Call us Today +49 7543 609337-0
Log In

Today we’re going to look into howto enabling HTTPS only connections for the Cacti web-interface running on a windows system. This post will guide you through the different steps required to enable SSL/HTTPS on an Apache server and setup automated redirection to the SSL enabled site.

Requirements

The steps we’re going to do requires a Cacti installation using the Cacti Windows Installer from the official Cacti website. The installer includes all required tools which we need to enable SSL and configure the http to https redirection.

Setup

The following lines need to be enabled in the file C:\Apache24\conf\httpd.conf :

LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

 

OpenSSL / Certificate Creation

cd "C:\Apache24\bin"
set OPENSSL_CONF=C:\Apache24\conf\openssl.cnf
openssl req -new -out C:\Apache24\conf\server.csr

You will go through the following screen. Make sure to not set a challenge password at the end of the process

Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
......++++++
............................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:BW
Locality Name (eg, city) []:Kressbronn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Urban-Software.de
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:WIN-TCC4WVDRK05
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Now let’s create the actual SSL key

openssl rsa -in privkey.pem -out C:\Apache24\conf\server.key

And the Certificate:

openssl x509 -in C:\Apache24\conf\server.csr -out C:\Apache24\conf\server.crt -req -signkey C:\Apache24\conf\server.key -days 365

Enable HTTP to HTTPS redirection

Add the following code to the end of the C:\Apache24\conf\httpd.conf file:

RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

That’s it. Your site should now have SSL enabled and http traffic is being re-directed to the HTTPs page. All previous http links should still work and automatically be redirected to the correct https page.

 

Leave a Reply