apt-get install libapache-mod-ssl libapache-mod-ssl-doc
Aktifkan modul SSL nya dengan cara
apache-modconf apache enable mod_ssl
lalu di /etc/apache/httpd.conf isi dengan konfigurasi
<IfModule mod_ssl.c>
# These will make apache listen to port 443 in addition to the
# standard port 80. HTTPS requests use port 443.
Listen 80
Listen 443
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:/var/run/mod_ssl_mutex
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none’
# or `dbm:/path/to/file’ for the mechanism to use and
# second the expiring timeout (in seconds).
SSLSessionCache dbm:/var/run/mod_ssl_scache
SSLSessionCacheTimeout 300
SSLSessionCache none
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog /var/log/apache/ssl_engine.log
SSLLogLevel info
</IfModule>
Lalu buat sertifikat SSL nya
dengan langkah2 sbb:
Buat Private Key
$ openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024
file1,file2 dll merupakan nama file sembarang di linux anda yang digunakan untuk menggenerate bilangan acak.
Buat CSR (Certificate Signing Request)
$ openssl req -new -key server.key -out server.csr
maka akan menghasilkan serentetan pertanyaan yang harus anda jawab
Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase:Enter pass phrase here
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Jawa Timur
Locality Name (eg, city) []:Gresik
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MahaRadjaReza Corp.
Organizational Unit Name (eg, section) []:.MahaRadjaReza Corp.
Common Name (eg, YOUR name) []:www.muhadi.com
Email Address []:ronnie@muhadi.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Buat Self-Signed Certificate
$ openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt
angka 60 menunjukkan masa berlaku certificate (60 hari )
Install Private Key dan Certificate
dengan cara membuat konfigurasi virtual host pada apache dengan contoh isi:
# SSL Virtual Hosts
<IfDefine SSL>
<VirtualHost _default_:443>
ServerAdmin ronnie@muhadi.com
DocumentRoot /usr/local/apache/share/htdocs
ServerName www.muhadi.com
ScriptAlias /cgi-bin/ /usr/local/apache/share/htdocs/cgi-bin/
SSLEngine on
SSLCertificateFile /usr/local/apache/etc/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/etc/ssl.key/server.pem
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/apache/var/log/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
</VirtualHost>
</IfDefine>
lalu restart apache anda
jangan lupa cek lognya di
/usr/local/apache/var/log/ssl_request_log
/usr/local/apache/var/log/error.log
Jika tidak ada kata2 ajaib Error maka instalasi mod_ssl sukses.
Aktifkan modul SSL nya dengan cara
apache-modconf apache enable mod_ssl
lalu di /etc/apache/httpd.conf isi dengan konfigurasi
<IfModule mod_ssl.c>
# These will make apache listen to port 443 in addition to the
# standard port 80. HTTPS requests use port 443.
Listen 80
Listen 443
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:/var/run/mod_ssl_mutex
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none’
# or `dbm:/path/to/file’ for the mechanism to use and
# second the expiring timeout (in seconds).
SSLSessionCache dbm:/var/run/mod_ssl_scache
SSLSessionCacheTimeout 300
SSLSessionCache none
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog /var/log/apache/ssl_engine.log
SSLLogLevel info
</IfModule>
Lalu buat sertifikat SSL nya
dengan langkah2 sbb:
Buat Private Key
$ openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024
file1,file2 dll merupakan nama file sembarang di linux anda yang digunakan untuk menggenerate bilangan acak.
Buat CSR (Certificate Signing Request)
$ openssl req -new -key server.key -out server.csr
maka akan menghasilkan serentetan pertanyaan yang harus anda jawab
Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase:Enter pass phrase here
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Jawa Timur
Locality Name (eg, city) []:Gresik
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MahaRadjaReza Corp.
Organizational Unit Name (eg, section) []:.MahaRadjaReza Corp.
Common Name (eg, YOUR name) []:www.muhadi.com
Email Address []:ronnie@muhadi.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Buat Self-Signed Certificate
$ openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt
angka 60 menunjukkan masa berlaku certificate (60 hari )
Install Private Key dan Certificate
dengan cara membuat konfigurasi virtual host pada apache dengan contoh isi:
# SSL Virtual Hosts
<IfDefine SSL>
<VirtualHost _default_:443>
ServerAdmin ronnie@muhadi.com
DocumentRoot /usr/local/apache/share/htdocs
ServerName www.muhadi.com
ScriptAlias /cgi-bin/ /usr/local/apache/share/htdocs/cgi-bin/
SSLEngine on
SSLCertificateFile /usr/local/apache/etc/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/etc/ssl.key/server.pem
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/apache/var/log/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
</VirtualHost>
</IfDefine>
lalu restart apache anda
jangan lupa cek lognya di
/usr/local/apache/var/log/ssl_request_log
/usr/local/apache/var/log/error.log
Jika tidak ada kata2 ajaib Error maka instalasi mod_ssl sukses.
Tidak ada komentar:
Posting Komentar