Creating and Applying SSL Certificate to Apache Guacamole

#Linux #BrowserBasedAdministration #RDP #VNC

Full steps can be found at https://i12bretro.github.io/tutorials/0139.html

Prerequisites
   - A XCA PKI database  https://youtu.be/ezzj3x207lQ
 
Create Your SSL Certificate
   01. Launch XCA
   02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password
   03. Click on the Certificates tab, right click on your Intermediate CA certificate
   04. Select New
   05. On the Source tab, make sure Use this Certificate for signing is selected
   06. Verify your Intermediate CA certificate is selected from the drop down
   07. Click the Subject tab
   08. Complete the Distinguished Name section
         internalName: Guacamole SSL
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: remote.i12bretro.local
   09. Click the Generate a New Key button
   10. Enter a name and set the key size to at least 2048
   11. Click Create
   12. Click on the Extensions tab
   13. Select End Entity from the type list
   14. Click Edit next to Subject Alternative Name
   15. Add any DNS or IP addresses that the certificate will identify
   16. Update the validity dates to fit your needs
   17. Click the Key Usage tab
   18. Under Key Usage select Digital Signature, Key Encipherment
   19. Under Extended Key Usage select Web Server and Web Client Authentication
   20. Click the Netscape tab
   21. Select SSL Server
   22. Click OK to create the certificate
 
Exporting Required Files
   01. In XCA, click on the Certificates tab
   02. Right click the Intermediate CA certificate ≫ Export ≫ File
   03. Set the file name with a .crt extension and verify the export format is PEM chain (*.pem)
   04. Click OK
   05. Right click the SSL certificate ≫ Export ≫ File
   06. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
   07. Click OK
   08. Click the Private Keys tab
   09. Right click the private key generated for the SSL certificate ≫ Export ≫ File
   10. Set the file name with a .key extension and verify the export format is PEM private (*.pem)
   11. Click OK
 
Applying the Certificates
   01. Download WinSCP  https://winscp.net/eng/downloads.php
   02. Extract WinSCP and run the executable
   03. Connect to the Apache Guacamole server via WinSCP
   04. Copy the created .crt, .key and .pem files to ~/
   05. On the Guacamole server, run the following command in a terminal
         sudo cp ~/remote.i12bretro.local.crt /var/lib/tomcat9/
         sudo cp ~/remote.i12bretro.local.key /var/lib/tomcat9/
         sudo cp ~/CA-Chain.pem /var/lib/tomcat9/
         sudo chown :tomcat /var/lib/tomcat9/remote.i12bretro.local.crt
         sudo chown :tomcat /var/lib/tomcat9/remote.i12bretro.local.key
         sudo chown :tomcat /var/lib/tomcat9/CA-Chain.pem
         sudo cp /var/lib/tomcat9/conf/server.xml /var/lib/tomcat9/conf/server.xml.bkup
         sudo nano /var/lib/tomcat9/conf/server.xml
   06. Edit the server.xml file adding the following connector block
         ≪connector port="8443"
         protocol="org.apache.coyote.http11.Http11NioProtocol"
         maxThreads="150"
         SSLEnabled="true"
         SSLProtocol="TLS"
         clientAuth="false"
         secure="true"
         scheme="https"
         SSLCertificateFile="/var/lib/tomcat9/remote.i12bretro.local.crt"
         SSLCertificateKeyFile="/var/lib/tomcat9/remote.key"
         SSLCertificateChainFile="/var/lib/tomcat9/CA-Chain.pem"
         keyAlias="remote.i12bretro.local"
         sslEnabledProtocols="TLSv1.1+TLSv1.2"≫≪/connector≫
   07. Press CTRL+O, Enter, CTRL+X
   08. Run the following command in terminal to restart the Gaucamole Tomcat server
         sudo systemctl restart tomcat9
   09. Open a web browser and navigate to Apache Guacamole via https://
 
Optional Steps
   01. To redirect all http traffic to communicate securely with https, run the following in a terminal
         sudo nano /var/lib/tomcat9/conf/web.xml
   02. At the bottom of the file above the closing tag for web-app paste the following
         ≪security-constraint≫
         ≪web-resource-collection≫
         ≪web-resource-name≫Protected Context≪/web-resource-name≫
         ≪url-pattern≫/*≪/url-pattern≫
         ≪/web-resource-collection≫
         ≪user-data-constraint≫
         ≪transport-guarantee≫CONFIDENTIAL≪/transport-guarantee≫
         ≪/user-data-constraint≫
         ≪/security-constraint≫
 


### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro

Тэги:

#Apache #Apache_Guacamole #Apache_Guacamole_SSL_Setup #Apache_Tomcat #Browser_Based #Browser_Based_Administration #Browser_Based_RDP #Browser_Based_VNC #Configuration #Debian #Free_Software #Freeware #Guacamole #Home_Lab #Home_Lab_Ideas #How_To #Linux #PKI #RDP #Raspberry_Pi #SBC #SSH #SSL #Self-Hosted #System_Administration #System_Administrator #Terminal #Tutorial #VNC #Web_Based #Web_Based_RDP #Web_Based_SSH #Web_Based_Tools #Web_Based_VNC #Web_Server #i12bretro

Скачать видео