Live Journal

All About Log

Setting SSL di Apache2 Debian

From WikiLinuxIndonesia

Tidak seperti apache 1.x di Debian dengan paket apache-ssl nya, sampai saat ini (1 Des 2004) tidak ada cara yang mudah untuk mengaktifkan SSL di apache2.

Berikut catatan saya untuk membuat https server di Debian dengan apache2 —Zakaria

Contents

if (window.showTocToggle) { var tocShowText = “show”; var tocHideText = “hide”; showTocToggle(); }
Sebelum mengeset SSL pastikan apache2 sudah terinstall dan berjalan dengan baik. Semua perintah dibawah harus dijalankan sebagai root.

Membuat Sertifikat SSL

Jika anda tidak punya sertifikat SSL seperti saya, maka anda harus membuat sertifikat SSL sendiri.

Jalankan perintah apache2-ssl-certificate dan jawab pertanyaan-pertanyaannya. Yang terpenting adalah pertanyaan tentang nama server anda, ini harus dijawab dengan nama domain yang lengkap.

umar:~# apache2-ssl-certificate

creating selfsigned certificate
replace it with one signed by a certification authority (CA)

enter your ServerName at the Common Name prompt

If you want your certificate to expire after x days call this programm
with -days x
Generating a 1024 bit RSA private key
.....++++++
...........++++++
writing new private key to '/etc/apache2/ssl/apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:ID
State or Province Name (full name) [Some-State]:DKI Jakarta
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company; recommended) []:Zakaria Inc
Organizational Unit Name (eg, section) []:Web Server
server name (eg. ssl.domain.tld; required!!!) []:secure.example.com
Email Address []:webmaster@example.com

Perintah diatas akan membuat dua file di /etc/apache2/ssl satunya bernama apache.pem dan satunya lagi symbolic link bernama random (di mesin saya 7d529501.0) yang me-link ke file apache.pem.

Jika anda sudah mempunyai sertifikat sendiri silakan copy ke /etc/apache2/ssl.

Aktifkan modul SSL

Jalankan a2enmod

umar:~# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.

Buat Virtual Host untuk SSL

Copy /etc/apache2/sites-available/default ke /etc/apache2/sites-available/default-ssl dan ganti dua baris pertama tentang virtual host dengan:

NameVirtualHost *:443
<VirtualHost *:443>
# SSL STUFF (START) ++++++++++++++++++++++++++++++++++++++++++++++++++++
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/7d529501.0

# see http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html
# for the meaning of below.
# The following enables only the seven strongest ciphers.
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
# SSL STUFF (END) +++++++++++++++++++++++++++++++++++++++++++++++++++++++

Jangan lupa sesuaikan baris SSLCertificateKeyFile dengan nama file random hasil proses Membuat Sertifikat SSL diatas.

Lalu aktifkan site tersebut dengan a2ensite

umar:~# a2ensite default-ssl
Site default-ssl installed; run /etc/init.d/apache2 reload to enable.

Aktifkan port SSL

Tambahkan Listen 443 ke file /etc/apache2/ports.conf

Test Konfigurasi

Test konfigurasi apache anda dengan perintah apache2 -D SSL -S , hasilnya harus mirip dengan ini.

umar:~# apache2 -D SSL -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
default server secure.example.com (/etc/apache2/sites-enabled/default-ssl:2)
port 443 namevhost secure.example.com (/etc/apache2/sites-enabled/default-ssl:2)
*:*                    is a NameVirtualHost
default server secure.example.com (/etc/apache2/sites-enabled/000-default:2)
port * namevhost secure.example.com (/etc/apache2/sites-enabled/000-default:2)
Syntax OK

Restart Apache2

Restart apache2 dan test https server anda di browser.

umar:~# /etc/init.d/apache2 restart
Restarting web server: Apache2.

Referensi:

One response to “Setting SSL di Apache2 Debian

  1. dfgrde October 9, 2010 at 5:05 am

    setelah drestart kok failed y?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: