Tutorial ini menggunakan certificate ssl buatan sendiri
Bikin certificate
sudo openssl req -new > new.cert.csr
Hasil:
Generating a RSA private key
........+++++
........................................................................................+++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase: (bikin password)
Verifying - Enter PEM pass phrase: (ulangi password)
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID (masukkan kode negara)
State or Province Name (full name) [Some-State]:Central Java (provinsi Anda)
Locality Name (eg, city) []:Cilacap (kabupaten)
Organization Name (eg, company) [Internet Widgits Pty Ltd]:openSUSE webserver (tempat kerja Anda)
Organizational Unit Name (eg, section) []:Admin Server (jabatan Anda)
Common Name (e.g. server FQDN or YOUR name) []:malik.net.id (nama web Anda)
Email Address []:malik@malik.net.id (email Anda)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: (klik enter)
An optional company name []: (klik enter)
Bikin key
sudo openssl rsa -in privkey.pem -out new.cert.key
Hasil
Enter pass phrase for privkey.pem: (masukkan password certificate)
writing RSA key
Set masa aktif
sudo openssl x509 -in new.cert.csr -out new.cert.cert -req \
-signkey new.cert.key -days 365
Hasil
Signature ok
subject=C = ID, ST = Central Java, L = Cilacap, O = openSUSE webserver, OU = Admin Server, CN = malik.net.id, emailAddress = malik@malik.net.id
Getting Private key
Salin
sudo cp new.cert.cert /etc/apache2/ssl.crt/server.crt
sudo cp new.cert.key /etc/apache2/ssl.key/server.key
Cara pakai
Bikin config
cd /etc/apache2/vhosts.d/
cp vhost-ssl.template malik-ssl.conf
Edit config
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/srv/www/htdocs"
#ServerName www.example.com:443
ServerAdmin malik@malik.net.id
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# OCSP Stapling:
# Enable/Disable OCSP for this virtual host.
SSLUseStapling on
# You can use per vhost certificates if SNI is supported.
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine>
</IfDefine>
Restart webserver
systemctl restart apache2
Buka browser
https://malik.net.id
Klik Advanced...
dan klik Accept Risk and Continue
Jika Menggunakan chrome
Klik Advanced
dan klik Proceed to malik.net.id (unsafe)