Action required: Apply the fix for SNS firewall disks.
Please follow the procedure described in the How to update my SSD Firmware - Stormshield Knowledge Base article (authentication required).
Example of server configuration - Linux and Apache
This example specifies the various stages of configuring an Apache server on a Linux platform, allowing identification in Digest mode through an SSL connection (server certificate generated through the firewall’s PKI).
- Install the various necessary components:
- Apache Web Server,
- ssl module for Apache,
- dav module for Apache,
- dav_fs module for Apache,
- auth_digest module for Apache.
- Create the folder for receiving automatic backups (example: /var/www/html/autobackup).
- On the firewall hosting the CA used for automatic backups, create a server certificate relating to the server hosting the backups (module Configuration > Objects > Certificates and PKI).
- Next, select the certificate created and export it in PKCS12 format (menu Download > Certificate as a P12 file).
- Submit the PKCS12 file on the server.
- Use the following command to extract the private key:
openssl pkcs12 -in server_certificate.p12 -nocerts -nodes -out server_key.key
The option “-nodes” must be removed from the line if you wish for the private key to remain password-protected. However, in this case, you will be asked to provide this password every time the Apache server reboots.
- Use the following command to extract the certificate:
openssl pkcs12 -in server_certificate.p12 -clcerts -nokeys -out server_certificate.crt
- Move the certificate and private key to their respective folders (example: /etc/pki/tls/certs and /etc/pki/tls/private).
- Restrict privileges on the private key to only the superuser (example: chmod 400 /etc/pki/tls/private/server_key.key).
- Adapt the SSL configuration file accordingly (example: /etc/httpd/conf.d/ssl.conf):
After having installed the dav, dav_fs and auth_digest modules:
- Create a WebDAV configuration file for Apache (Example: /etc/httpd/conf.d/webdav.conf) containing the following directives:
In the example shown:
- The server can be contacted at the address https://server_name/autobackup (Alias directive pointing to the physical folder /var/www/html/autobackup).
- The authentication domain (Realm) is Autobackup (AuthName directive).
- The authentication method used is Digest (AuthType directive).
- The login/password pairs allowed to access this folder are stored in the file /usr/local/www/user.passwd (AuthUserFile directive).
- Create the password file for Digest mode and the first account (Autobackup authentication domain and the user autobackup in the example) using the command:
htdigest -c /usr/local/www/user.passwd Autobackup autobackup
- Enter the user’s password upon the command invite.
- Subsequently, if you wish to add other access accounts (new_account in the example), use the following command:
htdigest /usr/local/www/user.passwd Autobackup new_account
- Start or restart the Apache server to apply all changes.