IP

Installasi Web Server HTTPS di Centos 6.8

Installasi Web Server HTTPS di Centos 6.8



1. Install httpd
yum -y install httpd

2. Edit file httpd
vi /etc/httpd/conf/httpd.conf

#pada line 44 : rubah menjadi Prod
ServerTokens Prod

#pada line 76 : rubah menjadi On
KeepAlive On

#pada line 262 : rubah email milik sendiri
ServerAdmin root@domainku.com

#pada line 276 : rubah server name nya
ServerName www.domainku.com:80

#pada line 338 : rubah menjadi All agar .htaccess dapat berjalan
AllowOverride All

#pada line 402 : tambahkan file extension agar dapat di akses pada folder var/www/html
DirectoryIndex Index.html index.htm index.php

#pada line 536 : rubah menjadi Off
ServerSignature Off

#pada line 759 : berikan tanda # didepan
#AddDefaultCharset UTF-8

3. Tambahkan rule berikut di iptables
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

4. Restart Services HTTPD & IPTABLES
chkconfig httpd on
/etc/init.d/httpd restart
/etc/init.d/iptables restart

5. Test akses web server dengan cara http://ipaddresswebserver/ atau http://domainku.com/

Berikutnya Konfigurasi HTTPD dengan SSL connenction

6. Buat Certificate SSL
cd /etc/pki/tls/certs
make server.key
Enter pass phrase: #isikan password
Verifying – Enter pass phrase: #masukan kembali password

7. Lanjut masih di dalam folder certs
openssl rsa -in server.key -out server.key
Enter pass phrase for server.key: #masukan password yg sama dari step ke 6

8. Membuat Certificate Signing Request
make server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ID #masukan negara
State or Province Name (full name) [e]:Jakarta #provinsi
Locality Name (eg, city) [Default City]:Jakarta #kota
Organization Name (eg, company) [Default Company Ltd]:PT. XXX #perusahaan
Organizational Unit Name (eg, section) []:XXX #department
Common Name (eg, your server's hostname) []:www.domainku.com #masukan domain FQDN
Email Address []:xxx@domainku.com # email address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: # Enter
An optional company name []: # Enter

9. membuat signature dan expire certificate
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=ID/ST=Jakarta/L=Jakarta/O=PT.XXX/OU=XXX/CN=www.domainku.com/emailAddress=xxx@domainku.com Getting Private key
chmod 400 server.*

10. Konfigurasi SSL di httpd
yum -y install mod_ssl

11. Edit file SSL.CONF
vi /etc/httpd/conf.d/ssl.conf
#pada line 77 : hilangkan tanda #
DocumentRoot “/var/www/html”

#pada line 78 : hilangkan tanda # dan rubah servername nya
ServerName www.domainku.com:443

#pada line 93 : rubah menjadi
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

#pada line 105
SSLCertificateFile /etc/pki/tls/certs/server.crt

#pada line 112
SSLCertificateKeyFile /etc/pki/tls/certs/server.key

12. Restart Services HTTPD
/etc/init.d/httpd restart

13. Akses Web Server dengan url https://ipwebserver.com/ atau https://domainku.com/

0 komentar:

Post a comment