This Blog is protected by DMCA.com

DMCA.com for Blogger blogs

This Blog is protected by DMCA.com

DMCA.com for Blogger blogs
qRbQCE31NMrtFvtKOB4Z5hNkGEPLdMi5yDIujADC
Author
Tech Kang Ipul
Home  ›  Server Korban  ›  Tutorial Hacking

Cara Mengaktifkan https

- (Updated: ) Posting Komentar

Cara Mengaktifkan https

Cara Mengaktifkan https
Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04.

Aktifkan SSL module

enable
sudo a2enmod ssl
restart apache
sudo service apache2 restart

Buat Self-Signed SSL Certificate

buat folder
sudo mkdir /etc/apache2/ssl
buat certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
isi dengan
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA
Organizational Unit Name (eg, section) []:RND
Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id
Email Address []:onno@organisasi-anda.id

Beberapa informasi tambahan

  • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
  • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
  • x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
  • -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
  • days 365: This specifies that the certificate we are creating will be valid for one year.
  • newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
  • keyout: This parameter names the output file for the private key file that is being created.
  • out: This option names the output file for the certificate that we are generating.

Konfigurasi apache untuk menggunakan SSL

Edit
cd /etc/apache2/sites-available
cp default-ssl.conf default-ssl.conf.asli
sudo vi /etc/apache2/sites-available/default-ssl.conf
Kalau comment dibuang, akan tampak seperti:
Kita perlu mengkonfigurasi
  • ServerAdmin
  • ServerName
  • ServerAlias
  • DocumentRoot
  • PENTING: lokasi Apache SSL certificate & key
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Tampilan akhirnya :


Aktifkan SSL Virtual Host

enable
sudo a2ensite default-ssl.conf
restart
sudo service apache2 restart

Test Setup

browse ke
https://server_domain_name_or_IP
https://192.168.0.100
kemungkinan akan dapat warning apache ssl warning :) ...

Referensi

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
    Related Posts
    Lebih baru Lebih lama

    Related Posts

    Posting Komentar