Skip to main content

Secure Domain: OpenSSL + APACHE2 = HTTPS

We're trying to build UI Blog using WordpressMU. Right now it has been set with reverse dns, with the same FQDN with my blog machine here. So, because I can't access my running blog, I'll just put the detail here. So, I have warned you that the following is for true believers coz it would be godly language to some of you. :))

My first objective is to run a secure websvn for my docs. So, I digged for the capability of Apache using SSL/TLS connection (https). Thanks to Van's Apache SSL/TLS mini-HOWTO, I could figure out an interesting part: creating a good signing scheme. Eventually, another psycho idea pops: to create a PKI. Wow, another one pops: integrate it with UI SmartCard. Yeah, we'll be the first university in Indonesia to do so! Ups, another one pops: create web applications connect it to... ah never mind, it's part of my intellectual properties, hehehe....

Well, the steps (IP-related is not real):

#1 Install basic debian using debootstrap

#> xen-create-image --hostname=svn.ada.deh --ip=192.168.1.2 --debootstrap --password --boot

The command will give you the guest console so you would be able to login, but if you aren't convenient with that, you just ignore the --boot and start the guest yourself:

#> xm create svn.ada.deh.cfg <-- the cfg prefix is automatically added by xen-tools

Up to this point, it is assumed that we are already in the guest's tty (either via ssh or xen console). Ah, for the sake of complete tutorial (duh, since when this becomes a tutorial? This is a documentation. Well, supposed to... ;P ):

# ssh 192.168.1.2 -l root

#2 Install apache2 and openssl:

# apt-get install apache2 openssl file

Done.

#3 Create key + certificate:

# mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
NOTE: you could put your key else where, this is just for the sake of administration.
The key:
#openssl genrsa -des3 -out svn.ada.deh.key 2048

The certificate:
# openssl req -new -x509 -days 3650 -key svn.ada.deh.key -out svn.ada.deh.crt

And the confirmation:
# openssl x509 -in svn.ada.deh.crt -text -noout

#4 Set the Apache:

Enable SSL:
# a2enmod ssl

# echo "Listen 443" >> /etc/apache2.conf
NOTE: https uses port 443.

Create the site, in this example I use /home/sites/secure as the doc root:
# mkdir -p /home/sites/secure
# cat > /etc/apache2/sites-available/ssl << ?
> NameVirtualHost *:443
>
> ServerName svn.ada.deh
> ServerAdmin orangKeren@ada.deh
> DocumentRoot /home/sites/secure
>
>
> Option indexes
> AllowOverride None
> Allow from all
> order allow, deny
>
>
> SSLEngine On
> SSLCertificateFile /etc/apache2/ssl/svn.ada.deh.crt
> SSLCertificateKeyFile /etc/apache2/ssl/svn.ada.deh.key
>
> ?
I don't know how the typo result, because the Blogger editor errors, but you'll get the point in the three lines containing SSL*.

Enable the sites:
# /etc/init.d/apache2 restart

You'll be prompted with password, insert the passphrase of you key and you'll be fine.

The end.
Labels:

Comments

  1. Ramot9:42 PM

    MATAKUUUU.... KASIHAN MATAKUUUU....

    ReplyDelete
  2. jpmrblood10:25 AM

    @iang:
    publish apanya?

    @ramot:
    Bertobatlah hai manusia... :))

    ReplyDelete
  3. Anonymous3:01 PM

    good job, do that and the international rank of UI will be increased :D

    ReplyDelete

Post a Comment

Popular posts from this blog

STAN vs. UI

Ugh, kasihan banget adek gue. Saking kepinteran dia jadi dapet Akuntansi UI dan STAN. Jadi bingung mau masuk yang mana. Beberapa orang (termasuk orang tua gue), menyarankan masuk STAN. Gue malah memperburuk suasana dengan membela memasuki Akuntansi UI, maklum bela almamater. Duh, gue jadi merasa bersalah bikin dia ragu-ragu. Kira-kira enakan masuk mana, yah? Gue juga gak tahu keuntungan masing-masing. Hasil debat sementara: ~ Untuk jangka panjang masuk UI, untuk jangka pendek STAN. ~~Tapi, dia itu kan cewek, ntar pas menikah kemungkinan besar karir terhambat. Eits, ntar, dulu, sekarang kan jamannya emansipasi, bisa aja cowoknya yang jadi BRT. ~ STAN sarang korupsi, kalo masuk STAN jadi pegawai negeri. Kalo mau kaya harus korupsi. Tapi kalo masuk UI, lulus masuk jadi akuntan publik. Sekarang ini, orang membayar akuntan publik untuk memanipulasi nilai pajak dan aset. *SIGH*. Jadi gak ada yang beres ~ dll. Yah, udah gue jadi bingung, apa lagi dia nanya saran gue. Buah, gue gak pengalaman ...
62 comments
Read more

I Hate Marvel Civil War Storyline In Comic

See this snippets from The Amazing Spiderman: [1] http://scans-daily.dreamwidth.org/4625006.html The snippets on [1] made it clear: Stan Lee made Spidey have a strong believe in Privacy. The comic strips show how Spidey even have to face charges because of his anonymity. The accuser even made many accusation to other entities for political attacks. A fan-art/art I've found in the 90's illustrated Spiderman standing in front of Peter Parker tomb. I don't know if that was originally from comic book or fan-made, 90's are a long time ago. That art mesmerized me and introduced me to the importance of privacy. In late nineties, I was joined to a program hold by an NGO. So, at that time I know how crucial a privacy was (and still is) to humanity. I'm not exaggerating! Humanity would fall to big financial organizations if people could not voice their fears in anonymity. Whistleblowers around the world would not dare to come up. We would not see any suppression ge...
Post a Comment
Read more