Welcome Guest 
¥á¥¤¥ó¥á¥Ë¥å¡¼
¥í¥°¥¤¥ó
¥æ¡¼¥¶¡¼Ì¾:

¥Ñ¥¹¥ï¡¼¥É:


¥Ñ¥¹¥ï¡¼¥Éʶ¼º

¿· ¤¢¤­¤éÍÍ¤Î¥Ö¥í¥°
¤¢¤­¤é¤Î¥Ú¡¼¥¸¸«¤ë¤Ã¤Æ»ö¤Ï²Ë¤·¤È¤ó¤Î¡©¥Ö¥í¥°
¥é¥ó¥­¥ó¥°»²²ÃÍÑ¥ê¥ó¥¯
¥«¥¦¥ó¥¿¡¼
Î߷ס§
ËÜÆü¡§
ºòÆü¡§
¥È¥Ã¥× (¥á¥Ë¥å¡¼)  >  Openssl¤Î¥¤¥ó¥¹¥È¡¼¥ë

Openssl¤Î¥¤¥ó¥¹¥È¡¼¥ë

apache¤ÇhttpsÀܳ¤Ç¤­¤ë¤è¤¦¤Ë¤·¤Þ¤¹¡£



Openssl¥Ñ¥Ã¥±¡¼¥¸¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
apt-get install openssl


openssl version
¤ÈÆþÎϤ·¡¢OpenSSL¤Î¥Ð¡¼¥¸¥ç¥ó¤¬É½¼¨¤µ¤ì¤ì¤Ð¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Þ¤¹¡£


mod_ssl¤òÍ­¸ú¤Ë¤·¤Þ¤¹¡£
a2enmod ssl

ÀßÄê¤òÈ¿±Ç¤¹¤ë¤¿¤á¡¢
/etc/init¡Çd/apache2 force-reload


ºî¶È¥Ç¥£¥ì¥¯¥È¥ê¤ò°Üư¤·¡¢ÈëÌ©¸°¤òºîÀ®¤·¤Þ¤¹¡£
cd /tmp

openssl genrsa -des 1024 > server.key

Enter Pass phrase:¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Þ¤¹¡£
Verifying Enter Pass Phrase:Àè¤Û¤É¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òºÆ¤ÓÆþÎϤ·¤Þ¤¹¡£

[¥ª¥×¥·¥ç¥ó]
genrsa¡§ºîÀ®¤¹¤ë¸°¤ò»ØÄꤹ¤ë¥ª¥×¥·¥ç¥ó¤Ç¡¢RSA¤È¤¤¤¦¥¿¥¤¥×¤Î¸°¤òºîÀ®¤¹¤ë¡£
-des¡§¤É¤Î¸°ºîÀ®¤Î¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ¹¤ë¤«»ØÄꤹ¤ë¥ª¥×¥·¥ç¥ó¤Ç¡¢DES3¤È¤¤¤¦¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ·¤ÆºîÀ®¤¹¤ë¡£
1024¡§¸°¤ÎŤµ¤ò»ØÄꤹ¤ë¡£(1024¥Ó¥Ã¥È)


ÈëÌ©¸°¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òºï½ü¤·¤Þ¤¹¡£
openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:Àè¤Û¤ÉÀßÄꤷ¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Þ¤¹¡£

[¥ª¥×¥·¥ç¥ó]
rsa¡§ºîÀ®¤¹¤ë¸°¤Î¼ïÎà¤ò»ØÄꤷ¤Þ¤¹¡£º£²ó¤Ï¡¢RSA¸°¤Ç¤¹¤Î¤Çrsa¤ò»ØÄꤹ¤ë¡£
-in¡§°Å¹æ²½¤µ¤ì¤¿¸°¤ò»ØÄꤹ¤ë¥ª¥×¥·¥ç¥ó¤Ç¤¹¡£°Å¹æ²½¤·¤ÆºîÀ®¤·¤¿server.key¤ò»ØÄꤷ¤Æ¤¤¤Þ¤¹¡£
-out¡§½ÐÎϤ¹¤ë¾ÚÌÀ½ñ¤Î¥Õ¥¡¥¤¥ë̾¤ò»ØÄꤹ¤ë¥ª¥×¥·¥ç¥ó¤Ç¤¹¡£°Å¹æ²½¤·¤Æ¤¤¤¿server.key¤È¤¤¤¦Ì¾Á°¤ÇÊݸ¤·¤Æ¤âOK¡£


¸ø³«¸°¡ÊCSR¥Õ¥¡¥¤¥ë¡Ë¤òºîÀ®¤·¤Þ¤¹¡£
openssl req -new -key server.key -out server.csr

ÆþÎϤ¹¤ë¤³¤È¤Ï¡¢¾å¤«¤é
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
(Ǥ°Õ)
www.¥³¥â¥ó¥Í¡¼¥à.net(¥³¥â¥ó¥Í¡¼¥à¤Ï¡¢¥µ¡¼¥Ð¤ÎURL¤ÇIP¥¢¥É¥ì¥¹¤Ç¤â²Ä)¡Ê½ÅÍסË
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë


¢¨ËÜÍè¤Î´Ä¶­¤Ç¤Ï¡¢Ç§¾Ú¶É¤«¤é¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤ò¼èÆÀ¤·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¡¢³Îǧºî¶ÈÍѤȤ·¤Æ¤Ç¤¹¡£
¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤Îȯ¹Ô
server.key¤Èserver.csr¤¬¤Ç¤­¤Æ¤¤¤ë¤³¤ò³Îǧ¤·¤Þ¤¹¡£
ls -a

openssl x509 -in server.csr -days 365 -req -signkey server.key > server.crt


ºî¶È¥Ç¥£¥ì¥¯¥È¥ê¤ò°Üư¤·¤Þ¤¹¡£
cd /etc/apache2/sites-available


openssl.cnf¤ÎÀßÄê¤òÊѹ¹¤·¤Þ¤¹¡£­¡
vi /etc/ssl/openssl.cnf

[usr_cert]¥»¥¯¥·¥ç¥ó¤Ë°Ê²¼¤òÄɲÃ
nsCertType = server


openssl.cnf¤ÎÀßÄê¤òÊѹ¹¤·¤Þ¤¹¡£­¢
[v3_Ca]¥»¥¯¥·¥ç¥ó¤Ë°Ê²¼¤òÄɲÃ
nsCertType=sslCA, emailCA

¢¨# CA¤Ç¾ÚÌÀ½ñȯ¹Ô¤ò¤¹¤ë¤È¤­¤ÎRFC2459¤Ë´ð¤Å¤¯X.509 v3³ÈÄ¥¹àÌÜ¡£Netscape¤ÎCertType¤ònsCertType¤Çɽ¤¹¡£
¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Î³ÈÄ¥¤Ïv3_ca¤ò»²¾È¤¹¤ë¡£NetscapeÍѤÎÀßÄê¡£


ÀßÄê¥Õ¥¡¥¤¥ë¤ò¥í¡¼¥«¥ë¥Ç¥£¥ì¥¯¥È¥ê¤Ë¥³¥Ô¡¼¤·¤Þ¤¹¡£
cp /usr/share/doc/apache2.2-common/examples/apache2/extra/httpd-ssl.conf.gz ¡¥(¢«"¡¥"¤ò˺¤ì¤º¤Ë!!)

°µ½Ì¥Õ¥¡¥¤¥ë¤ò²òÅष¤Þ¤¹¡£
gzip d ./httpd-ssl.conf.gz

²òÅव¤ì¤Æ¤¤¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£
ls -a
[httpd-ssl.conf]¤¬¤¢¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£


¥·¥ó¥Ü¥ê¥Ã¥¯¥ê¥ó¥¯¤ÎºîÀ®
ln -s /etc/apache2/sites-available/httpd-ssl.conf /etc/apache2/sites-enabled/httpd-ssl.conf
¤ò¼Â¹Ô¤·¤Þ¤¹¡£

¢¨/etc/apache2/sites-enabled/
»ÈÍѤ¹¤ë¥µ¥¤¥ÈÄêµÁ¥Õ¥¡¥¤¥ë¤Ø¤Î¥ê¥ó¥¯¥Õ¥¡¥¤¥ë¤¬ÃÖ¤«¤ì¤ë¥Ç¥£¥ì¥¯¥È¥ê


¾ÚÌÀ½ñ¤ò»ØÄê¤Î¾ì½ê¤Ø¤Î¥³¥Ô¡¼¤·¤Þ¤¹¡£
mkdir /etc/apache2/ssl
cp /tmp/server* /etc/apache2/ssl/
¢¨/etc/apache/ssl¥Õ¥©¥ë¥À¤Ï¤Ê¤¤¤Î¤Ç¡¢ºîÀ®¤·¤Þ¤¹¡£

¼Â¹Ô·ë²Ì¤ò³Îǧ¤·¤Þ¤¹¡£
ls -a /etc/apache2/ssl/
¤ò¼Â¹Ô¤·¡¢°Ê²¼¤Î¥Õ¥¡¥¤¥ë¤¬¤¢¤ë¤³¤È³Îǧ¤·¤Þ¤¹¡£
[server.crt][server.csr][server.key]


https¤ÇÀܳ¤¹¤ë¥µ¥¤¥È¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£­¡
vi httpd-ssl.conf


https¤ÇÀܳ¤¹¤ë¥µ¥¤¥È¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£­¢
Listen 443¤ò¥³¥á¥ó¥È¥³¥á¥ó¥È¥¢¥¦¥È¤·¤Þ¤¹¡£
¢­
¡ôListen 443


https¤ÇÀܳ¤¹¤ë¥µ¥¤¥È¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£­£
<VirtualHost _default¡§443>¤ÎÍó¤òÊѹ¹¤·¤Þ¤¹¡£
¢­
NameVirtualHost *¡§443
<VirtualHost *¡§443>
DocumnetRoot /usr/share/apache2/default-site/htdocs
ServerName ¥µ¡¼¥Ð¤ÎIP¥¢¥É¥ì¥¹¡§443¡Ê¤Þ¤¿¤Ï¡¢ssl¾ÚÌÀ½ñ¤Î¥³¥â¥ó¥Í¡¼¥à¤ò¤¤¤ì¤ë¡Ë
#ServerAdmin ¤Î¹Ô¤ò¥³¥á¥ó¥È¥¢¥¦¥È
ErrorLog /var/log/apache2/error¡¥log (error¡¥log¤Ë¤¹¤ë)
TransferLog /var/log/apache2/access¡¥log (access¡¥log¤Ë¤¹¤ë)

¢¨¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢htdocs¥Õ¥©¥ë¥À¤Ï¤Ê¤¤¤Î¤Ç¡¢¥Õ¥©¥ë¥À¤òºîÀ®¤·¤Þ¤¹¡£
¤Þ¤¿htdocs¥Õ¥©¥ë¥À¤ÎÃæ¤ËŬÅö¤ÊhttpsÀܳÍѤÎindex.html¥Õ¥¡¥¤¥ë¤òÃÖ¤¤¤Æ¤¤¤Þ¤¹¡£


https¤ÇÀܳ¤¹¤ë¥µ¥¤¥È¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£­¤
¥µ¡¼¥Ð¾ÚÌÀ½ñ¤òÇÛÃÖ¤·¤¿¾ì½ê¤Î¥Ñ¥¹¤È¡¢ÈëÌ©¸°¤òÇÛÃÖ¤·¤¿¾ì½ê¤Î¥Ñ¥¹¤ò»ØÄꤷ¤Þ¤¹¡£
[SSLCertificateFile]¢ª/etc/apache2/ssl/server.crt (¥µ¡¼¥Ð¾ÚÌÀ½ñ¤òÇÛÃÖ¤·¤¿¥Ñ¥¹¤Çssl¥Õ¥©¥ë¥À¤¬¥Ñ¥¹¤ËÆþ¤ë¤Î¤ÇÃí°Õ)

[SSLCertificateKeyFle]¢ª/etc/apache2/ssl/server.key (ÈëÌ©¸°¤òÇÛÃÖ¤·¤¿¥Ñ¥¹¤Çssl¥Õ¥©¥ë¥À¤¬¥Ñ¥¹¤ËÆþ¤ë¤Î¤ÇÃí°Õ)


apache¤òºÆµ¯Æ°¤·¤Þ¤¹¡£
/etc/init.d/apache2 stop
/etc/init.d/apache2 start


¥¦¥§¥Ö¥Ö¥é¥¦¥¶(IE¤Ê¤É)¤«¤é¡¢
https://¼«Ê¬¤ÎIP¥¢¥É¥ì¥¹/
¤ò¼Â¹Ô¤·¤Þ¤¹¡£


[OK]¤ò¥¯¥ê¥Ã¥¯¤·¤Þ¤¹¡£


[¤Ï¤¤]¤ò¥¯¥ê¥Ã¥¯¤·¤Þ¤¹¡£


httpsÍѤÎÀܳ¥Ú¡¼¥¸¤¬É½¼¨¤µ¤ì¡¢±¦²¼¤Ë¸°¤Î¥Þ¡¼¥¯¤¬³Îǧ¤Ç¤­¤Þ¤¹¡£




²¡¤·Äº¤±¤ë¤È¤¢¤ê¤¬¤¿¤¤
ιÀè¤Ç¤Î¥Ñ¥ó¥¯Âбþ¤Ë
¤¢¤È¤ª¿å¤Ï¤¤¤«¤¬¤Ç¤¹¤«
XOOPS Cube PROJECT