Example of server configuration - Linux and Apache

This example specifies the various stages of configuring an Apache server on a Linux platform, allowing identification in Digest mode through an SSL connection (server certificate generated through the firewall’s PKI).

  1. Install the various necessary components:
  • Apache Web Server,
  • ssl module for Apache,
  • dav module for Apache,
  • dav_fs module for Apache,
  • auth_digest module for Apache.
  1. Create the folder for receiving automatic backups (example: /var/www/html/autobackup).
  1. On the firewall hosting the CA used for automatic backups, create a server certificate relating to the server hosting the backups (module Configuration > Objects > Certificates and PKI).
  2. Next, select the certificate created and export it in PKCS12 format (menu Download > Certificate as a P12 file).
  1. Submit the PKCS12 file on the server.
  2. Use the following command to extract the private key:

openssl pkcs12 -in server_certificate.p12 -nocerts -nodes -out server_key.key

The option “-nodes” must be removed from the line if you wish for the private key to remain password-protected. However, in this case, you will be asked to provide this password every time the Apache server reboots.

  1. Use the following command to extract the certificate:

openssl pkcs12 -in server_certificate.p12 -clcerts -nokeys -out server_certificate.crt

  1. Move the certificate and private key to their respective folders (example: /etc/pki/tls/certs and /etc/pki/tls/private).
  2. Restrict privileges on the private key to only the superuser (example: chmod 400 /etc/pki/tls/private/server_key.key).
  3. Adapt the SSL configuration file accordingly (example: /etc/httpd/conf.d/ssl.conf):

After having installed the dav, dav_fs and auth_digest modules:

  1. Create a WebDAV configuration file for Apache (Example: /etc/httpd/conf.d/webdav.conf) containing the following directives:

In the example shown:

  • The server can be contacted at the address https://server_name/autobackup (Alias directive pointing to the physical folder /var/www/html/autobackup).
  • The authentication domain (Realm) is Autobackup (AuthName directive).
  • The authentication method used is Digest (AuthType directive).
  • The login/password pairs allowed to access this folder are stored in the file /usr/local/www/user.passwd (AuthUserFile directive).
  1. Create the password file for Digest mode and the first account (Autobackup authentication domain and the user autobackup in the example) using the command:

htdigest -c /usr/local/www/user.passwd Autobackup autobackup

  1. Enter the user’s password upon the command invite.
  2. Subsequently, if you wish to add other access accounts (new_account in the example), use the following command:

htdigest /usr/local/www/user.passwd Autobackup new_account

  1. Start or restart the Apache server to apply all changes.