*概要 [#m9b9fd2d]
Apache2.2でSSL(Secure Socket Layer:暗号化通信)を使うための設定。
SSL(Secure Socket Layer:暗号化通信)を行うための設定。
Apache2.2では設定ファイルが個別になっており、httpd.confでインクルードするようになっています。
*設定手順 [#zca7ab06]
**サーバ用秘密鍵の作成(server.key) [#zc7bd7a9]
# mkdir /usr/local/apache2/conf/certs
# cd /usr/local/apache2/conf/certs/
# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
...++++++
..................++++++
e is 65537 (0x10001)
# ls
server.key
**サーバ用公開鍵の作成(server.csr) [#ob2c2de6]
# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Hyogo
Locality Name (eg, city) []:Akashi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:kayanomori.net
Organizational Unit Name (eg, section) []:Admin
Common Name (eg, YOUR name) []:kayanomori.net
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# ls
server.csr server.key
**サーバー用証明書の作成(server.crt) [#j18cb796]
# openssl x509 -in server.csr -out server.crt -req -signkey server.key -da
ys 365
Signature ok
subject=/C=JP/ST=Hyogo/L=Akashi/O=kayanomori.net/OU=Admin/CN=kayanomori.net/[email protected]
Getting Private key
# ls
server.crt server.csr server.key
**アクセス権の変更 [#i529f893]
# chmod 400 *
# ls -l
合計 12
-r-------- 1 root root 977 Aug 18 19:03 server.crt
-r-------- 1 root root 720 Aug 18 19:03 server.csr
-r-------- 1 root root 887 Aug 18 19:01 server.key
**httpd.confの編集 [#s80639eb]
httpd-ssl.confをインクルードするためコメントアウトする。
# vi /usr/local/apache2/conf/httpd.conf
>
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
**httpd-ssl.confの編集 [#a7b9547f]
自分の環境に合うように書き換える。
# vi /usr/local/apache2/conf/extra/httpd-ssl.conf
>
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/home/httpd/html"
ServerName kayanomori.net:443
ServerAdmin [email protected]
# ciphers, etc.)
SSLCertificateFile /usr/local/apache2/conf/certs/server.crt
#SSLCertificateFile /usr/local/apache2/conf/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /usr/local/apache2/conf/certs/server.key
<Directory "/home/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
** Apache2の再起動 [#o186d33f]
# /etc/rc.d/init.d/apache2 restart
httpdを停止中: [ OK ]
httpdを起動中: [ OK ]
** 動作の確認 [#o58a03dc]
クライアントから、https:// でアクセスし、以下のセキュリティ警告ダイアログが出ればOK。
#ref(ssl.png)
* コメント [#s1bb5648]
#comment