Difference between revisions of "SSL: Mengaktifkan SSL HTTPS dari CA Sectigo"

Dari Sectigo akan memperoleh 3 file dalam bentuk zip. Jika file zip dibuka akan berisi, misalnya,

AAA_Certificate_Services.crt
USERTrust_RSA_Certification_Authority.crt
onnocenter_or_id.crt

Dengan file private key, misalnya,

onnocenter.or.id.key

Copykan,

mkdir /etc/apache2/ssl
cp  AAA_Certificate_Services.crt /etc/apache2/ssl
cp USERTrust_RSA_Certification_Authority.crt /etc/apache2/ssl
cp onnocenter_or_id.crt /etc/apache2/ssl
cp onnocenter.or.id.key /etc/apache2/ssl

Edit Apache Conf

File-file ini harus di masukan ke configurasi apache. Yang perlu dilakukan di Server Apache adalah,

sudo a2enmod ssl
sudo service apache2 restart

cd /etc/apache2/sites-available
cp default-ssl.conf default-ssl.conf.asli
sudo vi /etc/apache2/sites-available/default-ssl.conf

Edit agar,

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/example.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
        SSLCACertificatePath /etc/apache2/ssl/
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Aktifkan SSL Virtual Host

enable

sudo a2ensite default-ssl.conf

restart

sudo service apache2 restart
sudo systemctl reload apache2

Referensi

• https://httpd.apache.org/docs/2.4/mod/mod_ssl.html