new files

I520_AI.cer

+Bag Attributes
+    localKeyID: 4C B6 5E 49 BA 55 C1 47 FF 33 5D F0 90 47 56 00 3D 8F B7 B9 
+    friendlyName: dingchan@indiana.edu
+subject=postalCode = 47405, O = Indiana University-Bloomington, ST = Indiana, L = Bloomington, C = US, CN = Changchang Ding, emailAddress = dingchan@indiana.edu
+
+issuer=C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Standard Assurance Client CA
+
+-----BEGIN CERTIFICATE-----
+MIIF3DCCBMSgAwIBAgIQevMOS8PcHyAKyhGt+M9lzDANBgkqhkiG9w0BAQsFADCB
+iTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
+EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xMjAwBgNVBAMT
+KUluQ29tbW9uIFJTQSBTdGFuZGFyZCBBc3N1cmFuY2UgQ2xpZW50IENBMB4XDTE5
+MDkxMjAwMDAwMFoXDTIyMDkxMTIzNTk1OVowga0xDjAMBgNVBBETBTQ3NDA1MScw
+JQYDVQQKEx5JbmRpYW5hIFVuaXZlcnNpdHktQmxvb21pbmd0b24xEDAOBgNVBAgT
+B0luZGlhbmExFDASBgNVBAcTC0Jsb29taW5ndG9uMQswCQYDVQQGEwJVUzEYMBYG
+A1UEAxMPQ2hhbmdjaGFuZyBEaW5nMSMwIQYJKoZIhvcNAQkBFhRkaW5nY2hhbkBp
+bmRpYW5hLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI5+Ycev
+307kqpzs6em9ayabChNPYBP9/x12TevmcSW2Vrt6gevtSlJ/2OWqjCQZIHVm9fK5
+nD+kAKg1U7fxeX2xCz6PDN+WA8aRfVek3Hq0WuYem76KyrVhmavVlbC4QkM1WhQt
+MUT/AdQM1lu3RCIZAwebvqpjEPP3jkBuWQoV+1zjJSg1cy7GYCydIaW3sslRl5uE
+cy/0yAlPbHnCtg2AEKi451CsvrspuYn4mYdJydzzOKSWFvD71djsq4zpacvewYCa
+PAHzCyc8XUOqJ0X6XFkqRCKOQTd4rJughjLHjrvo9m5tcG/xYtTI4b6VFXODy4j6
+XDBWKVfT6mJIoWkCAwEAAaOCAhgwggIUMB8GA1UdIwQYMBaAFH3ucdAf66lhbY9m
+hK0PKwfiMdu8MB0GA1UdDgQWBBRMtl5JulXBR/8zXfCQR1YAPY+3uTAOBgNVHQ8B
+Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYB
+BQUHAwIwagYDVR0gBGMwYTBfBg0rBgEEAa4jAQQDAwABME4wTAYIKwYBBQUHAgEW
+QGh0dHBzOi8vd3d3LmluY29tbW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3N0
+YW5kYXJkX2NsaWVudC5wZGYwVQYDVR0fBE4wTDBKoEigRoZEaHR0cDovL2NybC5p
+bmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU3RhbmRhcmRBc3N1cmFuY2VDbGll
+bnRDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBQBggrBgEFBQcwAoZEaHR0cDovL2Ny
+dC5pbmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU3RhbmRhcmRBc3N1cmFuY2VD
+bGllbnRDQS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmluY29tbW9uLXJz
+YS5vcmcwRQYDVR0RBD4wPKAkBgorBgEEAYI3FAIDoBYMFGRpbmdjaGFuQGluZGlh
+bmEuZWR1gRRkaW5nY2hhbkBpbmRpYW5hLmVkdTANBgkqhkiG9w0BAQsFAAOCAQEA
+HyYE2kh6+IpcV1JfeNJAux9Bypi4dSEwUgBs04L+0fFtP0UZxg/38DVUhrds9+eB
+vk+q4gZdmARb6r1W4pnXtCeoMVv5kMGqXFZf7q2ZfQdlVEeeAPW15ZcRtC0n6rbj
+BZVwSLkuxO1FslMv6hhMOKopjYoMduFpQ1euSM35+SA/wuH5SUwRmqFuPf9uVFw6
+pL9cEloE4in4dltZ28ixB0H1c9sFD+O9F1txY+SM6bgUpjhZuI91LX65PMIzvEAw
+5wFXByBvd7TkpiNEW1Z82CvIQtDIjJ20j4xSJ7VtTgq1tEva4ZD8/MGG1lupcsed
+DYMsQoW5zdnMxS8ZSFiiyw==
+-----END CERTIFICATE-----

dingchan.pubkey.txt

+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF16r9wBEACu8iUJAH9DaNqcwDERfEFh1aw6kKo66IUaMn7cEUC7YLg0DCXJ
+3TJf/zT32G7Q4gjvlA7Mesa71Pp1E2/FXuGn30nkGKOG0LdHXFxudTD6ep20sNPD
+leojtMcgqiku4Cv9I8OlqCPZH6hfReSUDYWB1apj4/p/EPYKUcJjX8xo04x9xVSx
+zaWBltB8lUPzQ8C8LHCSh/rVcToq9P8Ip847tL5+kXFmfY6uBOYHn7OlMRGXsmoK
+AvZpGFNvLH2zmPZ7FcfYX8YD03NHScDqQiRWVpl9D4lpEexrtw6bwn9LlNehuP6D
+B2c6u/u7vTbLLgSq8lf84n9tEOAy79TJl57LbjmzYeZ+Xu2CwhOtPuLYQ2OzeJ47
+hlpimWhwefTXi8dxD5CTPkNE0IG5znUheIgRaT03wCPcKZA79YV3ge9pxvaHOQPn
+oROQhIE9Z05UTdZUwmQNySxkoLGH1Y+QfWWZv+1NISJphvteYTtkY9lvNHCH5gdz
+QJdIyKYzI8Ua8wMEf0gPWvWleEtMEIpwgcYGfk08ViImKsBkxgD4ytWGYzdjL+68
+4qSPz/qeeaKElSxoPVS82VvxSVkpxENyDRL8KU6LR+HCr80FdTfitMxPZPjoiJQd
+0tgWBdCfSmXrg6ZOyX6gL5xpcRGMlskaOZi9Mzg7mT4GXnx7u+3ee8DtZQARAQAB
+tEJESU5HIENoYW5nY2hhbmcgKEZvciBjb3Vyc2UgQ1NDSS1CNTQ0IG9ubHkpIDxk
+aW5nY2hhbkBpbmRpYW5hLmVkdT6JAlQEEwEIAD4WIQRsVjzuJdud7RoiH22ZCnhn
+koMH3wUCXXqv3AIbAwUJAMXBAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCZ
+CnhnkoMH37ljD/wIrJgEX/770vBtEwrPl00zMZNegHuHR1XotxEa2kuOiM/wdCGM
+GqcmdlUHlNYyaX/Y+1xqQ3GRCrmfy0+LWdShpX4zHTQjaqbait/ujMGimrk4c/N6
+dVvq/bofllNsgq+UxY5Z0JkJnWSRIAe3a4hAnnubYBxBW1YU/Wb8uO0CTyufyVJx
+wkhlxAcxE7dIYQVMQ6/wGuVhlXpgscQr0fadR9DPNehzJXaGt0ocqgoB4XHBAumt
+rTC1etY5AL1BY2FPH+jVmWDVoKYzG1uAQR6TRn6yWTI4S9/+/pj5CM1TDXOPrlaU
+N2TJqTNql7giajApWP5nNbf5iE0zNVqwcs75Vyo+YISejIL9K+IjmLJTY/nsOdnF
+pK15pEQf8kCQn828EwMtHKXC3oIidsiayCu13lOeefpBPAj0JlNBg/AnHw8Xyq2w
+bBU6WHuaCOLkRj5PRowJvHcqltbE4IexMOWxX8aYJYPpkFmAeael5X8kwdyk7nBy
+tkVGYIa8S3y93MKfCj/TMLblPankRX9FDg77xFWMARumVWQLmqrs2sMcMZ1qq5/S
+mr21Weyt5h7ZSi734Eb1tzt3fq2Xi2VTcvyHf+Z6YeKG5KVx6Dn1eHaY/CU+zoO1
+f4p5HOe+8nE3QUg+CQztfpYp6LfS7npGh7mAA6hXdz2U6L4ItFjniGfwcbkCDQRd
+eq/cARAAwRqlYjd+7K6V/GW8/ALHVk85ARXq9ehW0pz1AhsqXy7SBP1OMO/607RD
+RDTBGlzV+mCdCYTonoLfIRk77iJsx3n0SKVN+Cbx5qR3XNoTvX9Y37a+7Gl3esLZ
+URFn8fGueUOOmLxNQmOdq++XKrYpBqJT/g6LbFMznLDf89eH43QPMhVCCE2af6v1
+FrFQPKBGIx73PdcoynB//JkFkNnwS4XqlL0HwZoRPzNq5+Z/yXlv5zpaZMLj95KT
+M7nOyUfaV8JiKMh4mPy2sWrbs8MNTAFMZxsD7cv0WNI26Xg+7DBMNGGI+i3ppFKf
+E83hihguUtb53KIKAgRRKKBog61mfSFYuJI6aRXzdWNa080xx2qSjfZCCmWmWx13
+hGOEdVrtUGMhTA1uFA5zTdFkELcQWA/Nu5qwZHhb/P2xb/xYjKTrkk/Sbv8VfPPm
+P/zeZHIgn9pBbvcNxHL7UlAB8xvSgmZdbIdYSDt+NOFWffTJXIG5wgU3JNgVib4+
+2g4fp3Gl5+Ic+2VkZi80Sk62vsnYa6/8s3rWdZRfwVHwO3ag2GlowVwu7NB0RyMF
+ua0ItoorzTXoslVFlVugrd+gscYjl2YfVaNHFMBw5cPgSwx3FLeM/VL+059t98G3
+03s07ux88cSy3Tpx04qITFwUvkIIBA4CZH7xw4FjrEJfiSk1oVMAEQEAAYkCPAQY
+AQgAJhYhBGxWPO4l253tGiIfbZkKeGeSgwffBQJdeq/cAhsMBQkAxcEAAAoJEJkK
+eGeSgwff/NQQAKOPQeqvih4uI3ZQj9LX0KCWvZBwfCziRYFN3/SIWq+NUdW7cEIO
+aaQA/I5JZv5Irp3s8lE12WmQ59OImOkSEQtbyXZoAxGr9an6JMBkww/KwZN1CKbO
+1Ka+mZjM6Kzk1BbJZdkBTiG6YoaXkBz4OdYdl+UbicpYdDvudt6vtQJaS5r3U7L1
+Iyr48dspZPKfFrzUWtblsiYHLfNHy5ssBLoIXOxUP6gEkqeBEfaf1M/5xFOTO01a
+npRncGNeg3ety+HxKT1Kuw9CwYEYrAQaVvHbWCUF43VBgZerEXUQEx3doAbUjJEc
+zYAinIHiWbWfkU5QcHMrTXUYrrCPk9YNPnaiHjWFgImqq+HHCt7Y3bMp0+K4lkt8
+D4bJRdHl70BmnWnXdfa7nNAsnuEhfYU+kykfmvz1+YiegL7YK7ej+ybp1t2fofZX
+n6iU8GOge1XKPiPrYaNx1qy56+K4APVxkLGhjyg993nKG5LjC546KUPuLYLQUTfH
+DF6t3uU1P0ua/XhbLPR+HwFoLZ+Da2d2XUqtst+HmY0C6v6RbZBgzoNqYUHkRUHY
+hLGZ81dfkhh4XiRy0OSGagfxTT7lgB9na8qWoQEJ6UVIAX0aGcE1GSWIrtha1aeQ
+9DrLuEeuw6649gt6eX7jOOdrHlO70VHZi8D3o1eK416UgllSz4gskVZ1
+=rz+p
+-----END PGP PUBLIC KEY BLOCK-----

lab5.txt

+sudo su
+mkdir /opt/CA
+mkdir /opt/CA/newcerts
+mkdir /opt/CA/private
+mkdir /opt/CA/certs
+mkdir /opt/CA/reqs
+
+cd /opt/CA
+
+echo "01" > serial
+touch database.txt
+
+cp /user/lib/ssl/openssl.cnf /opt/CA/caconfig.cnf
+
+nano caconfig.cnf
+
+# Change these parameters in the Text Editor
+• Set dir to /opt/CA
+• Set database to $dir/database.txt
+• Verify that new_certs_dir to $dir/newcerts
+• Verify that certs is set to $dir/certs
+• Find the section [ policy_match ] and set the following options
+• Set countryName, stateOrProvinceName, and organizationName to optional. These options allow
+the CA to sign certificates with any of the identity information in those fields set to anything. The
+default restrictions will only allow signatures on certificates that match the country code, state, and
+organization.
+#SAVE
+#Exit
+
+export OPENSSL_CONF=/opt/CA/caconfig.cnf
+
+openssl req -x509 -newkey rsa:2048 -out cacert.pem -outform PEM -days 60
+
+#Organization name and Common Name enter username_CA
+
+
+
+mv privkey.pem /opt/CA/private/
+
+cp cacert.pem /opt/CA/
+
+
+
+
+# Log in to Client
+openssl req -new -newkey rsa:2048 -nodes -keyout clientkey.key -out clientreq.csr
+
+#Organization name username_Client 
+#Common name set to IP address of Client
+#Leave password and company name blank
+
+mv clientkey.key /etc/ssl/private/
+scp clientreq.csr username@serverip:/home/username/
+
+#log in to server
+
+mv clientreq.csr /opt/CA/reqs
+
+openssl ca -out /opt/CA/certs/192.168.122.188.pem –config /opt/CA/caconfig.cnf -infiles
+/opt/CA/reqs/clientreq.cs
+
+sudo su
+ls /opt/CA/certs
+#get new cert name
+scp /opt/CA/certs/newcert username@clientip:/home/username/
+scp /opt/CA/cacert.pem username@clientip:/home/username/
+# login to client
+
+sudo cp newcert /etc/ssl/certs/
+sudo cp cacert.pem /etc/ssl/certs/
+
+sudo a2enmod ssl
+
+sudo nano sudo a2enmod ssl
+
+#append this to end of the document
+<VirtualHost *:443>
+DocumentRoot /var/www/html/
+<Directory />
+Options Indexes FollowSymLinks MultiViews
+AllowOverride None
+</Directory>
+<Directory /var/www/html/>
+Options Indexes FollowSymLinks MultiViews
+AllowOverride None
+Order allow,deny
+allow from all
+</Directory>
+SSLEngine on
+SSLCertificateFile /etc/ssl/certs/192.168.122.188.pem #THIS NEEDS TO BE CHANGED TO MATCH
+SSLCertificateKeyFile /etc/ssl/private/clientkey.key
+SSLCertificateChainFile /etc/ssl/certs/cacert.pem
+</VirtualHost>
+
+#save exit
+
+service apache2 restart 
+
+
+sudo cp /etc/ssl/certs/cacert.pem /var/www/html/
+
+
+#login to Server VM
+#open Firefox
+
+1. Connect to your web server using your browser over a normal HTTP connection to get the
+certificate (e.g. http://192.168.122.188/cacert.pem). If it displays the certificate contents in the
+window, right-click on the page and click ‘Save Page As’ to download it to a location on your
+computer.
+2. Navigate to Edit->Preferences->Advanced->Encryption->View Certificates
+3. Make sure the Authorities tab is selected and then click Import...
+4. Find the cacert.pem file you just downloaded and click Open
+5. Check the box that says “Trust this CA to identify websites.” and then click OK
+
+
+You should now be able to visit your website using HTTPS and not receive any certificate errors.
+