90 likes | 411 Views
HTTPS/SSL. Oleh: Idris Winarno. Persiapan. Pastikan repository debian # vim /etc/apt/sources.list deb http://kebo.vlsm.org/debian etch main contrib non-free # apt-get update. Installasi DNS Server. Materi dapat di download di: http://kebo.vlsm.org/~idris/file/admin_jarkom/DNSserver.pdf
E N D
HTTPS/SSL Oleh: Idris Winarno
Persiapan • Pastikan repository debian # vim /etc/apt/sources.list deb http://kebo.vlsm.org/debian etch main contrib non-free # apt-get update
Installasi DNS Server • Materi dapat di download di: http://kebo.vlsm.org/~idris/file/admin_jarkom/DNSserver.pdf • Tambahkan subdomain ssl # vim /var/cache/bind/(nama file)
Installasi Web Server • Materi dapat di download di: http://kebo.vlsm.org/~idris/file/admin_jarkom/P1%20-%20Apache.pdf • Tambah kan port 443 # vim /etc/apache2/ports.conf • Tambahkan namevirtual # vim /etc/apache2/conf.d/virtual NameVirtualHost *:80 NameVirtualHost *:443 • Hapus NameVirtualHost yang ada di /etc/apache2/sites-enables/000-default • Aktikan module ssl # a2enmod ssl # /etc/init.d/apache2 restart
Installasi Certificate • Installasi: # apt-get install openssl ssl-cert
Pebuatan Certificate • Buat folder untuk meletakkan cert # mkdir /etc/apache2/ssl # cd /etc/apache2/ssl • Membuat cert # openssl req –new > domainku.csr # openssl rsa –in privkey.pem –out domainku.key # openssl x590 –in domainku.csr –out domainku.cert –req –signkey domainku.key –days 365
Generating a 1024 bit RSA private key ...........++++++ ...............++++++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:East Java Locality Name (eg, city) []:Surabaya Organization Name (eg, company) [Internet Widgits Pty Ltd]:PENS-ITS Organizational Unit Name (eg, section) []:UPT Jaringan Common Name (eg, YOUR name) []:domainku.com Email Address []:idris@eepis-its.edu Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:my pass An optional company name []:PENS-ITS
Integrasi cert di apache • Edit sites-enabled # vim /etc/apache2/sites-enabled/000-default <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/domainku.cert SSLCertificateKeyFile /etc/apache2/ssl/domainku.key ServerName ssl.domainku.com ServerAdmin idris@eepis-its.edu DocumentRoot /var/www/ <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # This directive allows us to have apache2’s default start page # in /apache2-default/, but still have / go to the right place # RedirectMatch ^/$ /apache2-default/</Directory> </VirtualHost>
Testing • Restart server apache2 # /etc/init.d/apache2 restart • Buka web browser dan akses https://ssl.domainku.com • Cek certificate yang ada di browser