VineLinux3.x/Apache2.2/SSLを使うための設定
Last-modified: 2018-02-03 (土) 09:34:02 (2438d)
概要 †
SSL(Secure Socket Layer:暗号化通信)を行うための設定。
Apache2.2では設定ファイルが個別になっており、httpd.confでインクルードするようになっています。
設定手順 †
サーバ用秘密鍵の作成(server.key) †
# mkdir /usr/local/apache2/conf/certs # cd /usr/local/apache2/conf/certs/ # openssl genrsa -out server.key 1024 Generating RSA private key, 1024 bit long modulus ...++++++ ..................++++++ e is 65537 (0x10001) # ls server.key
サーバ用公開鍵の作成(server.csr) †
# openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Hyogo Locality Name (eg, city) []:Akashi Organization Name (eg, company) [Internet Widgits Pty Ltd]:kayanomori.net Organizational Unit Name (eg, section) []:Admin Common Name (eg, YOUR name) []:kayanomori.net Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # ls server.csr server.key
サーバー用証明書の作成(server.crt) †
# openssl x509 -in server.csr -out server.crt -req -signkey server.key -da ys 365 Signature ok subject=/C=JP/ST=Hyogo/L=Akashi/O=kayanomori.net/OU=Admin/CN=kayanomori.net/[email protected] Getting Private key # ls server.crt server.csr server.key
アクセス権の変更 †
# chmod 400 * # ls -l 合計 12 -r-------- 1 root root 977 Aug 18 19:03 server.crt -r-------- 1 root root 720 Aug 18 19:03 server.csr -r-------- 1 root root 887 Aug 18 19:01 server.key
httpd.confの編集 †
httpd-ssl.confをインクルードするためコメントアウトする。
# vi /usr/local/apache2/conf/httpd.conf
# Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf
httpd-ssl.confの編集 †
自分の環境に合うように書き換える。
# vi /usr/local/apache2/conf/extra/httpd-ssl.conf
## ## SSL Virtual Host Context ## <VirtualHost _default_:443> # General setup for the virtual host DocumentRoot "/home/httpd/html" ServerName kayanomori.net:443 ServerAdmin [email protected] # ciphers, etc.) SSLCertificateFile /usr/local/apache2/conf/certs/server.crt #SSLCertificateFile /usr/local/apache2/conf/server-dsa.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /usr/local/apache2/conf/certs/server.key <Directory "/home/httpd/cgi-bin"> SSLOptions +StdEnvVars </Directory>
Apache2の再起動 †
# /etc/rc.d/init.d/apache2 restart httpdを停止中: [ OK ] httpdを起動中: [ OK ]
動作の確認 †
クライアントから、https:// でアクセスし、以下のセキュリティ警告ダイアログが出ればOK。