Apache+SSLで暗号化
6 12 月 2007Apache+mod_SSLでHTTP通信暗号化
# yum -y install mod_ssl
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
Excluding Packages in global exclude list
Finished
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.i386 1:2.2.6-3 set to be updated
--> Processing Dependency: libdistcache.so.1 for package: mod_ssl
--> Processing Dependency: libnal.so.1 for package: mod_ssl
--> Running transaction check
---> Package distcache.i386 0:1.4.5-15 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
mod_ssl i386 1:2.2.6-3 fedora 85 k
Installing for dependencies:
distcache i386 1.4.5-15 fedora 121 k
Transaction Summary
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 206 k
Downloading Packages:
(1/2): mod_ssl-2.2.6-3.i3 100% |=========================| 85 kB 00:00
(2/2): distcache-1.4.5-15 100% |=========================| 121 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: distcache ######################### [1/2]
Installing: mod_ssl ######################### [2/2]
Installed: mod_ssl.i386 1:2.2.6-3
Dependency Installed: distcache.i386 0:1.4.5-15
Complete!
|
サーバー用の秘密鍵と公開鍵を作成する
# cd /etc/pki/tls/certs 秘密鍵を作成する。 [root@ns certs]# make server.key umask 77 ; \ /usr/bin/openssl genrsa -des3 1024 > server.key Generating RSA private key, 1024 bit long modulus ............................++++++ .....++++++ e is 65537 (0x10001) Enter pass phrase: ← 任意のパスワードを入力 Verifying - Enter pass phrase: ← 同上 秘密鍵からパスワードを削除する。 [root@ns certs]# openssl rsa -in server.key -out server.key Enter pass phrase for server.key: ← 任意のパスワードを入力 writing RSA key [root@ns certs]# make server.csr umask 77 ; \ /usr/bin/openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:JP ← 国名を入力 State or Province Name (full name) [Berkshire]:Osaka ← 県名を入力 Locality Name (eg, city) [Newbury]:Naniwa-ku ← 市町村を入力 Organization Name (eg, company) [My Company Ltd]:fedora.hoshu.net ← 社名を入力(何でもいい) Organizational Unit Name (eg, section) []: ← 空Enter Common Name (eg, your name or your server's hostname) []:fedora.hoshu.net ← ホスト名を入力 Email Address []:webmaster@fedora.hoshu.net ← 管理者のメールアドレスを入力 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: ← 空Enter An optional company name []: ← 空Enter |
サーバー用の証明書を作成して、SSLの設定をする
サーバー用の証明書を作成 [root@ns certs]# openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 365 Signature ok subject=/C=JP/ST=Osaka/L=Naniwa-ku/O=fedora.hoshu.net/CN=fedora.hoshu.net/emailAddress=webmaster@fedora.hoshu.net Getting Private key 証明書等のパーミッションを変更する [root@ns certs]# chmod 400 server.* HOMEディレクトリに戻る [root@ns certs]# cd SSLの設定ファイルを編集 # vi /etc/httpd/conf.d/ssl.conf #DocumentRoot "/var/www/html" ← 84行目前後#を削除(コメント解除) ↓ DocumentRoot "/var/www/html" SSLCertificateFile /etc/pki/tls/certs/server.pem ← 112行目前後を変更 SSLCertificateKeyFile /etc/pki/tls/certs/server.key ← 119行目前後を変更 Apacheを再起動 # /etc/rc.d/init.d/httpd restart httpd を停止中: [ OK ] httpd を起動中: [ OK ] |
以上で終わりです。
ルーター側でポートの443をあけてあげる。
ブラウザで「https://サーバーアドレス/」にアクセスしてみる。
No comments yet