This shows you the differences between two versions of the page.
scgc:laboratoare:08 [2021/09/29 22:16] maria.mihailescu [Laboratory 08. Security: PKI, X.509, SSL, TLS] |
scgc:laboratoare:08 [2021/10/13 17:25] (current) maria.mihailescu |
||
---|---|---|---|
Line 6: | Line 6: | ||
===== Lab Setup ===== | ===== Lab Setup ===== | ||
- | * We will be using a virtual machine in the [[http://cloud.curs.pub.ro/|faculty's cloud]]. | + | * We will be using a virtual machine in the [[http://cloud.grid.pub.ro/|faculty's cloud]]. |
- | * When creating a virtual machine follow the steps in this [[https://cloud.curs.pub.ro/about/tutorial-for-students/|tutorial]]. | + | |
* When creating a virtual machine in the Launch Instance window: | * When creating a virtual machine in the Launch Instance window: | ||
* Select **Boot from image** in **Instance Boot Source** section | * Select **Boot from image** in **Instance Boot Source** section | ||
Line 21: | Line 20: | ||
===== Tasks ====== | ===== Tasks ====== | ||
- | ==== 1. [20p] Inspecting and Verifying a Certificate ==== | + | ==== 1. Inspecting and Verifying a Certificate ==== |
Begin by inspecting the certificate found in the ''houdini.cs.pub.ro.crt-roedunet'' file. | Begin by inspecting the certificate found in the ''houdini.cs.pub.ro.crt-roedunet'' file. | ||
Line 92: | Line 91: | ||
Find the ''issuer'' for each of the certificates and use the appropriate certificate chain. | Find the ''issuer'' for each of the certificates and use the appropriate certificate chain. | ||
</note> | </note> | ||
- | ==== 2. [20p] Remotely Inspecting a Certificate ==== | + | ==== 2. Remotely Inspecting a Certificate ==== |
Connect to ''aero.curs.pub.ro'' using a secure connection to obtain its certificate. | Connect to ''aero.curs.pub.ro'' using a secure connection to obtain its certificate. | ||
Line 208: | Line 207: | ||
Within a browser, inspect the certificate for ''aero.curs.pub.ro'' and find the field that specifies the Subject Alternative Names for the certificate. To avoid automatic redirecting to ''curs.upb.ro'', go to ''aero.curs.pub.ro/2019''. | Within a browser, inspect the certificate for ''aero.curs.pub.ro'' and find the field that specifies the Subject Alternative Names for the certificate. To avoid automatic redirecting to ''curs.upb.ro'', go to ''aero.curs.pub.ro/2019''. | ||
</note> | </note> | ||
- | ==== 3. [20p] Generating and Inspecting a Certificate ==== | + | ==== 3. Generating and Inspecting a Certificate ==== |
The steps required when generating a certificate are as follows: | The steps required when generating a certificate are as follows: | ||
Line 284: | Line 283: | ||
</note> | </note> | ||
- | ==== 4. [15p] Unencrypted Client/Server Communication ==== | + | ==== 4. Unencrypted Client/Server Communication ==== |
<note important> | <note important> | ||
Line 309: | Line 308: | ||
Also, the messages can be seen in plaintext in the ''tcpdump'' log. | Also, the messages can be seen in plaintext in the ''tcpdump'' log. | ||
</note> | </note> | ||
- | ==== 5. [25p] Client/Server Communication over SSL/TLS ==== | + | ==== 5. Client/Server Communication over SSL/TLS ==== |
Use ''openssl s_server'' to start a server listening on the same port as the previous exercise. Use the ''server.scgc'' certificate previously generated. | Use ''openssl s_server'' to start a server listening on the same port as the previous exercise. Use the ''server.scgc'' certificate previously generated. |