18.24
Rizal "Tebe"
Disini kita mendapat kasus bagaimana configurasi webserver
agar dapat menggunakan SSL pada Apache HTTP Server anda dengan studi kasus : self-signed-certificate.
1. Masuk ke komputer host Anda. Disini, saya memakai
komputer host bernama Didik yang berlaku sebagai web server
2. Matikan apache -> service apache2 stop
3. a2enmod ssl
4. Generate CSR : openssl req -new >
new.ssl.csr
Generating a 1024 bit RSA private key ................++++++
........................++++++ writing new private key to 'privkey.pem' Enter
PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be
asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank For some fields there
will be a default value, If you enter '.', the field will be left blank. -----
Country Name (2 letter code) [AU]:Enter Code Here State or Province
Name (full name) [Some-State]:Enter State Here Locality Name (eg,
city) []:Enter City Here Organization Name (eg, company) [Internet
Widgits Pty Ltd]:Enter Company Name Organizational Unit Name (eg,
section) []:Org Unit (if you have one) Common Name (eg, YOUR name)
[]:First and Last NameEmail Address []:Work Email Please
enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:Leave Blank An optional company name []:Optional
5. Generate
Certificate
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in
new.ssl.csr -out new.cert.new.ssr.csr -req -signkey new.cert.key -days (berapa
jumlah hari)
cp new.cert.cert
/etc/ssl/certs/server.crt
cp new.cert.key
/etc/ssl/private/server.key
6. Konfigurasi apache
nano /etc/apache2/sites-available/mydomain.net
kalau di komputer saya, nano
/etc/apache2/sites-available/default
Kemudian isi code berikut di baris terbawah :
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
0 komentar:
Posting Komentar