file) to : C:\OpenSSL\bin\
05- Open : C:\OpenSSL\bin\SAN SSL.txt
06- Modify line : #IP.1= to IP.1= IP address of app-v server
07- Modify line : #DNS.1= to DNS.1= FQDN of app-v server
08- Type : x509 -req -in app-v.csr -days 365 -CA ca.crt -CAkey ca.key -CAcreateserial -extfile sanssl.txt -sha256 -out app-v.crt
09- Copy : (ca.crt, app-v.crt and app-v.key) files located in : C:\OpenSSL\bin\ to your desktop.
10- Double click on (ca.crt) - Install certificate - Next - Place all certificates in the following store - Trusted Root Certification Authorities - Next - Finish – Yes – OK

* Now navigate to (App-V 3.0) server:

01- Log in to (App-V 3.0) vm directly from console.
02- You will be promoted to change your default password which by default is : 123 with default  user name : root.
03- After changing your password now type the following commands:

* $ cd ..
* $ sudo ufw allow ssh
* $ sudo ufw enable
* $ sudo ufw status


* Enable root login over SSH:

1. As root, edit the sshd_config file in /etc/ssh/sshd_config:

nano /etc/ssh/sshd_config

2. Add a line in the Authentication section of the file that says PermitRootLogin yes. This line may already exist and be commented out with a "#". In this case, remove the "#".

3. # Authentication:
4. #LoginGraceTime 2m
5. PermitRootLogin yes
6. #StrictModes yes
7. #MaxAuthTries 6

8. Save the updated /etc/ssh/sshd_config file.
9. Restart the SSH server:

service ssh restart

4- Now, rename (app-v.crt) to (appvol_self_vmware.com.crt) and (app-v.key) to (appvol_self_vmware.com.key)

5- Open (WinSCP) software from any computer in the same LAN of (App-V 3.0) server.

6- From (File Protocol) select : (SCP), (Port) leave it : 22

7- Type the user name and password then click : Login.

8- In the right panel, navigate to : etc/nginx then delete the existing : (appvol_self_vmware.com.crt) and
(appvol_self_vmware.com.key).

9- In the left panel, navigate to the path where you store the created certificate and key then drag 
and drop the new (appvol_self_vmware.com.crt) and (appvol_self_vmware.com.key).

10- Disconnect the session.

11- From (Putty), login with (root) credentials then type this command : service nginx restart or restart the (App-V 3.0) vm.


Want to download this blog as a PDF document, click the link below:





Abd El-Rahman Oreiby
Senior Data Center Engineer
Al Thuraya Security Egypt 
www.abdelrahmanoreiby.weebly.com

No comments:

Post a Comment