VineLinux3.x/Apache2.0/SSLを使うための設定 のバックアップ差分(No.5)

  • 追加された行はこの色です。
  • 削除された行はこの色です。
* 概要 [#id4fbfb5]

Apache2でSSL(Secure Socket Layer:暗号化通信)を使うための設定

** ssl.confの設定 [#ledbd0fa]

 vi /usr/local/apache2/conf/ssl.conf

 <VirtualHost _default_:443>
 #   General setup for the virtual host
 DocumentRoot "/home/httpd/html"
 ServerAdmin [email protected]
 SSLCertificateFile /usr/local/apache2/conf/certs/server.crt
 SSLCertificateKeyFile /usr/local/apache2/conf/certs/server.key
 <Directory "/home/httpd/cgi-bin">
     SSLOptions +StdEnvVars

** サーバ用秘密鍵の作成(server.key) [#s0d17929]

 # mkdir /usr/local/apache2/conf/certs
 # cd /usr/local/apache2/conf/certs/
 # openssl genrsa -out server.key 1024
 Generating RSA private key, 1024 bit long modulus
 e is 65537 (0x10001)

** サーバ用公開鍵の作成(server.csr) [#l8a739d0]

 # openssl req -new -key server.key -out server.csr
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 Country Name (2 letter code) [AU]:JP
 State or Province Name (full name) [Some-State]:Fukuoka
 Locality Name (eg, city) []:Iizuka
 Organization Name (eg, company) [Internet Widgits Pty Ltd]
 Organizational Unit Name (eg, section) []:Admin
 Common Name (eg, YOUR name) []
 Email Address []:[email protected]
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:

** サーバー用証明書の作成(server.crt) [#ya773313]

 # openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
 Signature ok
 subject=/C=JP/ST=Fukuoka/L=Iizuka/[email protected]
 Getting Private key

** 秘密鍵、公開鍵、証明書ができたことを確認します [#h9dbcead]

 # ls
 server.crt  server.csr  server.key

** 所有権の変更 [#a3d8aebd]

 # chmod 400 *
 # ls -l
 合計 12
 -r--------    1 root     root          973 May 20 14:13 server.crt
 -r--------    1 root     root          716 May 20 13:51 server.csr
 -r--------    1 root     root          887 May 20 13:45 server.key

** とりあえずapache2を再起動してみる。 [#n95023ab]

 # /etc/rc.d/init.d/apache2 restart
 httpdを停止中:                                             [  OK  ]
 httpdを起動中:                                             [  OK  ]


 # less /usr/local/apache2/logs/error_log
 [warn] Init: Session Cache is not configured [hint: SSLSessionC

** 起動スクリプトに手を加えてSSLを有効にする。 [#m32d857e]

[[Webサーバ - Apache2のインストール]]で作った起動スクリプトを修正します。
起動オプションに-D SSLを付け加える。

 # vi /etc/rc.d/ini.d/apache2

 start() {
         echo -n $"Starting $prog: "
         check13 || exit 1
         if [ ! -f /usr/local/apache2/bin/httpd ] ; then
           echo "test update alternatives"
           /sbin/update-alternatives --auto apache2
         daemon $httpd -D SSL $OPTIONS      ← -D SSLを付け加える。
         [ $RETVAL = 0 ] && touch /usr/local/apache2/logs/accept.lock
         return $RETVAL

 # /etc/rc.d/init.d/apache2 restart
 httpdを停止中:                                             [  OK  ]
 httpdを起動中:                                             [  OK  ]


** 動作の確認 [#t28c4697]

クライアントから、https:// でアクセスします。



* コメント [#ma34279e]