2005-03 / 2005-03-25

前のエントリ: Fedora に rsh,rcp,rlogin インストール [fedora]
次のエントリ: apache-php インストール [Apache]

apache + mod-ssl インストール
2005-03-25-1 / カテゴリ: [linux][debian][Apache][SSL] / [permlink]

http://lists.debian.or.jp/debian-users/200112/msg00163.html
# apt-get install apache
(略)
# apt-get install libapache-mod-ssl
(debconfはなし)
・テスト用証明書の作成
# mod-ssl-makecert
/etc/apache/ssl.crt/server.crt: already present
/etc/apache/ssl.csr/server.csr: already present
/etc/apache/ssl.key/server.key: already present

Do you really want to overwrite the existing certificate ? [y/N]:  <- y

What type of certificate do you want to create ?

1. dummy    (dummy self-signed Snake Oil cert)
2. test     (test cert signed by Snake Oil CA)
3. custom   (custom cert signed by own CA)
4. existing (existing cert)
:
> 2 (外用なら3ぽい)

STEP 2 Generating X.509 certificate signing request [server.csr]
1. Country Name             (2 letter code) [XY]:JP
2. State or Province Name   (full name)     [Snake Desert]:Kanagawa
3. Locality Name            (eg, city)      [Snake Town]:Yokohama
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:home
5. Organizational Unit Name (eg, section)   [Webserver Team]:Administrator
6. Common Name              (eg, FQDN)      [www.snakeoil.dom]:localhost
7. Email Address            (eg, name@FQDN) [www@snakeoil.dom]:webmaster@localhost
8. Certificate Validity     (days)          [365]:

STEP 3 Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:

STEP 4: Enrypting RSA private key with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]:      <- n

RESULT: Server Certification Files

o  conf/ssl.key/server.key
   The PEM-encoded RSA private key file which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/server.crt
   The PEM-encoded X.509 certificate file which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

o  conf/ssl.csr/server.csr
   The PEM-encoded X.509 certificate signing request file which
   you can send to an official Certificate Authority (CA) in order
   to request a real server certificate (signed by this CA instead
   of our demonstration-only Snake Oil CA) which later can replace
   the conf/ssl.crt/server.crt file.

httpd.conf の設定
sarge なら、/usr/share/doc/libapache-mod-ssl/ に mod-ssl.conf,
vhost.conf.gz として設定ファイル例があるが、woody はない…
<IfModule mod_ssl.c>
  〜


<VirtualHost>
〜
を追加
Referrer (Inside): [2005-08-28-1] [2005-08-09-1]
[ コメント ]
前のエントリ: Fedora に rsh,rcp,rlogin インストール [fedora]
次のエントリ: apache-php インストール [Apache]

2013 : 01 02 03 04 05 06 07 08 09 10 11 12
2012 : 01 02 03 04 05 06 07 08 09 10 11 12
2011 : 01 02 03 04 05 06 07 08 09 10 11 12
2010 : 01 02 03 04 05 06 07 08 09 10 11 12
2009 : 01 02 03 04 05 06 07 08 09 10 11 12
2008 : 01 02 03 04 05 06 07 08 09 10 11 12
2007 : 01 02 03 04 05 06 07 08 09 10 11 12
2006 : 01 02 03 04 05 06 07 08 09 10 11 12
2005 : 01 02 03 04 05 06 07 08 09 10 11 12
2004 : 01 02 03 04 05 06 07 08 09 10 11 12

最終更新時間: 2013-05-02 16:12