Apa
itu SSL? Mungkin kami bisa jelaskan sebagai berikut : SSL memastikan
data transaksi (data yang Anda kirimkan) yang terjadi secara online di
enkripsi/acak sehingga tidak dapat dibaca oleh pihak lain. Kegunaan
utamanya adalah untuk menjaga keamanan dan kerahasiaan data ketika
melakukan transaksi.
Dari
keamanan tersebut diharapkan turut menciptakan kepercayaan dan rasa
aman ketika pengunjung website melakukan transaksi di website anda.
Lalu
bagaimana untuk membuat Sertiifkat SSL pada server Mikrotik?? yang
biasa dipergunakan untuk Hotspot? Ini dia langkah-langkahnya :
1. anda memerlukan file ini openssl-0.9.8h-1-setup.exe (Silahkan Klik disini).
2. membuat key
a. buka CMD
Kemudian ketik c:\program files\Gnuwin32\bin\openssl.exe genrsa -des3 -out hotspot.key 1024 (tekan enter)
Generating RSA private key, 1024 bit long modulus
………………………………..++++++
…………….++++++
e is 65537 (0×10001)
Enter pass phrase for hotspot.key:
Verifying – Enter pass phrase for hotspot.key:
2. membuat key
a. buka CMD
Kemudian ketik c:\program files\Gnuwin32\bin\openssl.exe genrsa -des3 -out hotspot.key 1024 (tekan enter)
Generating RSA private key, 1024 bit long modulus
………………………………..++++++
…………….++++++
e is 65537 (0×10001)
Enter pass phrase for hotspot.key:
Verifying – Enter pass phrase for hotspot.key:
Maka akan terbentuk file hotspot.key
2. Membuat request key
A. Buka mikrotik melalui winbox, kemudian buka terminal lalu ketik /certificate create-certificate-request , Isilah pertanyyan2 yang ada. Nanti akan terbentuk file dengan extentions “.pem” ambil file ini melalui ftp.
2. Membuat request key
A. Buka mikrotik melalui winbox, kemudian buka terminal lalu ketik /certificate create-certificate-request , Isilah pertanyyan2 yang ada. Nanti akan terbentuk file dengan extentions “.pem” ambil file ini melalui ftp.
B. Ketik ini di cmd windows: c:\program files\Gnuwin32\bin\openssl.exe req -new -key hotspot.key -out hotspot.csr
Enter pass phrase for hotspot.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Tangerang
Locality Name (eg, city) []:Tangerang
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Tng
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:celanabolong
Email Address []:apakekdah@yahoo.com
Enter pass phrase for hotspot.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Tangerang
Locality Name (eg, city) []:Tangerang
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Tng
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:celanabolong
Email Address []:apakekdah@yahoo.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:apakekdah
An optional company name []:hotspotan
to be sent with your certificate request
A challenge password []:apakekdah
An optional company name []:hotspotan
maka akan terbentuk file hotspot.csr berdasarkan hotspot.key
3. membuat certificate, ketik perintah berikut pada CMD windows.
c:\program files\Gnuwin32\bin\openssl.exe x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok
subject=/C=ID/ST=Tangerang/L=Tangerang/O=Tng/CN=celanabolong/emailAddress=apakekdah@yahoo.com
Getting Private key
Enter pass phrase for hotspot.key:
c:\program files\Gnuwin32\bin\openssl.exe x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok
subject=/C=ID/ST=Tangerang/L=Tangerang/O=Tng/CN=celanabolong/emailAddress=apakekdah@yahoo.com
Getting Private key
Enter pass phrase for hotspot.key:
dengan demikian akan terbentuk file sertifikat ssl hotspot.crt berdasarkan point 1 dan 2
4. masukan hotspot.key dan hotspot.crt ke dalam mikrotik
copy paste aje biar cepet ke mikrotik lewat winbox, setalah file masuk buka terminal.
5. saatnya Instalasi sertifikat di mikrotik
copy paste aje biar cepet ke mikrotik lewat winbox, setalah file masuk buka terminal.
5. saatnya Instalasi sertifikat di mikrotik
[admin@MikroTik] /certificate>> import file-name=hotspot.crt
passphrase: *********
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
passphrase: *********
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
[admin@MikroTik] /certificate>> import file-name=hotspot.key
passphrase: *********
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
passphrase: *********
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
6. Set koneksi www-ssl dengan sertifikat cert1 yang barusan di import
sebelum di set aktif kan dahulu service nya
/ip service set www-ssl disabled=no
baru dah set
/ip service set www-ssl certificate=cert1
sebelum di set aktif kan dahulu service nya
/ip service set www-ssl disabled=no
baru dah set
/ip service set www-ssl certificate=cert1
di server profile hotspotnya centang https dan pilih certificate yang tadi kita masukin.
kelar dah, silahkan mencoba. :Qodir
kelar dah, silahkan mencoba. :Qodir
———————————————————
tambahan jika ingin file yang sudah jadi bisa di download di bawah ini. (code phass phrase : admin)
tambahan jika ingin file yang sudah jadi bisa di download di bawah ini. (code phass phrase : admin)
