YANO's digital garage

Copyright ©YANO All rights reserved. https://www.bravotouring.com/~yano/

Last-modified: 2024-04-17 (水)


apacheとSSLとオレ / 2005-01-15 (土)

そういえば /etc/httpd/conf/httpd.confSSLのセクションが無い…と途方に暮れていたところ、/etc/httpd/conf.d/に ssl.conf を発見。DocumentRootとServerNameを書換えてrestart。アクセスしてみると「"localhost.localdomain"の証明書は信頼できない」と怒られた....


[root@nx9030 root]# cd /etc/httpd/conf/
[root@nx9030 conf]# ### 1. サーバー秘密鍵 server.keyの生成 ###
[root@nx9030 conf]# make genkey
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > /etc/httpd/conf/ssl.key/server.key
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Enter pass phrase:************(パスフレーズ)
Verifying - Enter pass phrase:************(パスフレーズ)
[root@nx9030 conf]# ### 2. サーバー証明書 server.crtの生成 ###
[root@nx9030 conf]# make testcert
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Enter pass phrase for /etc/httpd/conf/ssl.key/server.key:************(パスフレーズ)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:JP
State or Province Name (full name) [Berkshire]:Fukuoka
Locality Name (eg, city) [Newbury]:Fukuoka
Organization Name (eg, company) [My Company Ltd]:bravotouring.com
Organizational Unit Name (eg, section) []:authorization
Common Name (eg, your name or your server's hostname) []:www.bravotouring.com
Email Address []:webmaster@bravotouring.com
[root@nx9030 conf]# ### 3. apache起動時に止まらないよう秘密鍵からパスフレーズを削除 ###
[root@nx9030 conf]# /usr/bin/openssl rsa -in ssl.key/server.key -out ssl.key/server.key
Enter pass phrase for server.key:************(パスフレーズ)
writing RSA key
[root@nx9030 conf]# ### 終了 ###

ここでサーバー証明書の"Common Name"がサーバーのFQDNにマッチしていないとブラウザに警告が現れる事になるので要注意。今回作成したサーバー証明書のフィンガープリント(SHA1)は

611D 0786 7974 5DB3 CF73 B98E C521 BA36 0797 1AFB


