* First of all you need to download and install (OpenSSL) tool to your microsoft active directory then follow the steps below:
1- Generating root SSL certificate authority (CA):
01- Open C:\OpenSSL\bin\openssl.exe
02- Type : genrsa -out ca.key 2048
03- Type : req -new -key ca.key -out ca.csr
04- Complete any private information.
05- Copy content of (Root CA properties file) to : C:\OpenSSL\bin\
06- Type : x509 -req -in ca.csr -days 1095 -extfile rootssl.txt -sha256 -out ca.crt -signkey ca.key
07- Don't close (openssl.exe)
2- Generating hotspot SSL certificate:
01- Type : genrsa -out app-v.key 2048
02- Type : req -new -key app-v.key -out app-v.csr
03- Complete any private information.
04- Copy content of (SAN SSL properties file) to : C:\OpenSSL\bin\
05- Open : C:\OpenSSL\bin\SAN SSL.txt
06- Modify line : #IP.1= to IP.1= IP address of app-v server
07- Modify line : #DNS.1= to DNS.1= FQDN of app-v server
08- Type : x509 -req -in app-v.csr -days 365 -CA ca.crt -CAkey ca.key -CAcreateserial -extfile sanssl.txt -sha256 -out app-v.crt
09- Copy : (ca.crt, app-v.crt and app-v.key) files located in : C:\OpenSSL\bin\ to your desktop.
10- Double
click on (ca.crt) - Install certificate - Next - Place all certificates
in the following store - Trusted Root Certification Authorities - Next -
Finish – Yes – OK
* Now navigate to (App-V 3.0) server:
01- Log in to (App-V 3.0) vm directly from console.
02- You will be promoted to change your default password which by default is : 123 with default user name : root.
03- After changing your password now type the following commands:
* $ cd ..
* $ sudo ufw allow ssh
* $ sudo ufw enable
* $ sudo ufw status
* Enable root login over SSH:
1. As root, edit the sshd_config file in /etc/ssh/sshd_config:
nano /etc/ssh/sshd_config
2.
Add a line in the Authentication section of the file that says
PermitRootLogin yes. This line may already exist and be commented out
with a "#". In this case, remove the "#".
3. # Authentication:
4. #LoginGraceTime 2m
5. PermitRootLogin yes
6. #StrictModes yes
7. #MaxAuthTries 6
8. Save the updated /etc/ssh/sshd_config file.
9. Restart the SSH server:
service ssh restart
4- Now, rename (app-v.crt) to (appvol_self_vmware.com.crt) and (app-v.key) to (appvol_self_vmware.com.key)
5- Open (WinSCP) software from any computer in the same LAN of (App-V 3.0) server.
6- From (File Protocol) select : (SCP), (Port) leave it : 22
7- Type the user name and password then click : Login.
8- In the right panel, navigate to : etc/nginx then delete the existing : (appvol_self_vmware.com.crt) and
(appvol_self_vmware.com.key).
9- In the left panel, navigate to the path where you store the created certificate and key then drag
and drop the new (appvol_self_vmware.com.crt) and (appvol_self_vmware.com.key).
10- Disconnect the session.
11- From (Putty), login with (root) credentials then type this command : service nginx restart or restart the (App-V 3.0) vm.
Want to download this blog as a PDF document, click the link below:
Abd El-Rahman Oreiby
Senior Data Center Engineer
Al Thuraya Security Egypt
www.abdelrahmanoreiby.weebly.com
No comments:
Post a Comment