This Blog is protected by DMCA.com

This Blog is protected by DMCA.com

qRbQCE31NMrtFvtKOB4Z5hNkGEPLdMi5yDIujADC

Cara Mengaktifkan https

Cara Mengaktifkan https

Cara Mengaktifkan https
Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04.

Aktifkan SSL module

enable
sudo a2enmod ssl
restart apache
sudo service apache2 restart

Buat Self-Signed SSL Certificate

buat folder
sudo mkdir /etc/apache2/ssl
buat certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
isi dengan
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA
Organizational Unit Name (eg, section) []:RND
Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id
Email Address []:onno@organisasi-anda.id

Beberapa informasi tambahan

  • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
  • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
  • x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
  • -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
  • days 365: This specifies that the certificate we are creating will be valid for one year.
  • newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
  • keyout: This parameter names the output file for the private key file that is being created.
  • out: This option names the output file for the certificate that we are generating.

Konfigurasi apache untuk menggunakan SSL

Edit
cd /etc/apache2/sites-available
cp default-ssl.conf default-ssl.conf.asli
sudo vi /etc/apache2/sites-available/default-ssl.conf
Kalau comment dibuang, akan tampak seperti:
Kita perlu mengkonfigurasi
  • ServerAdmin
  • ServerName
  • ServerAlias
  • DocumentRoot
  • PENTING: lokasi Apache SSL certificate & key
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Tampilan akhirnya :


Aktifkan SSL Virtual Host

enable
sudo a2ensite default-ssl.conf
restart
sudo service apache2 restart

Test Setup

browse ke
https://server_domain_name_or_IP
https://192.168.0.100
    Related Posts

    Related Posts

    Posting Komentar