Today we’re going to look into howto enabling HTTPS only connections for the Cacti web-interface running on a windows system. This post will guide you through the different steps required to enable SSL/HTTPS on an Apache server and setup automated redirection to the SSL enabled site.
Requirements
The steps we’re going to do requires a Cacti installation using the Cacti Windows Installer from the official Cacti website. The installer includes all required tools which we need to enable SSL and configure the http to https redirection.
Setup
The following lines need to be enabled in the file C:\Apache24\conf\httpd.conf :
LoadModule rewrite_module modules/mod_rewrite.so LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf
OpenSSL / Certificate Creation
cd "C:\Apache24\bin" set OPENSSL_CONF=C:\Apache24\conf\openssl.cnf openssl req -new -out C:\Apache24\conf\server.csr
You will go through the following screen. Make sure to not set a challenge password at the end of the process
Loading 'screen' into random state - done Generating a 1024 bit RSA private key ......++++++ ............................++++++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:BW Locality Name (eg, city) []:Kressbronn Organization Name (eg, company) [Internet Widgits Pty Ltd]:Urban-Software.de Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:WIN-TCC4WVDRK05 Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Now let’s create the actual SSL key
openssl rsa -in privkey.pem -out C:\Apache24\conf\server.key
And the Certificate:
openssl x509 -in C:\Apache24\conf\server.csr -out C:\Apache24\conf\server.crt -req -signkey C:\Apache24\conf\server.key -days 365
Enable HTTP to HTTPS redirection
Add the following code to the end of the C:\Apache24\conf\httpd.conf file:
RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] # This rule will redirect users from their original location, to the same location but using HTTPS. # i.e. http://www.example.com/foo/ to https://www.example.com/foo/ # The leading slash is made optional so that this will work either in httpd.conf # or .htaccess context
That’s it. Your site should now have SSL enabled and http traffic is being re-directed to the HTTPs page. All previous http links should still work and automatically be redirected to the correct https page.