Setting up SSL on Ubuntu
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mutillidae-selfsigned.key -out /etc/ssl/certs/mutillidae-selfsigned.crt
Generating a 2048 bit RSA private key
.................................................+++
............+++
writing new private key to '/etc/ssl/private/mutillidae-selfsigned.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:KY
Locality Name (eg, city) []:Derby City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mutillidae Inc
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak
sudo nano /etc/apache2/sites-available/default-ssl.conf
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/mutillidae-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/mutillidae-selfsigned.key
sudo chown www-data:www-data /etc/ssl/certs/mutillidae-selfsigned.crt
sudo chown www-data:www-data /etc/ssl/private/mutillidae-selfsigned.key
sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo service apache2 restart
# Note: Because the certficate is self-signed, it is not trusted. Firefox may show a warning as result
https://localhost/mutillidae/index.php?page=home.php
OWASP Mutillidae II: Web Pwn in Mass Production
Back
Help Me!