Difference between revisions of "SSL: Mengaktifkan SSL HTTPS dari CA Sectigo"

From OnnoWiki
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 15: Line 15:
 
  onnocenter.or.id.key
 
  onnocenter.or.id.key
  
Copykan,
+
Copykan semua file .crt, .ca-bundle, .key ke folder /etc/apache2/ssl
  
 +
sudo su
 
  mkdir /etc/apache2/ssl
 
  mkdir /etc/apache2/ssl
 +
 +
contoh,
 +
 
  cp  AAA_Certificate_Services.crt /etc/apache2/ssl
 
  cp  AAA_Certificate_Services.crt /etc/apache2/ssl
 
  cp USERTrust_RSA_Certification_Authority.crt /etc/apache2/ssl
 
  cp USERTrust_RSA_Certification_Authority.crt /etc/apache2/ssl
Line 48: Line 52:
 
         '''SSLCertificateKeyFile /etc/apache2/ssl/example.com.key'''
 
         '''SSLCertificateKeyFile /etc/apache2/ssl/example.com.key'''
 
         '''SSLCACertificateFile /etc/apache2/ssl/ca-certificate.ca-bundle'''
 
         '''SSLCACertificateFile /etc/apache2/ssl/ca-certificate.ca-bundle'''
         # ATAU
+
        #
 +
         # ATAU berapa CA certificate file di letakan di folder apache2/ssl/
 +
        #
 
         '''SSLCACertificatePath /etc/apache2/ssl/'''
 
         '''SSLCACertificatePath /etc/apache2/ssl/'''
 
         <FilesMatch "\.(cgi|shtml|phtml|php)$">
 
         <FilesMatch "\.(cgi|shtml|phtml|php)$">
Line 63: Line 69:
 
  </IfModule>
 
  </IfModule>
  
 +
==Aktifkan SSL Virtual Host==
 +
 +
enable SSL
  
==Aktifkan SSL Virtual Host==
+
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/
  
enable
+
atau
  
 
  sudo a2ensite default-ssl.conf
 
  sudo a2ensite default-ssl.conf
  
restart
+
restart apache
  
 
  sudo service apache2 restart
 
  sudo service apache2 restart
 
  sudo systemctl reload apache2
 
  sudo systemctl reload apache2
  
 +
==Cek==
 +
 +
systemctl status apache2
 +
 +
pastikan tidak ada error
  
 
==Referensi==
 
==Referensi==
  
 
* https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
 
* https://httpd.apache.org/docs/2.4/mod/mod_ssl.html

Latest revision as of 17:21, 2 January 2022

Dari Sectigo / Comodo akan memperoleh 2 atau 3 file dalam bentuk zip. Jika file zip dibuka akan berisi, misalnya 3 file,

AAA_Certificate_Services.crt
USERTrust_RSA_Certification_Authority.crt
onnocenter_or_id.crt


atau misalnya 2 file, misalnya

sectigo-atau-comodo.ca-bundle
onnocenter.or.id.crt

Dengan file private key, misalnya,

onnocenter.or.id.key

Copykan semua file .crt, .ca-bundle, .key ke folder /etc/apache2/ssl

sudo su
mkdir /etc/apache2/ssl

contoh,

cp  AAA_Certificate_Services.crt /etc/apache2/ssl
cp USERTrust_RSA_Certification_Authority.crt /etc/apache2/ssl
cp onnocenter_or_id.crt /etc/apache2/ssl
cp onnocenter.or.id.key /etc/apache2/ssl

Edit Apache Conf

File-file ini harus di masukan ke configurasi apache. Yang perlu dilakukan di Server Apache adalah,

sudo a2enmod ssl
sudo service apache2 restart
cd /etc/apache2/sites-available
cp default-ssl.conf default-ssl.conf.asli
sudo vi /etc/apache2/sites-available/default-ssl.conf

Edit agar,

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/example.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
        SSLCACertificateFile /etc/apache2/ssl/ca-certificate.ca-bundle
        #
        # ATAU berapa CA certificate file di letakan di folder apache2/ssl/
        #
        SSLCACertificatePath /etc/apache2/ssl/
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Aktifkan SSL Virtual Host

enable SSL

cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/

atau

sudo a2ensite default-ssl.conf

restart apache

sudo service apache2 restart
sudo systemctl reload apache2

Cek

systemctl status apache2

pastikan tidak ada error

Referensi