Securing KIWI web access with https

A coworker created the following to secure the KIWI web server for https -

 KIWI SYS-LOG SSL CONFIGURATION

1.        Install Apache for Win32 x86 with OpenSSL.  This usually comes as an MSI.

2.       Modify the following files.

a.       C:\Program Files\Apache Group\Apache 2\conf  httpd.conf

b.      C:\Program Files\Apache Group\Apache 2\conf  ssl.conf

3.       For the httpd.conf file you must add and change the following

Uncomment the following line

#LoadModule proxy_module modules/mod_proxy.so

#LoadModule ssl_module modules/mod_ssl.so

Add

ServerName 10.x.x.x:80

<VirtualHost 0.0.0.0:80>

    ServerName slog01

    ServerAlias slog01

    ProxyPass / http://localhost:8088/

    ProxyPassReverse / http://localhost:8088/

</VirtualHost>

4.       For the ssl.conf file you must add and change the following

Comment out the following

#<IfDefine SSL>  and  #</IfDefine>

Ensure the following

Listen 0.0.0.0:443

Add the following

ProxyRequests Off

<Proxy *>

Order deny,allow

     Deny from all

        Allow from 10.x.x.x/24

        Allow from 10.x.x.x/24

        Allow from 10.x.x.x/24

        Allow from 10.x.x.x/24

        Allow from 10.x.x.x/24

</Proxy>

<VirtualHost 0.0.0.0:443>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile      conf/ssl.crt/new.cert.cert

    SSLCertificateKeyFile   conf/ssl.key/new.cert.key

    ServerName log01

    ServerAlias nsochinslog01

    ErrorLog logs/ssl_error_log.txt

    TransferLog logs/ssl_access_log.txt

    ProxyPass / http://localhost:8088/

    ProxyPassReverse / http://localhost:8088/

</VirtualHost>

5.       Creating the SSL Certificate

a.       Location of the cert file c:\Program Files\Apache Group\Apache2\conf\ssl.crt

b.      Location of the key file c:\Program Files\Apache Group\Apache2\conf\ssl.key

Procedures using UNIX to create the SSL Certificate:

                Generate Server CA Signer

                                openssl genrsa -des3 -out server.key 2048

                Generate Certificate Service Request (CSR)

                                openssl req -new -key server.key -out server.csr

                Remove Passphrase from Key

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

                                                Generate Self Signed Certificate

                                                                openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

6.       Once everything is setup stop and start the apache services.  You should then be able to hit the Kiwi Syslog Server securely with apache acting as a reverse proxy to the kiwi server.