https://lms.onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=Mengaktifkan_HTTPS_di_ApacheMengaktifkan HTTPS di Apache - Revision history2026-04-20T16:16:51ZRevision history for this page on the wikiMediaWiki 1.45.1https://lms.onnocenter.or.id/wiki/index.php?title=Mengaktifkan_HTTPS_di_Apache&diff=63841&oldid=prev124.158.181.198: Created page with "Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04. Cara di Ubuntu dan Debian yang..."2021-11-22T03:44:28Z<p>Created page with "Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04. Cara di Ubuntu dan Debian yang..."</p>
<p><b>New page</b></p><div>Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04. Cara di Ubuntu dan Debian yang baru kemungkinan besar hampir sama,<br />
<br />
Install Apache menggunakan perintah<br />
<br />
sudo apt update<br />
sudo apt -y install apache2<br />
<br />
Untuk mengaktifkan SSL module dapat menggunakan perintah,<br />
<br />
sudo a2enmod ssl<br />
<br />
Selanjutnya kita perlu me-restart Apache,<br />
<br />
sudo service apache2 restart<br />
<br />
Masalah utama dalam SSL adalah kita harus meminta SSL Certificate. Kita dapat membuat sendiri Self-Signed SSL Certificate. Caranya pertama-tama dengan membuat folder,<br />
<br />
sudo mkdir /etc/apache2/ssl<br />
<br />
Membuat SSL Certificate menggunakan perintah,<br />
<br />
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt<br />
<br />
Isi parameter-nya denga, misalnya<br />
<br />
Country Name (2 letter code) [AU]:ID<br />
State or Province Name (full name) [Some-State]:DKI<br />
Locality Name (eg, city) []:Jakarta<br />
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA<br />
Organizational Unit Name (eg, section) []:RND<br />
Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id<br />
Email Address []:onno@organisasi-anda.id<br />
<br />
<br />
Keterangan lebih lanjut tentang perintah openssl adalah,<br />
<br />
openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.<br />
req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.<br />
-x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.<br />
-nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.<br />
-days 365: This specifies that the certificate we are creating will be valid for one year.<br />
-newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.<br />
-keyout: This parameter names the output file for the private key file that is being created.<br />
-out: This option names the output file for the certificate that we are generating.<br />
<br />
Setelah SSL Certificate di buat, kita dapat mengkonfigurasi apache agar menggunakan SSL Certificate yang kita buat melalui perintah berikut,<br />
<br />
cd /etc/apache2/sites-available<br />
cp default-ssl.conf default-ssl.conf.asli<br />
sudo vi /etc/apache2/sites-available/default-ssl.conf<br />
<br />
Jika comment (#) dibuang, maka akan tampak sebagai berikut,<br />
<br />
<IfModule mod_ssl.c><br />
<VirtualHost _default_:443><br />
ServerAdmin webmaster@localhost<br />
DocumentRoot /var/www/html<br />
ErrorLog ${APACHE_LOG_DIR}/error.log<br />
CustomLog ${APACHE_LOG_DIR}/access.log combined<br />
SSLEngine on<br />
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem<br />
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key<br />
<FilesMatch "\.(cgi|shtml|phtml|php)$"><br />
SSLOptions +StdEnvVars<br />
</FilesMatch><br />
<Directory /usr/lib/cgi-bin><br />
SSLOptions +StdEnvVars<br />
</Directory><br />
BrowserMatch "MSIE [2-6]" \<br />
nokeepalive ssl-unclean-shutdown \<br />
downgrade-1.0 force-response-1.0<br />
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown<br />
</VirtualHost><br />
</IfModule><br />
<br />
Kita perlu mengkonfigurasi<br />
<br />
ServerAdmin<br />
ServerName<br />
ServerAlias<br />
DocumentRoot<br />
<br />
PENTING untuk di ingat bahwa lokasi Apache SSL certificate & key adalah,<br />
<br />
SSLCertificateFile /etc/apache2/ssl/apache.crt<br />
SSLCertificateKeyFile /etc/apache2/ssl/apache.key<br />
<br />
Tampilan akhirnya file konfigurasi setelah semua parameter dimasukan adalah sebagai berikut,<br />
<br />
<IfModule mod_ssl.c><br />
<VirtualHost _default_:443><br />
ServerAdmin admin@example.com<br />
ServerName your_domain.com<br />
ServerAlias www.your_domain.com<br />
DocumentRoot /var/www/html<br />
ErrorLog ${APACHE_LOG_DIR}/error.log<br />
CustomLog ${APACHE_LOG_DIR}/access.log combined<br />
SSLEngine on<br />
SSLCertificateFile /etc/apache2/ssl/apache.crt<br />
SSLCertificateKeyFile /etc/apache2/ssl/apache.key<br />
<FilesMatch "\.(cgi|shtml|phtml|php)$"><br />
SSLOptions +StdEnvVars<br />
</FilesMatch><br />
<Directory /usr/lib/cgi-bin><br />
SSLOptions +StdEnvVars<br />
</Directory><br />
BrowserMatch "MSIE [2-6]" \<br />
nokeepalive ssl-unclean-shutdown \<br />
downgrade-1.0 force-response-1.0<br />
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown<br />
</VirtualHost><br />
</IfModule><br />
<br />
Selanjutnya, kita perlu mengaktifkan SSL Virtual Host melalui perintah<br />
<br />
sudo a2ensite default-ssl.conf<br />
<br />
Apache perlu di restart menggunakan perintah<br />
<br />
sudo service apache2 restart<br />
sudo systemctl reload apache2<br />
<br />
Untuk mentest setup, kita dapat browse ke<br />
<br />
https://server_domain_name_or_IP<br />
https://192.168.0.100<br />
<br />
kemungkinan akan dapat warning apache ssl warning :) ...</div>124.158.181.198