Sabtu, 01 Oktober 2011

Hi Everyone. I'd like to post my experience to you all..
This is about "How to make a HTTPS on website"

Let's check It Out.. :)

HTTPS = Hyper Text Transport Protocol Secure

First : You must to configure web server (apache2)

1. To view debian package of open SSL
root@ajeng-laptop:/home/ajeng# dpkg -l | grep openssl
ii  openssl 0.9.8k-7ubuntu8.6                               Secure Socket Layer (SSL) binary and related
ii  python-openssl                       0.10-1                                          Python wrapper around the OpenSSL library

2. Make a certificate of SSL using open SSL
root@ajeng-laptop:/home/ajeng# mkdir /etc/ssl/CA
root@ajeng-laptop:/home/ajeng# cd /etc/ssl/CA
root@ajeng-laptop:/etc/ssl/CA# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..................++++++
...............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
root@ajeng-laptop:/etc/ssl/CA# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
root@ajeng-laptop:/etc/ssl/CA# openssl req -new -days 3650 -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:id
State or Province Name (full name) [Some-State]:west java
Locality Name (eg, city) []:bandung
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Kharima Jaya
Organizational Unit Name (eg, section) []:Kharima Jaya
Common Name (eg, YOUR name) []:Ajeng
Email Address []:jengaah.chubby@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []: 
root@ajeng-laptop:/etc/ssl/CA# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=id/ST=west java/L=bandung/O=Kharima Jaya/OU=Kharima Jaya/CN=Ajeng/emailAddress=jengaah.chubby@gmail.com
Getting Private key
root@ajeng-laptop:/etc/ssl/CA# chmod 400 server.*
root@ajeng-laptop:/etc/ssl/CA# nano /etc/apache2/sites-available/default
default      default-ssl 
root@ajeng-laptop:/etc/ssl/CA# nano /etc/apache2/sites-available/default-ssl
root@ajeng-laptop:/etc/ssl/CA# nano /etc/apache2/sites-available/default-ssl
root@ajeng-laptop:/etc/ssl/CA# vi /etc/apache2/sites-available/default-ssl
root@ajeng-laptop:/etc/ssl/CA# gedit /etc/apache2/sites-available/default-ssl
root@ajeng-laptop:/etc/ssl/CA# ls
server.crt  server.csr  server.key
root@ajeng-laptop:/etc/ssl/CA# gedit /etc/apache2/sites-available/default-ssl
root@ajeng-laptop:/etc/ssl/CA# ls /etc/apache2/sites-available/
default  default-ssl
root@ajeng-laptop:/etc/ssl/CA# ls /etc/apache2/sites-enabled/
root@ajeng-laptop:/etc/ssl/CA# a2ensite default-ssl
Enabling site default-ssl.
Run '/etc/init.d/apache2 reload' to activate new configuration!
root@ajeng-laptop:/etc/ssl/CA# /etc/init.d/apache2 reload
 * Reloading web server config apache2                                          apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName[ OK ]                                               


Second :  You must install this software to support your web application. Install this software at 'user root'
1. phpMyAdmin

root@ajeng-laptop: sudo apt-get install phpmyadmin

2. php5

root@ajeng-laptop: sudo apt-get install php5 libapache2-mod-php5
(active your php and apache)
 
3. MySQL server

root@ajeng-laptop: sudo apt-get install mysql-server
root@ajeng-laptop: gksudogedit/etc/mysql/my.cnf
bind-address = 127.0.0.1 (Input your IP Address)

root@ajeng-laptop: mysql -u root –p (ask for password)
root@ajeng-laptop:

(active your php and apache)
root@ajeng-laptop: sudo /etc/init.d/apache2 restart

please TRY IT... :)