Blog Untuk Semua

Everything for Everyone

Setting WebServer With OpenSSL Linux (Ubuntu 14.04)

Tinggalkan komentar

Apa itu OpenSSL ?
OpenSSL atau Secure Socket Layer adalah suatu protokol tambahan yang digunakan untuk mengamankan jaringan antara client dan server. Dengan OpenSSL ini, maka jaringan akan sulit di sniffing. Jika dalam keadaan HTTP biasa (Plain TEXT), kemungkinan besar bisa terkena MITM Attack (Man In The Middle Attack).

Pada postingan kali ini saya akan menjelaskan tahapannya, pertama pastikan apache atau web server sudah terinstall di linux kalian, jika belum install terlebih dahulu

# apt-get install apache2 openssl ssl-cert

Lalu aktifkan module ssl nya

# a2enmod ssl

Buat folder ssl untuk file sertifikat ssl nya

# mkdir /etc/apache2/ssl

Lalu buat sertifikatnya

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Ket :

  • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
  • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
  • x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
  • nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
  • days 365: This specifies that the certificate we are creating will be valid for one year.
  • newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn’t create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
  • keyout: This parameter names the output file for the private key file that is being created.
  • out: This option names the output file for the certificate that we are generating.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Jawa Barat
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monster Inc
Organizational Unit Name (eg, section) []:IT Corp
Common Name (e.g. server FQDN or YOUR name) []:hostname.com
Email Address []:webmaster@hostname.com

Kemudian uncomment kode dibawah ini pada /etc/apache2/sites-available/default-ssl.conf :
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Kemudian tambahkan :
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Lalu aktifkan ssl virtual host

# a2ensite default-ssl.conf

Lalu restart apache

# service apache2 restart

Membuat redirect ke https :
Buka file konfigurasi pada 000-default.conf

# nano /etc/apache2/sites-available/000-default.conf

Tambahkan script berikut :

<VirtualHost *:80>
ServerName dev.dom1.com
Redirect permanent / https://allboutcomputer.com/

</VirtualHost>

Iklan

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s