Difference between revisions of "OpenSSL: set SSL untuk https di Ubuntu"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04 PostedApril 23, 2014 619k views Apache Security Ubuntu I...")
 
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
 
sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
  
 +
==Pengantar==
  
PostedApril 23, 2014 619k views Apache Security Ubuntu
+
TLS, atau transport layer security, dan pendahulunya SSL, secure socket layer, adalah protokol keamanan yang dibuat untuk menempatkan lalu lintas normal dalam bungkus terenkripsi yang dilindungi.
Introduction
 
  
TLS, or transport layer security, and its predecessor SSL, secure sockets layer, are secure protocols created in order to place normal traffic in a protected, encrypted wrapper.
+
Protokol ini memungkinkan lalu lintas dikirim dengan aman di antara pihak-pihak yang berjauhan tanpa kemungkinan lalu lintas dicegat dan dibaca oleh seseorang di tengahnya. Mereka juga berperan dalam memvalidasi identitas domain dan server di seluruh internet dengan membuat server sebagai terpercaya dan asli oleh otoritas sertifikat.
  
These protocols allow traffic to be sent safely between remote parties without the possibility of the traffic being intercepted and read by someone in the middle. They are also instrumental in validating the identity of domains and servers throughout the internet by establishing a server as trusted and genuine by a certificate authority.
+
Dalam panduan ini, kami akan membahas cara membuat sertifikat SSL yang ditandatangani sendiri untuk Apache di server Ubuntu terbaru, yang memungkinkan Anda mengenkripsi lalu lintas ke server Anda. Meskipun ini tidak memberikan manfaat validasi pihak ketiga terhadap identitas server Anda, namun ini memenuhi persyaratan orang-orang yang hanya ingin mentransfer informasi dengan aman.
  
In this guide, we'll cover how to create a self-signed SSL certificate for Apache on an Ubuntu 14.04 server, which will allow you to encrypt traffic to your server. While this does not provide the benefit of third party validation of your server's identity, it fulfills the requirements of those simply wanting to transfer information securely.
+
Catatan: Anda mungkin ingin mempertimbangkan untuk menggunakan Let's Encrypt daripada self-signed certificatei. Let's Encrypt adalah otoritas sertifikat baru yang mengeluarkan sertifikat SSL / TLS gratis yang dipercaya di kebanyakan browser web. Simak tutorialnya untuk memulai: Cara Mengamankan Apache dengan Let's Encrypt di Ubuntu 14.04
  
Note: You may want to consider using Let's Encrypt instead of a self-signed certificate. Let's Encrypt is a new certificate authority that issues free SSL/TLS certificates that are trusted in most web browsers. Check out the tutorial to get started: How To Secure Apache with Let's Encrypt on Ubuntu 14.04
+
==Kebutuhan==
Prerequisites
 
  
Before you begin, you should have some configuration already taken care of.
+
Install apache
  
We will be operating as a non-root user with sudo privileges in this guide. You can set one up by following steps 1-4 in our Ubuntu 14.04 initial server setup guide.
+
sudo apt-get update
 +
sudo apt-get install apache2
  
You are also going to need to have Apache installed. If you don't already have that up and running, you can quickly fix that by typing:
+
==Step 1 - Aktifkan SSL Module==
  
sudo apt-get update
+
Aktifkan SSL & restart apache
sudo apt-get install apache2
 
  
Step One — Activate the SSL Module
+
sudo a2enmod ssl
 +
sudo service apache2 restart
  
SSL support actually comes standard in the Ubuntu 14.04 Apache package. We simply need to enable it to take advantage of SSL on our system.
+
==Step 2 - buat self-sign SSL certificate==
  
Enable the module by typing:
+
Buat folder SSL & buat self-signed certificate
  
sudo a2enmod ssl
+
sudo mkdir /etc/apache2/ssl
 +
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
  
After you have enabled SSL, you'll have to restart the web server for the change to be recognized:
+
Artinya
  
sudo service apache2 restart
+
* openssl - perintah untuk operasi SSL
 +
* req - X.509 certificate signing request (CSR)
 +
* X.509 - self-signed
 +
* nodes - key file tidak perlu di amankan dengan  passphrase
 +
* days 365 - valid untuk 1 tahun
 +
* newkey rsa:2048: buat CSR dan private key bersamaan. RSA key panjangnya 2048 bit.
 +
* keyout: nama outfile dari private key yang dibuat.
 +
* out: nama certificate file yang dibuat.
  
With that, our web server is now able to handle SSL if we configure it to do so.
+
Setelah tekan "ENTER", ada beberapa pertanyaan / jawaban yang perlu dilakukan dalam proses adalah,
Step Two — Create a Self-Signed SSL Certificate
 
  
Let's start off by creating a subdirectory within Apache's configuration hierarchy to place the certificate files that we will be making:
+
Country Name (2 letter code) [AU]:US
 +
State or Province Name (full name) [Some-State]:New York
 +
Locality Name (eg, city) []:New York City
 +
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company
 +
Organizational Unit Name (eg, section) []:Department of Kittens
 +
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
 +
Email Address []:your_email@domain.com
  
sudo mkdir /etc/apache2/ssl
+
Sertificate & key akan di letakan di directory /etc/apache2/ssl
  
Now that we have a location to place our key and certificate, we can create them both in one step by typing:
+
==Step 3 — Konfigurasi Apache untuk menggunakan SSL==
  
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
+
Kita menggunakan default-ssl.conf, edit,
  
Let's go over exactly what this means.
+
sudo nano /etc/apache2/sites-available/default-ssl.conf
  
    openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
+
Tampilan file adalah sebagai berikut,
    req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
 
    -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
 
    -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
 
    -days 365: This specifies that the certificate we are creating will be valid for one year.
 
    -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
 
    -keyout: This parameter names the output file for the private key file that is being created.
 
    -out: This option names the output file for the certificate that we are generating.
 
  
When you hit "ENTER", you will be asked a number of questions.
+
<IfModule mod_ssl.c>
 +
    <VirtualHost _default_:443>
 +
        ServerAdmin webmaster@localhost
 +
        DocumentRoot /var/www/html
 +
        ErrorLog ${APACHE_LOG_DIR}/error.log
 +
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 +
        SSLEngine on
 +
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
 +
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 +
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
 +
                        SSLOptions +StdEnvVars
 +
        </FilesMatch>
 +
        <Directory /usr/lib/cgi-bin>
 +
                        SSLOptions +StdEnvVars
 +
        </Directory>
 +
        BrowserMatch "MSIE [2-6]" \
 +
                        nokeepalive ssl-unclean-shutdown \
 +
                        downgrade-1.0 force-response-1.0
 +
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 +
    </VirtualHost>
 +
</IfModule>
  
The most important item that is requested is the line that reads "Common Name (e.g. server FQDN or YOUR name)". You should enter the domain name you want to associate with the certificate, or the server's public IP address if you do not have a domain name.
+
Kita perlu mengedit
  
The questions portion looks something like this:
+
* ServerAdmin
 +
* ServerName
 +
* ServerAlias
 +
* DocumentRoot
 +
* Ubah lokasi
 +
* Ubah SSL certificate & key
  
Country Name (2 letter code) [AU]:US
+
Tampilan sesudah di ubah,
State or Province Name (full name) [Some-State]:New York
 
Locality Name (eg, city) []:New York City
 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company
 
Organizational Unit Name (eg, section) []:Department of Kittens
 
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
 
Email Address []:your_email@domain.com
 
  
The key and certificate will be created and placed in your /etc/apache2/ssl directory.
+
<IfModule mod_ssl.c>
Step Three — Configure Apache to Use SSL
+
    <VirtualHost _default_:443>
 +
        ServerAdmin '''admin@example.com'''
 +
        ServerName '''your_domain.com:443'''
 +
        ServerAlias '''www.your_domain.com:443'''
 +
        DocumentRoot /var/www/html
 +
        ErrorLog ${APACHE_LOG_DIR}/error.log
 +
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 +
        SSLEngine on
 +
        SSLCertificateFile '''/etc/apache2/ssl/apache.crt'''
 +
        SSLCertificateKeyFile '''/etc/apache2/ssl/apache.key'''
 +
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
 +
                        SSLOptions +StdEnvVars
 +
        </FilesMatch>
 +
        <Directory /usr/lib/cgi-bin>
 +
                        SSLOptions +StdEnvVars
 +
        </Directory>
 +
        BrowserMatch "MSIE [2-6]" \
 +
                        nokeepalive ssl-unclean-shutdown \
 +
                        downgrade-1.0 force-response-1.0
 +
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 +
    </VirtualHost>
 +
</IfModule>
  
Now that we have our certificate and key available, we can configure Apache to use these files in a virtual host file. You can learn more about how to set up Apache virtual hosts here.
 
  
Instead of basing our configuration file off of the 000-default.conf file in the sites-available subdirectory, we're going to base this configuration on the default-ssl.conf file that contains some default SSL configuration.
+
==Step 4 Aktifkan SSL Virtual Host==
 
 
Open the file with root privileges now:
 
 
 
sudo nano /etc/apache2/sites-available/default-ssl.conf
 
 
 
With the comments removed, the file looks something like this:
 
 
 
<IfModule mod_ssl.c>
 
    <VirtualHost _default_:443>
 
        ServerAdmin webmaster@localhost
 
        DocumentRoot /var/www/html
 
        ErrorLog ${APACHE_LOG_DIR}/error.log
 
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 
        SSLEngine on
 
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
 
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
 
                        SSLOptions +StdEnvVars
 
        </FilesMatch>
 
        <Directory /usr/lib/cgi-bin>
 
                        SSLOptions +StdEnvVars
 
        </Directory>
 
        BrowserMatch "MSIE [2-6]" \
 
                        nokeepalive ssl-unclean-shutdown \
 
                        downgrade-1.0 force-response-1.0
 
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
    </VirtualHost>
 
</IfModule>
 
 
 
This may look a bit complicated, but luckily, we don't need to worry about most of the options here.
 
 
 
We want to set the normal things we'd configure for a virtual host (ServerAdmin, ServerName, ServerAlias, DocumentRoot, etc.) as well as change the location where Apache looks for the SSL certificate and key.
 
 
 
In the end, it will look something like this. The entries in red were modified from the original file:
 
 
 
<IfModule mod_ssl.c>
 
    <VirtualHost _default_:443>
 
        ServerAdmin admin@example.com
 
        ServerName your_domain.com
 
        ServerAlias www.your_domain.com
 
        DocumentRoot /var/www/html
 
        ErrorLog ${APACHE_LOG_DIR}/error.log
 
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 
        SSLEngine on
 
        SSLCertificateFile /etc/apache2/ssl/apache.crt
 
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
 
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
 
                        SSLOptions +StdEnvVars
 
        </FilesMatch>
 
        <Directory /usr/lib/cgi-bin>
 
                        SSLOptions +StdEnvVars
 
        </Directory>
 
        BrowserMatch "MSIE [2-6]" \
 
                        nokeepalive ssl-unclean-shutdown \
 
                        downgrade-1.0 force-response-1.0
 
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
    </VirtualHost>
 
</IfModule>
 
 
 
Save and exit the file when you are finished.
 
Step Four Activate the SSL Virtual Host
 
 
 
Now that we have configured our SSL-enabled virtual host, we need to enable it.
 
 
 
We can do this by typing:
 
 
 
sudo a2ensite default-ssl.conf
 
 
 
We then need to restart Apache to load our new virtual host file:
 
 
 
sudo service apache2 restart
 
 
 
This should enable your new virtual host, which will serve encrypted content using the SSL certificate you created.
 
Step Five — Test your Setup
 
 
 
Now that you have everything prepared, you can test your configuration by visiting your server's domain name or public IP address after specifying the https:// protocol, like this:
 
 
 
https://server_domain_name_or_IP
 
 
 
You will get a warning that your browser cannot verify the identity of your server because it has not been signed by one of the certificate authorities that it trusts.
 
 
 
apache ssl warning
 
 
 
This is expected since we have self-signed our certificate. While our certificate will not validate our server for our users because it has had no interaction with a trusted certificate authority, it will still be able to encrypt communication.
 
 
 
Since this is expected, you can hit the "Proceed anyway" button or whatever similar option you have in your browser.
 
 
 
You will now be taken to content in the DocumentRoot that you configured for your SSL virtual host. This time your traffic is encrypted. You can check this by clicking on the lock icon in the menu bar:
 
 
 
apache ssl encrypted
 
 
 
You can see in the middle green section that the connection is encrypted.
 
Conclusion
 
 
 
You should now have SSL enabled on your website. This will help to secure communication between visitors and your site, but it will warn each user that the browser cannot verify the validity of the certificate.
 
 
 
If you are planning on launching a public site and need SSL, you will be better off purchasing an SSL certificate from a trusted certificate authority.
 
 
 
If you want to learn more about how to configure Apache, click here. Check out this link for more ideas on how to secure your Linux server.
 
By Justin Ellingwood
 
jellingwood
 
Justin Ellingwood
 
Subscribe
 
Share
 
Spin up an SSD cloud server in under a minute.
 
 
 
Simple setup. Full root access. Straightforward pricing.
 
Deploy Server
 
Related Tutorials
 
 
 
    How To Set Up Apache with a Free Signed SSL Certificate on a VPS
 
    How To Install the Apache Web Server on Ubuntu 16.04
 
    How To Use GPG to Encrypt and Sign Messages
 
    How To Host a Website with Caddy on CentOS 7
 
    How To Host a Website with Caddy on Ubuntu 16.04
 
 
 
39 Comments
 
Log In to Comment
 
 
 
rapidfoxx May 11, 2014
 
Your tutorial is really nice and thanks for that,
 
 
 
But could you/someone please explain the following if possible,
 
Still trying to learn this stuff :)
 
 
 
 
 
                        SSLOptions +StdEnvVars
 
 
 
     
 
 
                        SSLOptions +StdEnvVars
 
 
       
 
BrowserMatch "MSIE [2-6]" \
 
                        nokeepalive ssl-unclean-shutdown \
 
                        downgrade-1.0 force-response-1.0
 
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
 
 
Romeygraphics May 14, 2014
 
would you be kind enough to do this tut with Comodo PositiveSSL
 
 
 
Files I have
 
 
 
AddTrustExternalCARoot
 
COMODORSAAddTrustCA
 
COMODORSADomainValidationSecureServerCA
 
Mydomain_com
 
 
 
 
 
Please!!!! help thank you
 
 
 
RinkuY January 27, 2015
 
 
 
Keep Try !
 
 
 
    jellingwood MOD January 28, 2015
 
 
 
    @Romeygraphics: We have a guide on how to use commercial SSL certificates here. In the comments, you'll see how to combine your certificate files into a single chained file here.
 
 
 
    Hope that helps.
 
    How To Install an SSL Certificate from a Commercial Certificate Authority
 
    This tutorial will show you how to acquire and install an SSL certificate from a trusted, commercial Certificate Authority (CA). SSL certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. The...
 
 
 
mityukov June 4, 2014
 
After fgollowing this guide I've got "SSL protocol error".
 
 
 
This error has gone away after appending ":433" to the server name and alias:
 
--
 
    ServerName your_domain.com:443
 
    ServerAlias www.your_domain.com:433
 
--
 
 
 
derek June 9, 2014
 
I have purchased SSL from GeoTrust. Now is there any tutorial to configure it? or what can I do to install it?
 
 
 
hnwebdesign5 June 10, 2014
 
This is a great tutorial, but could you do one on how to install a ssl certificate that was actually purchased? Please!
 
 
 
asb MOD June 10, 2014
 
@hnwebdesign5: It will be more or less the same using a cert that you purchased from a CA. The only difference is that you should replace:
 
 
 
SSLCertificateFile /etc/apache2/ssl/apache.crt
 
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
 
 
 
 
 
 
 
with the cert provided by you CA:
 
 
 
SSLCertificateFile /path/to/your/ssl.crt                         
 
SSLCertificateKeyFile /path/to/your/private.key                       
 
SSLCertificateChainFile /path/to/your/bundle.pem
 
 
 
 
 
 
 
@derek: GeoTrust also has their own documentation:
 
 
 
http://www.geotrust.com/support/video/install-ssl-certificates-apache.html
 
  
 +
Enable SSL virtual host & reload apache, ketik
  
 +
sudo a2ensite default-ssl.conf
 +
sudo service apache2 restart
  
 +
==Step 5 — Test Setup==
  
 +
Browse ke
  
 +
https://ip-address-server
  
 +
Anda akan memperoleh warning karena menggunakan self-signed certificate.
 +
Ini tidak apa2
  
 
==Referensi==
 
==Referensi==
  
 
* https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
 
* https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Latest revision as of 16:47, 7 June 2017

sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Pengantar

TLS, atau transport layer security, dan pendahulunya SSL, secure socket layer, adalah protokol keamanan yang dibuat untuk menempatkan lalu lintas normal dalam bungkus terenkripsi yang dilindungi.

Protokol ini memungkinkan lalu lintas dikirim dengan aman di antara pihak-pihak yang berjauhan tanpa kemungkinan lalu lintas dicegat dan dibaca oleh seseorang di tengahnya. Mereka juga berperan dalam memvalidasi identitas domain dan server di seluruh internet dengan membuat server sebagai terpercaya dan asli oleh otoritas sertifikat.

Dalam panduan ini, kami akan membahas cara membuat sertifikat SSL yang ditandatangani sendiri untuk Apache di server Ubuntu terbaru, yang memungkinkan Anda mengenkripsi lalu lintas ke server Anda. Meskipun ini tidak memberikan manfaat validasi pihak ketiga terhadap identitas server Anda, namun ini memenuhi persyaratan orang-orang yang hanya ingin mentransfer informasi dengan aman.

Catatan: Anda mungkin ingin mempertimbangkan untuk menggunakan Let's Encrypt daripada self-signed certificatei. Let's Encrypt adalah otoritas sertifikat baru yang mengeluarkan sertifikat SSL / TLS gratis yang dipercaya di kebanyakan browser web. Simak tutorialnya untuk memulai: Cara Mengamankan Apache dengan Let's Encrypt di Ubuntu 14.04

Kebutuhan

Install apache

sudo apt-get update
sudo apt-get install apache2

Step 1 - Aktifkan SSL Module

Aktifkan SSL & restart apache

sudo a2enmod ssl
sudo service apache2 restart

Step 2 - buat self-sign SSL certificate

Buat folder SSL & buat self-signed certificate

sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Artinya

  • openssl - perintah untuk operasi SSL
  • req - X.509 certificate signing request (CSR)
  • X.509 - self-signed
  • nodes - key file tidak perlu di amankan dengan passphrase
  • days 365 - valid untuk 1 tahun
  • newkey rsa:2048: buat CSR dan private key bersamaan. RSA key panjangnya 2048 bit.
  • keyout: nama outfile dari private key yang dibuat.
  • out: nama certificate file yang dibuat.

Setelah tekan "ENTER", ada beberapa pertanyaan / jawaban yang perlu dilakukan dalam proses adalah,

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company
Organizational Unit Name (eg, section) []:Department of Kittens
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
Email Address []:your_email@domain.com

Sertificate & key akan di letakan di directory /etc/apache2/ssl

Step 3 — Konfigurasi Apache untuk menggunakan SSL

Kita menggunakan default-ssl.conf, edit,

sudo nano /etc/apache2/sites-available/default-ssl.conf

Tampilan file adalah sebagai berikut,

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Kita perlu mengedit

  • ServerAdmin
  • ServerName
  • ServerAlias
  • DocumentRoot
  • Ubah lokasi
  • Ubah SSL certificate & key

Tampilan sesudah di ubah,

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName your_domain.com:443
        ServerAlias www.your_domain.com:443
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>


Step 4 — Aktifkan SSL Virtual Host

Enable SSL virtual host & reload apache, ketik

sudo a2ensite default-ssl.conf
sudo service apache2 restart

Step 5 — Test Setup

Browse ke

https://ip-address-server

Anda akan memperoleh warning karena menggunakan self-signed certificate. Ini tidak apa2

Referensi