Fiuhhh...... ALhamdulillahi robbil 'alamiin!
Akhirnya selesai juga saya mengkonfigurasi Apache dengan OpenSSL, seperti biasa OpeSSL di-compile dulu baru Apache. setelag semua sudah berjalan dengan baik baru bikin certificate untuk server. o..ya gunakan option "--with-ssl" pada saat kompilasi Apache agar terinstall module "mod_ssl" dan tambahkan baris berikut di file
/etc/sysconfig/httpd
OPTIONS=" -k start -DSSL"
Compile OpenSSL!
[hani@sunfire ]$ ./config --prefix=/usr/local/ssl shared zlib-dynamic
[hani@sunfire ]$ make
[hani@sunfire ]$ make test
[root@sunfire ]# make install
Compile Apache2!
$ ./configure --prefix=/usr/local/apache2 --enable-ssl --enable-mods-shared=most --enable-deflate --enable-example --enable-headers --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --with-z=/usr/local --with-ssl=/usr/local/ssl --enable-rewrite --enable-suexec --enable-so --enable-auth-digest --with-suexec-bin=/usr/local/apache2/bin/suexec --with-suexec-caller=www --with-suexec-userdir=htdocs --with-suexec-docroot=/ --with-suexec-uidmin=99 --with-suexec-gidmin=99 --with-suexec-logfile=/usr/local/apache2/logs/suexec_log --with-suexec-safepath=/usr/local/bin:/usr/bin:/bin
Bikin CA Root
$ openssl genrsa -des3 -out ca.key 1024 -rand random-bits
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Bikin Cert Server
$ openssl genrsa -out server.key 1024
$ openssl req -new -key server.key -out server.csr
$ openssl ca -out server.crt -infiles server.csr
$ openssl verify -CAfile ca.crt server.crt
No comments:
Post a Comment