DEBIAN 6.0 : Konfigurasi SSL Apache Cetak
Ditulis oleh Tutor TKJ CLUB   
Kamis, 25 Juli 2013 08:31

Ada beberapa langkah yang perlu untuk dilakukan dalam melakukan Konfigurasi SSL bagi Web Server khususnya pada Sistem Operasi Linux Debian 6.

Adapun langkah yang dimaksud adalah sebagai berikut :

1. Creat SSL Centificates

root@www:~#

cd /etc/ssl/certs


root@www:/etc/ssl/certs#

openssl genrsa -des3 -out server.key 1024


Generating RSA private key, 1024 bit long modulus
.....................................................................++++++
.......++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:

# set passphrase


Verifying - Enter pass phrase for server.key:

# confirm
# remove passphrase from private key


root@www:/etc/ssl/certs#

openssl rsa -in server.key -out server.key


Enter pass phrase for server.key:

# passphrase


writing RSA key
root@www:/etc/ssl/certs#

openssl req -new -days 3650 -key server.key -out server.csr


You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:

JP
# country


State or Province Name (full name) [Some-State]:

Hiroshima

 

# state


Locality Name (eg, city) []:

Hiroshima
# city


Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Server World

 

# company


Organizational Unit Name (eg, section) []:

IT Solution

 

# department


Common Name (eg, YOUR name) []:

www.server.world

 

# server's FQDN


Email Address []:

xxx@server.world
# email address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

root@www:/etc/ssl/certs#

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650


Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=Server World/OU=IT Solution/CN=www.server.world/emailAddress=xxx@server.world
Getting Private key
root@www:/etc/ssl/certs#

chmod 400 server.*
 
2. Configure SSL

oot@www:~#

vi /etc/apache2/sites-available/default-ssl
# line 3: change to webmaster's email

ServerAdmin
# line 11,12: change

Options FollowSymLinks
ExecCGI

AllowOverride
All
# line 51,52: change

SSLCertificateFile
/etc/ssl/certs/server.crt

SSLCertificateKeyFile
/etc/ssl/certs/server.key

root@www:~#

a2ensite default-ssl

Enabling site default-ssl.
Run '/etc/init.d/apache2 reload' to activate new configuration!
root@www:~#
a2enmod ssl

Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
root@www:~#
/etc/init.d/apache2 restart

Restarting web server: apache2 ... waiting.
Sumber : TKJ CLUB
 
LAST_UPDATED2