Lab Instructions
Advanced Crypto & Disk Encryption
Follow these written lab steps in order. Run one command at a time and verify output before moving on.
Lab objective
Module 5: Advanced Crypto & Disk Encryption. Lab: set up HTTPS on a local Apache server with a self-signed certificate. Optional: explore full-disk encryption (LUKS/BitLocker) and PKI basics.
Command
N/AExpected result: Apache serves HTTPS using a self-signed cert; you understand PKI and disk encryption basics.
Step 1 - Generate self-signed certificate with OpenSSL
Generate a key and self-signed cert: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache.key -out apache.crt -subj "/CN=localhost". Keep the key private; the cert can be used by Apache for HTTPS.
Command
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache.key -out apache.crt -subj "/CN=localhost"Expected result: apache.key and apache.crt are created.
Step 2 - Configure Apache for HTTPS
Install Apache (e.g. sudo apt install apache2). Enable ssl module: a2enmod ssl. Configure a vhost to use SSLEngine on, SSLCertificateFile and SSLCertificateKeyFile pointing to your apache.crt and apache.key. Restart Apache. Visit https://localhost and accept the self-signed cert warning.
Command
a2enmod ssl; configure default-ssl or a vhost with SSLCertificate*; systemctl restart apache2Expected result: https://localhost loads with a self-signed cert (browser warning is expected).
Step 3 - Verify and reflect
In the browser, open the lock icon and view the certificate—confirm it is your self-signed cert. Optionally use LUKS (Linux) or BitLocker (Windows) in a VM to create an encrypted volume. Reflect: why self-signed is fine for lab; in production you use a CA-issued cert.
Command
N/AExpected result: You have HTTPS on local Apache and can explain self-signed vs CA-issued certs.