Lompat ke konten Lompat ke sidebar Lompat ke footer

Cara konfigurasi SSL Certificate di Centos 8 Server

Cara konfigurasi SSL Certificate di Centos 8 Server

Assalamu’alaikum Warahmatullahi Wabarakatuh, Selamat pagi sobat blogger sekalian, apa kabar semuanya... Pada kesempatan kali ini saya akan share bagaimana Cara konfigurasi SSL Certificate di Centos 8 Server.

Artikel ini adalah lanjutan dari artikel sebelumnya yaitu Cara Install Web Server di Centos 8 Server dan kali ini kita akan lanjutkan dengan konfigurasi SSL Certificate.

Self Signed Certificate merupakan sertifikat yang dibuat sendiri dan kemudian menyetujuinya (signed) sendiri juga. Self Signed Certificate bermanfaat misalnya untuk keperluan internal atau proses development website yang kedepannya akan menggunakan SSL.

Pada tutorial kali ini sobat akan belajar bagaimana cara konfigurasi SSL Certificate di Centos 8 server. Oke Langsung saja ikuti step by step Tutorial Cara konfigurasi SSL Certificate di Centos 8 Server. 


Baca Juga : Cara Install DHCP di Centos 8 Server
Baca Juga : Cara Setting SSH di Centos 8 Server

Installasi 

Sebelumnya Install Paket module SSL terlebih dahulu
[root@srv1 ~]# dnf install -y mod_ssl openssl
kita akan buat dua buah certificate pada direktori /etc/pki/tls/certs
[root@srv1 ~]# cd /etc/pki/tls/certs/
Buat sertificate dengan nama server.key     
[root@srv1 certs]# openssl genrsa -aes128 > server.key
Generating RSA private key, 2048 bit long modulus (2 primes)
..........+++++
........................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase: [Masukan Password]
Verifying - Enter pass phrase: [Masukan Password]
Kemudian hapus passphrase dari private.key          
[root@srv1 certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key: [Masukan Password]
writing RSA key 
Buat csr sertificate
[root@srv1 certs]# openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Jawa Barat
Locality Name (eg, city) [Default City]:Jakarta
Organization Name (eg, company) [Default Company Ltd]:PT.Contoh
Organizational Unit Name (eg, section) []:Sysadmin
Common Name (eg, your name or your server's hostname) []:krisnawanto777.com
Email Address []:sysadmin@krisnawanto777.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [ENTER]
An optional company name []: [ENTER]
Kemudian atur waktu valid dari certificate
[root@srv1 certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=C = IN, ST = Jawa Barat, L = Jakarta, O = PT.Asal, OU = Sysadmin, CN = krisnawanto777.com, emailAddress = sysadmin@krisnawanto777.com
Getting Private key
Ganti permission file
[root@srv1 certs]# chmod 600 server.key
[root@srv1 certs]# ll server.*
-rw-r--r--. 1 root root 1379 May  9 20:41 server.crt
-rw-r--r--. 1 root root 1086 May  9 20:40 server.csr
-rw-------. 1 root root 1675 May  9 20:39 server.key
Copy file server.key ke direktori /etc/pki/tls/private/
[root@srv1 certs]# cp server.key /etc/pki/tls/private/
Edit File ssl.conf
[root@srv1 certs]# nano /etc/httpd/conf.d/ssl.conf 
Lalu Edit seperti dibawah ini
#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
#   require an ECC certificate which can also be configured in
#   parallel.
SSLCertificateFile /etc/pki/tls/certs/server.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/pki/tls/private/server.key
Edit file virtualhost
[root@srv1 certs]# nano /etc/httpd/conf.d/krisnawanto777.conf
Edit file seperti dibawah ini
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/server.crt
        SSLCertificateKeyFile /etc/pki/tls/private/server.key
        DocumentRoot /var/www/html/krisnawanto777
        ServerName www.krisnawanto777.com
        ServerAlias krisnawanto777.com
        ServerAdmin admin@krisnawanto777.com
        ErrorLog logs/virtual.host_log
        CustomLog logs/virtual.host-access_log combined
</VirtualHost>
Restart service httpd
[root@srv1 certs]# systemctl restart httpd

Pengetesan

Buka browser dari PC Client lalu akses menggunakan https://www.namadomain.com

cara, konfigurasi, ssl, certificate, di, centos, 8, server

Hasilnya

cara, konfigurasi, ssl, certificate, di, centos, 8, server

Demikian kira-kira tutorial Cara konfigurasi SSL Certificate di Centos 8 Server ini saya buat. Semoga bermafaat untuk kita semua. Silahkan Share Jika Kalian merasa postingan ini bermanfaat. Sekian & Terimakasih Salam.


Artikel Selanjutnya : Cara Setting Web Authentication di Centos 8 Server

Posting Komentar untuk "Cara konfigurasi SSL Certificate di Centos 8 Server"