HTTPS by yaofenjin

VIEWS: 8 PAGES: 9

									 HTTPS/SSL

Oleh: Idris Winarno
                      Persiapan
• Pastikan repository debian
  # vim /etc/apt/sources.list
 deb http://kebo.vlsm.org/debian etch main contrib non-free

 # apt-get update
         Installasi DNS Server
• Materi dapat di download di:
 http://kebo.vlsm.org/~idris/file/admin_jarkom/DNSserver.pdf


• Tambahkan subdomain ssl
  # vim /var/cache/bind/(nama file)
            Installasi Web Server
• Materi dapat di download di:
   http://kebo.vlsm.org/~idris/file/admin_jarkom/P1%20-%20Apache.pdf

• Tambah kan port 443
  # vim /etc/apache2/ports.conf

• Tambahkan namevirtual
  # vim /etc/apache2/conf.d/virtual
  NameVirtualHost *:80
  NameVirtualHost *:443

• Hapus NameVirtualHost yang ada di /etc/apache2/sites-
  enables/000-default

• Aktikan module ssl
  # a2enmod ssl
  # /etc/init.d/apache2 restart
         Installasi Certificate
• Installasi:
  # apt-get install openssl ssl-cert
         Pebuatan Certificate
• Buat folder untuk meletakkan cert
 # mkdir /etc/apache2/ssl
 # cd /etc/apache2/ssl


• Membuat cert
 # openssl req –new > domainku.csr
 # openssl rsa –in privkey.pem –out domainku.key
 # openssl x590 –in domainku.csr –out domainku.cert –
 req –signkey domainku.key –days 365
Generating a 1024 bit RSA private key
...........++++++
...............++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:East Java
Locality Name (eg, city) []:Surabaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:PENS-ITS
Organizational Unit Name (eg, section) []:UPT Jaringan
Common Name (eg, YOUR name) []:domainku.com
Email Address []:idris@eepis-its.edu

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:my pass
An optional company name []:PENS-ITS
         Integrasi cert di apache
• Edit sites-enabled
  # vim /etc/apache2/sites-enabled/000-default
  <VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/domainku.cert
        SSLCertificateKeyFile /etc/apache2/ssl/domainku.key
        ServerName ssl.domainku.com
        ServerAdmin idris@eepis-its.edu
        DocumentRoot /var/www/
  <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        # This directive allows us to have apache2’s default start page
        # in /apache2-default/, but still have / go to the right place
        # RedirectMatch ^/$ /apache2-default/
  </Directory>
  </VirtualHost>
                  Testing
• Restart server apache2
  # /etc/init.d/apache2 restart

• Buka web browser dan akses
  https://ssl.domainku.com

• Cek certificate yang ada di browser

								
To top