https/ssl
DESCRIPTION
HTTPS/SSL. Oleh: Idris Winarno. Persiapan. Pastikan repository debian # vim /etc/apt/sources.list deb http://kebo.vlsm.org/debian etch main contrib non-free # apt-get update. Installasi DNS Server. Materi dapat di download di: http://kebo.vlsm.org/~idris/file/admin_jarkom/DNSserver.pdf - PowerPoint PPT PresentationTRANSCRIPT
HTTPS/SSL
Oleh: Idris Winarno
Persiapan
• Pastikan repository debian
# vim /etc/apt/sources.listdeb http://kebo.vlsm.org/debian etch main contrib non-free
# apt-get update
Installasi DNS Server
• Materi dapat di download di:http://kebo.vlsm.org/~idris/file/admin_jarkom/DNSserver.pdf
• Tambahkan subdomain ssl
# vim /var/cache/bind/(nama file)
Installasi Web Server• Materi dapat di download di:
http://kebo.vlsm.org/~idris/file/admin_jarkom/P1%20-%20Apache.pdf
• Tambah kan port 443# vim /etc/apache2/ports.conf
• Tambahkan namevirtual# vim /etc/apache2/conf.d/virtualNameVirtualHost *:80NameVirtualHost *:443
• Hapus NameVirtualHost yang ada di /etc/apache2/sites-enables/000-default
• Aktikan module ssl# a2enmod ssl# /etc/init.d/apache2 restart
Installasi Certificate
• Installasi:
# apt-get install openssl ssl-cert
Pebuatan Certificate
• Buat folder untuk meletakkan cert# mkdir /etc/apache2/ssl
# cd /etc/apache2/ssl
• Membuat cert# openssl req –new > domainku.csr
# openssl rsa –in privkey.pem –out domainku.key
# openssl x590 –in domainku.csr –out domainku.cert –req –signkey domainku.key –days 365
Generating a 1024 bit RSA private key...........++++++...............++++++writing new private key to 'privkey.pem'Enter PEM pass phrase:Verifying - Enter PEM pass phrase:-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:IDState or Province Name (full name) [Some-State]:East JavaLocality Name (eg, city) []:SurabayaOrganization Name (eg, company) [Internet Widgits Pty Ltd]:PENS-ITSOrganizational Unit Name (eg, section) []:UPT JaringanCommon Name (eg, YOUR name) []:domainku.comEmail Address []:[email protected]
Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:my passAn optional company name []:PENS-ITS
Integrasi cert di apache
• Edit sites-enabled# vim /etc/apache2/sites-enabled/000-default<VirtualHost *:443>
SSLEngine OnSSLCertificateFile /etc/apache2/ssl/domainku.certSSLCertificateKeyFile /etc/apache2/ssl/domainku.keyServerName ssl.domainku.comServerAdmin [email protected] /var/www/
<Directory /var/www/>Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,denyallow from all# This directive allows us to have apache2’s default start page# in /apache2-default/, but still have / go to the right place# RedirectMatch ^/$ /apache2-default/
</Directory> </VirtualHost>
Testing
• Restart server apache2
# /etc/init.d/apache2 restart
• Buka web browser dan akses https://ssl.domainku.com
• Cek certificate yang ada di browser