SSL Certificate Installation on Security Onion Server

[Ryan John Peck]

Anything special need to be done to install a properly signed SSL Certificate on a Security Onion Server?

Looking at the apache2 configuration the following files will need to be changed -

/etc/apache2/sites-available/default-ssl
/etc/apache2/sites-available/elsa
/etc/apache2/sites-available/snorby
/etc/apache2/sites-available/xplico

And the following options for each file -
SSLCertificateFile
SSLCertificateKeyFile

and in my case also add an Intermediate CA -
SSLCertificateChainFile

Looking at the ELSA settings which involve SSL - I don't see Security Onion isn't using any of them - https://code.google.com/p/enterprise-log-search-and-archive/wiki/Documentation#URL

I'm assuming this will be like any other SSL installation for Apache - but I wanted to make sure before I attempted.

Any thoughts/feedback?

Thanks!

[Doug Burks]

Hi Ryan,

Sounds like you've got it figured out. Please let us know how it
works out for you.

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

[Michał Purzyński]

And please add it to documentation or file a bug to have it added there. Thanks a lot!

Michał Purzyński

[Greg Williams]

Ryan, those are the ones I replaced. Worked no problem for me.

[Ryan]

No problems for me either!

Ryan Peck

On Tue, Sep 9, 2014 at 4:36 PM, Greg Williams <alpha...@gmail.com> wrote:

Ryan, those are the ones I replaced.  Worked no problem for me.

--
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/5rtDKfFP7XE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.

[kriss...@gmail.com]

Ryan-
I am looking to added an internally signed cert to security onion; but I am pretty new to security onion and apache. Were you able to get this going? If you were, do you mind posting some quick instructions?
Thanks!

[Wes]

You may want to try taking a look here:

https://groups.google.com/d/msg/security-onion/0lRQQc6KJXI/HB02ObAKCwAJ

Also see:

https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists#start-a-new-thread-instead-of-replying-to-an-old-one

Thanks,
Wes

[ssi]

hi is this guide still valid with kibana running in a container ?

lørdag den 11. maj 2019 kl. 22.40.43 UTC+2 skrev Nic McHenry:

If you are in a similar situation as to mine then you have access to the .pfx with the private key attached. Here is a simple way to extract the two keys and place them where they belong.



#Export Cert from IIS with private key

# copy to security onion via sftp to ~/Desktop
 
 
# To extract the private key, run the OpenSSL command:
sudo openssl pkcs12 -in <filename>.pfx  -nocerts -out privkey.pem

#To extract the certificate (public key), run the OpenSSL command:
sudo openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem
 
 
 !!!!!!!!!!!!!!!!!!!!Certs CREATE BACKUP FIRST!!!!!!!!!!!
 
 
 #SSLCertificateFile
sudo cp /etc/ssl/certs/securityonion.pem /etc/ssl/certs/securityonion.pem.bak
 
 
 #SLCertificateKeyFile
sudo cp /etc/ssl/private/securityonion.key /etc/ssl/private/securityonion.key.bak

sudo cp ~/Desktop/privkey.pem /etc/ssl/private/securityonion.key

sudo cp ~/Desktop/cert.pem /etc/ssl/certs/securityonion.pem

sudo service apache2 restart

#may need to provide password