SSL: Mengaktifkan SSL HTTPS dari CA Sectigo

From OnnoWiki
Jump to navigation Jump to search

Dari Sectigo / Comodo akan memperoleh 2 atau 3 file dalam bentuk zip. Jika file zip dibuka akan berisi, misalnya 3 file, 

AAA_Certificate_Services.crt
USERTrust_RSA_Certification_Authority.crt
onnocenter_or_id.crt


atau misalnya 2 file, misalnya 

sectigo-atau-comodo.ca-bundle
onnocenter.or.id.crt

Dengan file private key, misalnya, 

onnocenter.or.id.key

Copykan semua file .crt, .ca-bundle, .key ke folder /etc/apache2/ssl 

sudo su
mkdir /etc/apache2/ssl

contoh, 

cp  AAA_Certificate_Services.crt /etc/apache2/ssl
cp USERTrust_RSA_Certification_Authority.crt /etc/apache2/ssl
cp onnocenter_or_id.crt /etc/apache2/ssl
cp onnocenter.or.id.key /etc/apache2/ssl

Edit Apache Conf

File-file ini harus di masukan ke configurasi apache. Yang perlu dilakukan di Server Apache adalah, 

sudo a2enmod ssl
sudo service apache2 restart

cd /etc/apache2/sites-available
cp default-ssl.conf default-ssl.conf.asli
sudo vi /etc/apache2/sites-available/default-ssl.conf

Edit agar, 

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/example.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
        SSLCACertificateFile /etc/apache2/ssl/ca-certificate.ca-bundle
        #
        # ATAU berapa CA certificate file di letakan di folder apache2/ssl/
        #
        SSLCACertificatePath /etc/apache2/ssl/
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Aktifkan SSL Virtual Host

enable SSL 

cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/

atau 

sudo a2ensite default-ssl.conf

restart apache 

sudo service apache2 restart
sudo systemctl reload apache2

Cek

systemctl status apache2

pastikan tidak ada error

Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=SSL:_Mengaktifkan_SSL_HTTPS_dari_CA_Sectigo&oldid=64419"