VineLinux3.x/Apache2.2/SSLを使うための設定 のバックアップソース(No.1)

*概要 [#m9b9fd2d]
Apache2.2でSSL(Secure Socket Layer:暗号化通信)を使うための設定。

*設定手順 [#zca7ab06]

**サーバ用秘密鍵の作成(server.key) [#zc7bd7a9]

 # mkdir /usr/local/apache2/conf/certs
 # cd /usr/local/apache2/conf/certs/
 # openssl genrsa -out server.key 1024
 Generating RSA private key, 1024 bit long modulus
 e is 65537 (0x10001)
 # ls

**サーバ用公開鍵の作成(server.csr) [#ob2c2de6]

 # openssl req -new -key server.key -out server.csr
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 Country Name (2 letter code) [AU]:JP
 State or Province Name (full name) [Some-State]:Hyogo
 Locality Name (eg, city) []:Akashi
 Organization Name (eg, company) [Internet Widgits Pty Ltd]
 Organizational Unit Name (eg, section) []:Admin
 Common Name (eg, YOUR name) []
 Email Address []:[email protected]
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:
 # ls
 server.csr  server.key

**サーバー用証明書の作成(server.crt) [#j18cb796]

 # openssl x509 -in server.csr -out server.crt -req -signkey server.key -da
 ys 365
 Signature ok
 subject=/C=JP/ST=Hyogo/L=Akashi/[email protected]
 Getting Private key
 # ls
 server.crt  server.csr  server.key

**アクセス権の変更 [#i529f893]

 # chmod 400 *
 # ls -l
 合計 12
 -r--------    1 root     root          977 Aug 18 19:03 server.crt
 -r--------    1 root     root          720 Aug 18 19:03 server.csr
 -r--------    1 root     root          887 Aug 18 19:01 server.key


**httpd.confの編集 [#s80639eb]


 # vi /usr/local/apache2/conf/httpd.conf
 # Secure (SSL/TLS) connections
 Include conf/extra/httpd-ssl.conf

**httpd-ssl.confの編集 [#a7b9547f]


 # vi /usr/local/apache2/conf/extra/httpd-ssl.conf
 ## SSL Virtual Host Context
 <VirtualHost _default_:443>
 #   General setup for the virtual host
 DocumentRoot "/home/httpd/html"
 ServerAdmin [email protected]
 #   ciphers, etc.)
 SSLCertificateFile /usr/local/apache2/conf/certs/server.crt
 #SSLCertificateFile /usr/local/apache2/conf/server-dsa.crt
 #   Server Private Key:
 #   If the key is not combined with the certificate, use this
 #   directive to point at the key file.  Keep in mind that if
 #   you've both a RSA and a DSA private key you can configure
 #   both in parallel (to also allow the use of DSA ciphers, etc.)
 SSLCertificateKeyFile /usr/local/apache2/conf/certs/server.key
 <Directory "/home/httpd/cgi-bin">
     SSLOptions +StdEnvVars

** Apache2の再起動 [#o186d33f]

 # /etc/rc.d/init.d/apache2 restart
 httpdを停止中:                                             [  OK  ]
 httpdを起動中:                                             [  OK  ]

** 動作の確認 [#o58a03dc]

クライアントから、https:// でアクセスし、以下のセキュリティ警告ダイアログが出ればOK。


* コメント [#s1bb5648]