HTTPSSSL Oleh Idris Winarno Persiapan Pastikan repository debian
HTTPS/SSL Oleh: Idris Winarno
Persiapan • Pastikan repository debian # vim /etc/apt/sources. list deb http: //kebo. vlsm. org/debian etch main contrib non-free # apt-get update
Installasi DNS Server • Materi dapat di download di: http: //kebo. vlsm. org/~idris/file/admin_jarkom/DNSserver. pdf • Tambahkan subdomain ssl # vim /var/cache/bind/(nama file)
Installasi Web Server • Materi dapat di download di: http: //kebo. vlsm. org/~idris/file/admin_jarkom/P 1%20 -%20 Apache. pdf • Tambah kan port 443 # vim /etc/apache 2/ports. conf • Tambahkan namevirtual # vim /etc/apache 2/conf. d/virtual Name. Virtual. Host *: 80 Name. Virtual. Host *: 443 • Hapus Name. Virtual. Host yang ada di /etc/apache 2/sites-enables/000 -default • Aktikan module ssl # a 2 enmod ssl # /etc/init. d/apache 2 restart
Installasi Certificate • Installasi: # apt-get install openssl ssl-cert
Pebuatan Certificate • Buat folder untuk meletakkan cert # mkdir /etc/apache 2/ssl # cd /etc/apache 2/ssl • Membuat cert # openssl req –new > domainku. csr # openssl rsa –in privkey. pem –out domainku. key # openssl x 590 –in domainku. csr –out domainku. cert – req –signkey domainku. key –days 365
Generating a 1024 bit RSA private key. . . ++++++. . . . ++++++ writing new private key to 'privkey. pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '. ', the field will be left blank. ----Country Name (2 letter code) [AU]: ID State or Province Name (full name) [Some-State]: East Java Locality Name (eg, city) []: Surabaya Organization Name (eg, company) [Internet Widgits Pty Ltd]: PENS-ITS Organizational Unit Name (eg, section) []: UPT Jaringan Common Name (eg, YOUR name) []: domainku. com Email Address []: idris@eepis-its. edu Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: my pass An optional company name []: PENS-ITS
Integrasi cert di apache • Edit sites-enabled # vim /etc/apache 2/sites-enabled/000 -default <Virtual. Host *: 443> SSLEngine On SSLCertificate. File /etc/apache 2/ssl/domainku. cert SSLCertificate. Key. File /etc/apache 2/ssl/domainku. key Server. Name ssl. domainku. com Server. Admin idris@eepis-its. edu Document. Root /var/www/ <Directory /var/www/> Options Indexes Follow. Sym. Links Multi. Views Allow. Override None Order allow, deny allow from all # This directive allows us to have apache 2’s default start page # in /apache 2 -default/, but still have / go to the right place # Redirect. Match ^/$ /apache 2 -default/ </Directory> </Virtual. Host>
Testing • Restart server apache 2 # /etc/init. d/apache 2 restart • Buka web browser dan akses https: //ssl. domainku. com • Cek certificate yang ada di browser
- Slides: 9