From dd359681c56fb0c78eec2f059fb859a2e0bf3db0 Mon Sep 17 00:00:00 2001 From: moistCrack <73341809+moistCrack@users.noreply.github.com> Date: Fri, 23 Oct 2020 11:11:53 +0000 Subject: [PATCH 1/4] Update HTTPS.md --- TheHive4/Administration/HTTPS.md | 58 ++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/TheHive4/Administration/HTTPS.md b/TheHive4/Administration/HTTPS.md index e69de29..bf6f4aa 100644 --- a/TheHive4/Administration/HTTPS.md +++ b/TheHive4/Administration/HTTPS.md @@ -0,0 +1,58 @@ +### Step 1: Install openSSL + +### Step 2: Create an RSA Keypair: + + > openssl genrsa -des3 -passout pass:x -out xxx.key 2048 + +### Step 3: Extract the Private Key into the “httpd” Folder: + + > sudo mkdir /path/to/certificate/ + + > openssl rsa -passin pass:x -in xxx.key -out /path/to/certificate/xx.xx.xx.xx.key + +### Step 4: Creating a “Certificate Signing Request” (CSR) File: + + > openssl req -new -key /etc/httpd/httpscertificate/xx.xx.xx.xx.key -out /path/to/certificate//xx.xx.xx.xx.csr + +### Step 5: Creating the Certificate “.crt” File: + + > openssl x509 -req -days 365 -in /path/to/certificate/xx.xx.xx.xx.csr -signkey /path/to/certificate/xx.xx.xx.xx.key -out /path/to/certificate/xx.xx.xx.xx.crt + +### Step 6: Install Nginx + +### Step 7: Edit "/etc/nginx/nginx.conf" + + # Settings for a TLS enabled server. + + server { + + (...) + + ssl_certificate "/path/to/certificate/xx.xx.xx.xx.crt"; + + ssl_certificate_key "/path/to/certificate/xx.xx.xx.xx.key"; + + ssl_session_cache shared:SSL:1m; + + ssl_session_timeout 10m; + + ssl_ciphers HIGH:!aNULL:!MD5; + + ssl_prefer_server_ciphers on; + + # # Load configuration files for the default server block. + + include /etc/nginx/default.d/*.conf; + + location / { + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + + proxy_pass http://xx.xx.xx.xx:9000/; + + proxy_http_version 1.1; + + } + + +xx.xx.xx.xx = Machine IP address From 14fe29ea6c68bbac4655a74d810a0446595ea52f Mon Sep 17 00:00:00 2001 From: moistCrack <73341809+moistCrack@users.noreply.github.com> Date: Fri, 23 Oct 2020 11:53:08 +0000 Subject: [PATCH 2/4] Update HTTPS.md fix typo --- TheHive4/Administration/HTTPS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TheHive4/Administration/HTTPS.md b/TheHive4/Administration/HTTPS.md index bf6f4aa..0e8f779 100644 --- a/TheHive4/Administration/HTTPS.md +++ b/TheHive4/Administration/HTTPS.md @@ -12,7 +12,7 @@ ### Step 4: Creating a “Certificate Signing Request” (CSR) File: - > openssl req -new -key /etc/httpd/httpscertificate/xx.xx.xx.xx.key -out /path/to/certificate//xx.xx.xx.xx.csr + > openssl req -new -key /path/to/certificate/xx.xx.xx.xx.key -out /path/to/certificate//xx.xx.xx.xx.csr ### Step 5: Creating the Certificate “.crt” File: From 89ff26c2bc1f44624037b2ac4d5a8b0af0561610 Mon Sep 17 00:00:00 2001 From: moistCrack <73341809+moistCrack@users.noreply.github.com> Date: Fri, 23 Oct 2020 11:59:21 +0000 Subject: [PATCH 3/4] Update HTTPS.md Added info --- TheHive4/Administration/HTTPS.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/TheHive4/Administration/HTTPS.md b/TheHive4/Administration/HTTPS.md index 0e8f779..3113e82 100644 --- a/TheHive4/Administration/HTTPS.md +++ b/TheHive4/Administration/HTTPS.md @@ -1,10 +1,13 @@ +To use TheHive with HTTPS it's necessary a signed certificate. From step 1 to 5 is a way to created self-signed certificate using OpenSSL. +If the certificates are already created then it's just following step 6 to step 7 + ### Step 1: Install openSSL ### Step 2: Create an RSA Keypair: > openssl genrsa -des3 -passout pass:x -out xxx.key 2048 -### Step 3: Extract the Private Key into the “httpd” Folder: +### Step 3: Extract the Private Key into the “httpd” Folder: > sudo mkdir /path/to/certificate/ From 0e1067c1f8071b00bd24ec9604e09613b701411d Mon Sep 17 00:00:00 2001 From: moistCrack <73341809+moistCrack@users.noreply.github.com> Date: Fri, 23 Oct 2020 12:08:43 +0000 Subject: [PATCH 4/4] Update HTTPS.md --- TheHive4/Administration/HTTPS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TheHive4/Administration/HTTPS.md b/TheHive4/Administration/HTTPS.md index 3113e82..43f402b 100644 --- a/TheHive4/Administration/HTTPS.md +++ b/TheHive4/Administration/HTTPS.md @@ -7,7 +7,7 @@ If the certificates are already created then it's just following step 6 to step > openssl genrsa -des3 -passout pass:x -out xxx.key 2048 -### Step 3: Extract the Private Key into the “httpd” Folder: +### Step 3: Extract the Private Key into the “/path/to/certificate/” Folder: > sudo mkdir /path/to/certificate/