Lab 2: Create a Self-signed Certificate

Lab 2: Create a Self-signed Certificate


Module 20: Cryptography

Lab 2: Create a Self-signed Certificate

Task 1: Create and Use Self-signed Certificates



Self-signed certificates are widely used for testing servers. In self-signed certificates, a user creates a pair of public and 

private keys using a certificate creation tool such as Adobe Acrobat Reader, Java’s keytool, Apple’s Keychain, etc. and signs the

 document with the public key. The recipient requests the private key from the sender in order to verify the certificate. However,

 certificate verification rarely occurs due to the necessity of disclosing the private key: this makes self-signed certificates useful 

only in a self-controlled testing environment.


Here, we will create a self-signed certificate in Windows Server 2019.


refer to blog 



Lab Scenario

As a professional ethical hacker and penetration tester, you must possess a proper knowledge of creating this certificate as it validates the public key contained within the certificate belonging to the person, company, server, or other entity mentioned. The labs in this exercise demonstrate the creation of a self-signed certificate.

Lab Objectives

  • Create and use self-signed certificates

Overview of Self-signed Certificate

In cryptography and computer security, a self-signed certificate is an identity certificate signed by the same entity whose identity it verifies. However, the term is unrelated to the identity of the person or organization that actually performs the signing procedure.

Task 1: Create and Use Self-signed Certificates

Self-signed certificates are widely used for testing servers. In self-signed certificates, a user creates a pair of public and private keys using a certificate creation tool such as Adobe Acrobat Reader, Java’s keytool, Apple’s Keychain, etc. and signs the document with the public key. The recipient requests the private key from the sender in order to verify the certificate. However, certificate verification rarely occurs due to the necessity of disclosing the private key: this makes self-signed certificates useful only in a self-controlled testing environment.

Here, we will create a self-signed certificate in Windows Server 2019.

  1. Click on Windows Server 2019 to switch to the Windows Server 2019, click Ctrl+Alt+Delete to activate the machine, By default, Administrator profile is selected, click on Pa$$w0rd to enter password in the password field and press Enter to login.

    Screenshot

  2. Before you start this task, you will need to check with your local sites whether they include a self-signed certificate.

  3. Launch any web browser (here, Google Chrome), place the cursor in the address bar and click on https://www.goodshopping.com, and press Enter.

  4. As you are using an https channel to browse the website, it displays a page stating that This site can’t be reached.

  5. As the site does not have a self-signed certificate, it displays a connection refused message, as shown in the screenshot. Close the web browser.

    Screenshot

  6. Click the Type here to search icon present in the bottom-left of Desktop and type iis. Select Internet Information Services (IIS) Manager from the results.

    Screenshot

  7. The Internet Information Services (IIS) Manager window appears; click the machine name (SERVER2019 (SERVER2019\Administrator)) under the Connections section from the left-hand pane.

  8. In SERVER2019 Home, double-click Server Certificates in the IIS section.

    cry59.jpg

  9. The Server Certificates wizard appears; click Create Self-Signed Certificate… from the right-hand pane in the Actions section.

    cry60.jpg

  10. The Create Self-Signed Certificate window appears; type GoodShopping in the Specify a friendly name for the certificate field. Ensure that the Personal option is selected in the Select a certificate store for the new certificate field; then, click OK.

    cry61.jpg

  11. A newly created self-signed certificate will be displayed in the Server Certificates pane, as shown in the screenshot.

    cry62.jpg

  12. Expand the Sites node from the left-hand pane, and select GoodShopping from the available sites. Click Bindings… from the right-hand pane in the Actions section.

    cry63.jpg

  13. The Site Bindings window appears; click Add….

    cry64.jpg

  14. The Add Site Binding window appears; choose https from the Type field drop-down list. Once you choose the https type, the port number in the Port field automatically changes to 443 (the channel on which HTTPS runs).

  15. Choose the IP address on which the site is hosted (here, 10.10.10.19).

  16. Under the Host name field, type www.goodshopping.com. Under the SSL certificate field, select GoodShopping from the drop-down list, and click OK.

    cry65.jpg

  17. The newly created SSL certificate is added to the Site Bindings window; then, click Close.

    cry66.jpg

  18. Now, right-click the name of the site for which you have created the self-signed certificate (here, GoodShopping) and click Refresh from the context menu.

    cry67.jpg

  19. Minimize the Internet Information Services (IIS) Manager window.

  20. Open the Google Chrome browser place the cursor in the address bar and click on https://www.goodshopping.com, and press Enter.

  21. The Your connection is not private message appears, click ADVANCED to proceed.

    cry68.jpg

  22. Click Proceed to www.goodshopping.com (unsafe).

    cry69.jpg

  23. Now you can see Goodshopping webpage with ssl certificate assigned to it, as shown in the screenshot.

    cry70.jpg

  24. This concludes the demonstration of creating and using a self-signed certificate.

  25. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 7: Perform Enumeration using Various Enumeration Tools

Image
  Lab 7: Perform Enumeration using Various Enumeration Tools Module 04: Enumeration Lab 7: Perform Enumeration using Various Enumeration Tools Task 1: Enumerate Information using Global Network Inventory Task 2: Enumerate Network Resources using Advanced IP Scanner Task 3: Enumerate Information from Windows and Samba Hosts using Enum4linux The details obtained in the previous steps might not reveal all potential vulnerabilities in the target network.  There may be more information available that could help attackers to identify loopholes to exploit. As an ethical hacker,  you should use a range of tools to find as much information as possible about the target network’s systems. This lab activity  will demonstrate further enumeration tools for extracting even more information about the target system. refer to blog Lab Scenario The details obtained in the previous steps might not reveal all potential vulnerabilities in the target network. There may be more information ...
Read more

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

Image
  Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools Module 05: Vulnerability Analysis Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools Task 1: Perform Vulnerability Analysis using OpenVAS OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability  scanning and vulnerability management solution. Its capabilities include unauthenticated testing, authenticated testing,  various high level and low-level Internet and industrial protocols, performance tuning for large-scale scans, and a powerful  internal programming language to implement any vulnerability test. The actual security scanner is accompanied with a regularly  updated feed of Network Vulnerability Tests (NVTs)—over 50,000 in total. Vulnerability Analysis to identify security loopholes using Parrot Security / OpenVAS // Vulnerability Assessment  - Applications --> Pentesting --> Vu...
Read more