Create a certificate for a website, configure a web server to use HTTPS and study SSL by capturing packets.
New information/hints added since the original instructions:
Detailed instructions for most of the tasks are here. Note that the instructions refer to an ID - you should replace it with your actual student ID. You do not need to setup the CA - I will act as the CA. See below for how to get a certificate from the CA. The instructions refer to www.myuni.edu - you will use a different domain name.
To obtain a certificate you need to first create a Certificate Signing Request. See the OpenSSL commands in the instructions - they can be run either on ICT server or on node3 in your virtual network. It is important to set the correct values in your CSR:
The Common Name is important: it must exactly match the domain you will use for the website. Since your web site is in a virtual network, you may choose any domain you wish, as long as it is unique amongst all IT and CS students. (Since you don't know what other students choose, I suggest using your name in the domain, e.g. www.steve.com. Please do not use someone else's name).
To send to the CA, but the CSR file in your directory on ICT server. For example, if your ID is 5012345678:
/home/students/u5012345678/public_html/private/cert-myuni-5012345678.csr
After several minutes, the CA will copy your CSR and generate a certificate. If successful, the certificate will be created in the file:
/home/students/u5012345678/public_html/private/cert-myuni-5012345678.pem
If unsuccessful, then there will be an error message placed in:
/home/students/u5012345678/public_html/private/error-5012345678.txt
or a similar named file.
Once you have the certificate you can copy-and-paste the contents to a file on your nodes in the virtual network. This is easy as it is stored as a simple text file.
See the instructions for deploying the fake www.myuni.edu website. You should use this website, however you must change the domain. The instructions refer to www.myuni.edu - replace this with your chosen domain. You only need to make changes to the domain in the /etc/hosts file in all nodes and in the /etc/apache2/sites-available/default-ssl file on node3.
To setup HTTPS you will need the CA's certificate: download (right click and "Save link as", otherwise the certificate may be loaded into your browser)
You must capture packets on the router (node2) and then using the browser (e.g. lynx) on node1, visit the website using HTTPS. You should "login" to the website (e.g. using "5000000000" and "student" as username and password). Copy the capture file to your host computer and view the captured packets in Wireshark. You can filter for ssl to see the HTTPS packets. Study how SSL works. Can you see the username/password sent by the browser?
Your Certificate Signing Request and Certificate will be automatically copied you when put them on the ICT server. You must also submit the following: