HTTPS by yaofenjin



Oleh: Idris Winarno
• Pastikan repository debian
  # vim /etc/apt/sources.list
 deb etch main contrib non-free

 # apt-get update
         Installasi DNS Server
• Materi dapat di download di:

• Tambahkan subdomain ssl
  # vim /var/cache/bind/(nama file)
            Installasi Web Server
• Materi dapat di download di:

• Tambah kan port 443
  # vim /etc/apache2/ports.conf

• Tambahkan namevirtual
  # vim /etc/apache2/conf.d/virtual
  NameVirtualHost *:80
  NameVirtualHost *:443

• Hapus NameVirtualHost yang ada di /etc/apache2/sites-

• Aktikan module ssl
  # a2enmod ssl
  # /etc/init.d/apache2 restart
         Installasi Certificate
• Installasi:
  # apt-get install openssl ssl-cert
         Pebuatan Certificate
• Buat folder untuk meletakkan cert
 # mkdir /etc/apache2/ssl
 # cd /etc/apache2/ssl

• Membuat cert
 # openssl req –new > domainku.csr
 # openssl rsa –in privkey.pem –out domainku.key
 # openssl x590 –in domainku.csr –out domainku.cert –
 req –signkey domainku.key –days 365
Generating a 1024 bit RSA private key
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:East Java
Locality Name (eg, city) []:Surabaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:PENS-ITS
Organizational Unit Name (eg, section) []:UPT Jaringan
Common Name (eg, YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:my pass
An optional company name []:PENS-ITS
         Integrasi cert di apache
• Edit sites-enabled
  # vim /etc/apache2/sites-enabled/000-default
  <VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/domainku.cert
        SSLCertificateKeyFile /etc/apache2/ssl/domainku.key
        DocumentRoot /var/www/
  <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        # This directive allows us to have apache2’s default start page
        # in /apache2-default/, but still have / go to the right place
        # RedirectMatch ^/$ /apache2-default/
• Restart server apache2
  # /etc/init.d/apache2 restart

• Buka web browser dan akses

• Cek certificate yang ada di browser

To top