Openssl¤Î¥¤¥ó¥¹¥È¡¼¥ë
apache¤ÇhttpsÀܳ¤Ç¤¤ë¤è¤¦¤Ë¤·¤Þ¤¹¡£
Openssl¥Ñ¥Ã¥±¡¼¥¸¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
apt-get install openssl
openssl version
¤ÈÆþÎϤ·¡¢OpenSSL¤Î¥Ð¡¼¥¸¥ç¥ó¤¬É½¼¨¤µ¤ì¤ì¤Ð¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
mod_ssl¤ò͸ú¤Ë¤·¤Þ¤¹¡£
a2enmod ssl
ÀßÄê¤òÈ¿±Ç¤¹¤ë¤¿¤á¡¢
/etc/init¡Çd/apache2 force-reload
ºî¶È¥Ç¥£¥ì¥¯¥È¥ê¤ò°Üư¤·¡¢ÈëÌ©¸°¤òºîÀ®¤·¤Þ¤¹¡£
cd /tmp
openssl genrsa -des 1024 > server.key
Enter Pass phrase:¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Þ¤¹¡£
Verifying Enter Pass Phrase:Àè¤Û¤É¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òºÆ¤ÓÆþÎϤ·¤Þ¤¹¡£
[¥ª¥×¥·¥ç¥ó]
genrsa¡§ºîÀ®¤¹¤ë¸°¤ò»ØÄꤹ¤ë¥ª¥×¥·¥ç¥ó¤Ç¡¢RSA¤È¤¤¤¦¥¿¥¤¥×¤Î¸°¤òºîÀ®¤¹¤ë¡£
-des¡§¤É¤Î¸°ºîÀ®¤Î¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ¹¤ë¤«»ØÄꤹ¤ë¥ª¥×¥·¥ç¥ó¤Ç¡¢DES3¤È¤¤¤¦¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ·¤ÆºîÀ®¤¹¤ë¡£
1024¡§¸°¤ÎŤµ¤ò»ØÄꤹ¤ë¡£(1024¥Ó¥Ã¥È)
ÈëÌ©¸°¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òºï½ü¤·¤Þ¤¹¡£
openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:Àè¤Û¤ÉÀßÄꤷ¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Þ¤¹¡£
[¥ª¥×¥·¥ç¥ó]
rsa¡§ºîÀ®¤¹¤ë¸°¤Î¼ïÎà¤ò»ØÄꤷ¤Þ¤¹¡£º£²ó¤Ï¡¢RSA¸°¤Ç¤¹¤Î¤Çrsa¤ò»ØÄꤹ¤ë¡£
-in¡§°Å¹æ²½¤µ¤ì¤¿¸°¤ò»ØÄꤹ¤ë¥ª¥×¥·¥ç¥ó¤Ç¤¹¡£°Å¹æ²½¤·¤ÆºîÀ®¤·¤¿server.key¤ò»ØÄꤷ¤Æ¤¤¤Þ¤¹¡£
-out¡§½ÐÎϤ¹¤ë¾ÚÌÀ½ñ¤Î¥Õ¥¡¥¤¥ë̾¤ò»ØÄꤹ¤ë¥ª¥×¥·¥ç¥ó¤Ç¤¹¡£°Å¹æ²½¤·¤Æ¤¤¤¿server.key¤È¤¤¤¦Ì¾Á°¤ÇÊݸ¤·¤Æ¤âOK¡£
¸ø³«¸°¡ÊCSR¥Õ¥¡¥¤¥ë¡Ë¤òºîÀ®¤·¤Þ¤¹¡£
openssl req -new -key server.key -out server.csr
ÆþÎϤ¹¤ë¤³¤È¤Ï¡¢¾å¤«¤é
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
(Ǥ°Õ)
www.¥³¥â¥ó¥Í¡¼¥à.net(¥³¥â¥ó¥Í¡¼¥à¤Ï¡¢¥µ¡¼¥Ð¤ÎURL¤ÇIP¥¢¥É¥ì¥¹¤Ç¤â²Ä)¡Ê½ÅÍסË
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
¡ÊǤ°Õ¡Ë
¢¨ËÜÍè¤Î´Ä¶¤Ç¤Ï¡¢Ç§¾Ú¶É¤«¤é¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤ò¼èÆÀ¤·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¡¢³Îǧºî¶ÈÍѤȤ·¤Æ¤Ç¤¹¡£
¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤Îȯ¹Ô
server.key¤Èserver.csr¤¬¤Ç¤¤Æ¤¤¤ë¤³¤ò³Îǧ¤·¤Þ¤¹¡£
ls -a
openssl x509 -in server.csr -days 365 -req -signkey server.key > server.crt
ºî¶È¥Ç¥£¥ì¥¯¥È¥ê¤ò°Üư¤·¤Þ¤¹¡£
cd /etc/apache2/sites-available
openssl.cnf¤ÎÀßÄê¤òÊѹ¹¤·¤Þ¤¹¡£¡
vi /etc/ssl/openssl.cnf
[usr_cert]¥»¥¯¥·¥ç¥ó¤Ë°Ê²¼¤òÄɲÃ
nsCertType = server
openssl.cnf¤ÎÀßÄê¤òÊѹ¹¤·¤Þ¤¹¡£¢
[v3_Ca]¥»¥¯¥·¥ç¥ó¤Ë°Ê²¼¤òÄɲÃ
nsCertType=sslCA, emailCA
¢¨# CA¤Ç¾ÚÌÀ½ñȯ¹Ô¤ò¤¹¤ë¤È¤¤ÎRFC2459¤Ë´ð¤Å¤¯X.509 v3³ÈÄ¥¹àÌÜ¡£Netscape¤ÎCertType¤ònsCertType¤Çɽ¤¹¡£
¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Î³ÈÄ¥¤Ïv3_ca¤ò»²¾È¤¹¤ë¡£NetscapeÍѤÎÀßÄê¡£
ÀßÄê¥Õ¥¡¥¤¥ë¤ò¥í¡¼¥«¥ë¥Ç¥£¥ì¥¯¥È¥ê¤Ë¥³¥Ô¡¼¤·¤Þ¤¹¡£
cp /usr/share/doc/apache2.2-common/examples/apache2/extra/httpd-ssl.conf.gz ¡¥(¢«"¡¥"¤ò˺¤ì¤º¤Ë!!)
°µ½Ì¥Õ¥¡¥¤¥ë¤ò²òÅष¤Þ¤¹¡£
gzip d ./httpd-ssl.conf.gz
²òÅव¤ì¤Æ¤¤¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£
ls -a
[httpd-ssl.conf]¤¬¤¢¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£
¥·¥ó¥Ü¥ê¥Ã¥¯¥ê¥ó¥¯¤ÎºîÀ®
ln -s /etc/apache2/sites-available/httpd-ssl.conf /etc/apache2/sites-enabled/httpd-ssl.conf
¤ò¼Â¹Ô¤·¤Þ¤¹¡£
¢¨/etc/apache2/sites-enabled/
»ÈÍѤ¹¤ë¥µ¥¤¥ÈÄêµÁ¥Õ¥¡¥¤¥ë¤Ø¤Î¥ê¥ó¥¯¥Õ¥¡¥¤¥ë¤¬ÃÖ¤«¤ì¤ë¥Ç¥£¥ì¥¯¥È¥ê
¾ÚÌÀ½ñ¤ò»ØÄê¤Î¾ì½ê¤Ø¤Î¥³¥Ô¡¼¤·¤Þ¤¹¡£
mkdir /etc/apache2/ssl
cp /tmp/server* /etc/apache2/ssl/
¢¨/etc/apache/ssl¥Õ¥©¥ë¥À¤Ï¤Ê¤¤¤Î¤Ç¡¢ºîÀ®¤·¤Þ¤¹¡£
¼Â¹Ô·ë²Ì¤ò³Îǧ¤·¤Þ¤¹¡£
ls -a /etc/apache2/ssl/
¤ò¼Â¹Ô¤·¡¢°Ê²¼¤Î¥Õ¥¡¥¤¥ë¤¬¤¢¤ë¤³¤È³Îǧ¤·¤Þ¤¹¡£
[server.crt][server.csr][server.key]
https¤ÇÀܳ¤¹¤ë¥µ¥¤¥È¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£¡
vi httpd-ssl.conf
https¤ÇÀܳ¤¹¤ë¥µ¥¤¥È¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£¢
Listen 443¤ò¥³¥á¥ó¥È¥³¥á¥ó¥È¥¢¥¦¥È¤·¤Þ¤¹¡£
¢
¡ôListen 443
https¤ÇÀܳ¤¹¤ë¥µ¥¤¥È¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡££
<VirtualHost _default¡§443>¤ÎÍó¤òÊѹ¹¤·¤Þ¤¹¡£
¢
NameVirtualHost *¡§443
<VirtualHost *¡§443>
DocumnetRoot /usr/share/apache2/default-site/htdocs
ServerName ¥µ¡¼¥Ð¤ÎIP¥¢¥É¥ì¥¹¡§443¡Ê¤Þ¤¿¤Ï¡¢ssl¾ÚÌÀ½ñ¤Î¥³¥â¥ó¥Í¡¼¥à¤ò¤¤¤ì¤ë¡Ë
#ServerAdmin ¤Î¹Ô¤ò¥³¥á¥ó¥È¥¢¥¦¥È
ErrorLog /var/log/apache2/error¡¥log (error¡¥log¤Ë¤¹¤ë)
TransferLog /var/log/apache2/access¡¥log (access¡¥log¤Ë¤¹¤ë)
¢¨¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢htdocs¥Õ¥©¥ë¥À¤Ï¤Ê¤¤¤Î¤Ç¡¢¥Õ¥©¥ë¥À¤òºîÀ®¤·¤Þ¤¹¡£
¤Þ¤¿htdocs¥Õ¥©¥ë¥À¤ÎÃæ¤ËŬÅö¤ÊhttpsÀܳÍѤÎindex.html¥Õ¥¡¥¤¥ë¤òÃÖ¤¤¤Æ¤¤¤Þ¤¹¡£
https¤ÇÀܳ¤¹¤ë¥µ¥¤¥È¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£¤
¥µ¡¼¥Ð¾ÚÌÀ½ñ¤òÇÛÃÖ¤·¤¿¾ì½ê¤Î¥Ñ¥¹¤È¡¢ÈëÌ©¸°¤òÇÛÃÖ¤·¤¿¾ì½ê¤Î¥Ñ¥¹¤ò»ØÄꤷ¤Þ¤¹¡£
[SSLCertificateFile]¢ª/etc/apache2/ssl/server.crt (¥µ¡¼¥Ð¾ÚÌÀ½ñ¤òÇÛÃÖ¤·¤¿¥Ñ¥¹¤Çssl¥Õ¥©¥ë¥À¤¬¥Ñ¥¹¤ËÆþ¤ë¤Î¤ÇÃí°Õ)
[SSLCertificateKeyFle]¢ª/etc/apache2/ssl/server.key (ÈëÌ©¸°¤òÇÛÃÖ¤·¤¿¥Ñ¥¹¤Çssl¥Õ¥©¥ë¥À¤¬¥Ñ¥¹¤ËÆþ¤ë¤Î¤ÇÃí°Õ)
apache¤òºÆµ¯Æ°¤·¤Þ¤¹¡£
/etc/init.d/apache2 stop
/etc/init.d/apache2 start
¥¦¥§¥Ö¥Ö¥é¥¦¥¶(IE¤Ê¤É)¤«¤é¡¢
https://¼«Ê¬¤ÎIP¥¢¥É¥ì¥¹/
¤ò¼Â¹Ô¤·¤Þ¤¹¡£
[OK]¤ò¥¯¥ê¥Ã¥¯¤·¤Þ¤¹¡£
[¤Ï¤¤]¤ò¥¯¥ê¥Ã¥¯¤·¤Þ¤¹¡£
httpsÍѤÎÀܳ¥Ú¡¼¥¸¤¬É½¼¨¤µ¤ì¡¢±¦²¼¤Ë¸°¤Î¥Þ¡¼¥¯¤¬³Îǧ¤Ç¤¤Þ¤¹¡£