https://onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=Korban%3A_Mengaktifkan_https 2026-05-04T10:59:25Z Revision history for this page on the wiki MediaWiki 1.35.4 https://onnocenter.or.id/wiki/index.php?title=Korban:_Mengaktifkan_https&diff=51962&oldid=prev 2018-10-04T03:55:31Z

<p>Created page with &quot;sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04 Agar komunikasi dapat dilakukan dengan aman kita perlu me...&quot;</p> <p><b>New page</b></p><div>sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04<br /> <br /> <br /> Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04.<br /> <br /> <br /> ==Aktifkan SSL module==<br /> <br /> enable<br /> <br /> sudo a2enmod ssl<br /> <br /> restart apache<br /> <br /> sudo service apache2 restart<br /> <br /> <br /> ==Buat Self-Signed SSL Certificate==<br /> <br /> buat folder<br /> <br /> sudo mkdir /etc/apache2/ssl<br /> <br /> buat certificate<br /> <br /> sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt<br /> <br /> isi dengan<br /> <br /> Country Name (2 letter code) [AU]:ID<br /> State or Province Name (full name) [Some-State]:DKI<br /> Locality Name (eg, city) []:Jakarta<br /> Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA<br /> Organizational Unit Name (eg, section) []:RND<br /> Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id<br /> Email Address []:onno@organisasi-anda.id<br /> <br /> Beberapa informasi tambahan<br /> <br /> * openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.<br /> * req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.<br /> * -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.<br /> * -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.<br /> * -days 365: This specifies that the certificate we are creating will be valid for one year.<br /> * -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.<br /> * -keyout: This parameter names the output file for the private key file that is being created.<br /> * -out: This option names the output file for the certificate that we are generating.<br /> <br /> <br /> ==Konfigurasi apache untuk menggunakan SSL==<br /> <br /> Edit<br /> <br /> cd /etc/apache2/sites-available<br /> cp default-ssl.conf default-ssl.conf.asli<br /> sudo vi /etc/apache2/sites-available/default-ssl.conf<br /> <br /> Kalau comment dibuang, akan tampak seperti:<br /> <br /> &lt;IfModule mod_ssl.c&gt;<br /> &lt;VirtualHost _default_:443&gt;<br /> ServerAdmin webmaster@localhost<br /> DocumentRoot /var/www/html<br /> ErrorLog ${APACHE_LOG_DIR}/error.log<br /> CustomLog ${APACHE_LOG_DIR}/access.log combined<br /> SSLEngine on<br /> SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem<br /> SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key<br /> &lt;FilesMatch &quot;\.(cgi|shtml|phtml|php)$&quot;&gt;<br /> SSLOptions +StdEnvVars<br /> &lt;/FilesMatch&gt;<br /> &lt;Directory /usr/lib/cgi-bin&gt;<br /> SSLOptions +StdEnvVars<br /> &lt;/Directory&gt;<br /> BrowserMatch &quot;MSIE [2-6]&quot; \<br /> nokeepalive ssl-unclean-shutdown \<br /> downgrade-1.0 force-response-1.0<br /> BrowserMatch &quot;MSIE [17-9]&quot; ssl-unclean-shutdown<br /> &lt;/VirtualHost&gt;<br /> &lt;/IfModule&gt;<br /> <br /> Kita perlu mengkonfigurasi <br /> <br /> * ServerAdmin<br /> * ServerName<br /> * ServerAlias<br /> * DocumentRoot<br /> * '''PENTING:''' lokasi Apache SSL certificate &amp; key<br /> <br /> SSLCertificateFile /etc/apache2/ssl/apache.crt<br /> SSLCertificateKeyFile /etc/apache2/ssl/apache.key<br /> <br /> Tampilan akhirnya,<br /> <br /> &lt;IfModule mod_ssl.c&gt;<br /> &lt;VirtualHost _default_:443&gt;<br /> ServerAdmin admin@example.com<br /> ServerName your_domain.com<br /> ServerAlias www.your_domain.com<br /> DocumentRoot /var/www/html<br /> ErrorLog ${APACHE_LOG_DIR}/error.log<br /> CustomLog ${APACHE_LOG_DIR}/access.log combined<br /> SSLEngine on<br /> SSLCertificateFile /etc/apache2/ssl/apache.crt<br /> SSLCertificateKeyFile /etc/apache2/ssl/apache.key<br /> &lt;FilesMatch &quot;\.(cgi|shtml|phtml|php)$&quot;&gt;<br /> SSLOptions +StdEnvVars<br /> &lt;/FilesMatch&gt;<br /> &lt;Directory /usr/lib/cgi-bin&gt;<br /> SSLOptions +StdEnvVars<br /> &lt;/Directory&gt;<br /> BrowserMatch &quot;MSIE [2-6]&quot; \<br /> nokeepalive ssl-unclean-shutdown \<br /> downgrade-1.0 force-response-1.0<br /> BrowserMatch &quot;MSIE [17-9]&quot; ssl-unclean-shutdown<br /> &lt;/VirtualHost&gt;<br /> &lt;/IfModule&gt;<br /> <br /> ==Aktifkan SSL Virtual Host==<br /> <br /> enable<br /> <br /> sudo a2ensite default-ssl.conf<br /> <br /> restart<br /> <br /> sudo service apache2 restart<br /> <br /> <br /> ==Test Setup==<br /> <br /> browse ke<br /> <br /> https://server_domain_name_or_IP<br /> https://192.168.0.100<br /> <br /> kemungkinan akan dapat warning apache ssl warning :) ...<br /> <br /> ==Referensi==<br /> <br /> * https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04</div>

Onnowpurbo