1. Morten Bo Nielsen – mon@eal.dk 1/7
Servers and SSL
ITT2 IT security
2014S

2. Morten Bo Nielsen – mon@eal.dk 2/7
Basic HTTPS recap
Client/server
Certificates
3rd party CA

3. Morten Bo Nielsen – mon@eal.dk 3/7
Assignment: Risk assessment
Why encrypt HTTP traffic?
Threats? Vulnerability?
Impact? Likelihood?

4. Morten Bo Nielsen – mon@eal.dk 4/7
Assignement: HTTPS webserver
Install apache and enable https
(use a self-signed certificate)
(hint)

5. Morten Bo Nielsen – mon@eal.dk 5/7
Assignment: Use your CA
Use your CA from Tuesday to create a proper
certificate
Distribute the CA certificate to other groups

6. Morten Bo Nielsen – mon@eal.dk 6/7
Assignment: other services
Suggestions:
IMAP (dovecot)
SMTP (postfix or Exim4)
VPN (openvpn)
SSH (openssh)

7. Morten Bo Nielsen – mon@eal.dk 7/7
Credits & licences
● Content by Morten Bo Nielsen
License: Creative Commons Attribution-NonCommercial-
ShareAlike 3.0 Unported License. (
http://creativecommons.org/licenses/by-nc-sa/3.0/)
● EAL logo might be an issue, please check before you use it