¤Ï¤¸¤á¤Ë†
CACert†
WebÍѾÚÌÀ½ñ†
¥Ç¥£¥ì¥¯¥È¥ê¤Î½àÈ÷†
¥¡¼¤òÃÖ¤¯¤¿¤á¤Î¥Ç¥£¥ì¥¯¥È¥ê¤òÍÑ°Õ¤·¤Þ¤¹¡£
# mkdir /usr/local/certs/local.domain/ssl.key/ # mkdir /usr/local/certs/local.domain/ssl.crt/ # chmod 700 /usr/local/certs/local.domain/ # cd /usr/local/certs/local.domain/
¸°¤Î½àÈ÷†
ÈëÌ©¸°†
# openssl genrsa -rand /var/log/messages -des3 -out ./ssl.key/server.key 1024
¤³¤³¤Ç¤Ï¡¢¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬µá¤á¤é¤ì¤Þ¤¹¡£
¾ÚÌÀ½ñ¿½ÀÁ¥Ç¡¼¥¿(CSR)†
# openssl req -new -key ./ssl.key/server.key -out ./ssl.key/server.csr
¤³¤³¤Ç¤Ï¡¢ÁÈ¿¥¤Î¾ðÊó¤òÆþÎϤ·¤Þ¤¹¡£
- Country Name (2 letter code) [AU]:
¹ñ̾¤Ç¤¹¡£ÆüËܤʤéJP¡£ - State or Province Name (full name) [Some-State]:
¸©¡¦½£Ì¾¤Ç¤¹¡£Ibaraki - Locality Name (eg, city) []:
ÅÔ»Ô̾¤Ç¤¹¡£Tsukuba - Organization Name (eg, company) [Internet Widgits Pty Ltd]:
ÁÈ¿¥Ì¾¤Ç¤¹¡£ - Organizational Unit Name (eg, section) []:
ÁÈ¿¥Æâ¤ÎÉô½ð̾¤Ç¤¹¡£Admin - Common Name (eg, YOUR name) []:
¥µ¡¼¥Ð̾¤òFQDN¤Ç»ØÄꤷ¤Þ¤¹¡£local.domain¡Ê¤³¤Î̾Á°¤È¥µ¡¼¥Ð̾¤¬°ìÃפ·¤Ê¤¤¤È¡¢¥Ö¥é¥¦¥¶¤ä¥á¡¼¥é¤Ç¥¨¥é¡¼¤¬½Ð¤Þ¤¹¡Ë - Email Address []:
´ÉÍý¼Ô¤Î¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ç¤¹¡£
¶õÍó¤Î¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤ÎÃͤ¬ÂåÆþ¤µ¤ì¤Þ¤¹
ºÇ¸å¤Ë¡¢Àè¤Û¤É»ØÄꤷ¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬µá¤á¤é¤ì¤Þ¤¹¡£
¥µ¡¼¥Ð¾ÚÌÀ½ñ¤Î¿½ÀÁ¤È¼èÆÀ†
# cat ./ssl.key/server.csr
¥Õ¥¡¥¤¥ë¤ÎÆâÍƤòɽ¼¨¤·¡¢¥³¥Ô¡¼¤·¤Þ¤¹¡£
¼¡¤Ë¡¢¥³¥Ô¡¼¤·¤¿ÆâÍƤò¡¢²¼¤ËCSR¤ò¥Ú¡¼¥¹¥È¤·¤Æ¤¯¤À¤µ¤¤¡£²¼Éô¤Î¥Æ¥¥¹¥È¥Ü¥Ã¥¯¥¹¤ËŽ¤êÉÕ¤±¡¢Submit¤·¤Þ¤¹¡£
¤·¤Ð¤é¤¯¤¹¤ë¤È¡¢°Ê²¼¤ÎÍͤËɽ¼¨¤µ¤ì¡¢¾ÚÌÀ½ñ¤¬ÍÑ°Õ¤µ¤ì¤Þ¤¹¡£
ºÇ¸å¤Ë¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñÆâÍƤò¡¢¥Õ¥¡¥¤¥ë¤ËÍî¤È¤·¤Þ¤¹¡£
-----BEGIN CERTIFICATE-----¤«¤é-----END CERTIFICATE-----¤Þ¤Ç¤ÎÆâÍƤò¤¹¤Ù¤Æ¥³¥Ô¡¼¤·¤Æ¡¢¥¨¥Ç¥£¥¿Åù¤ËŽ¤êÉÕ¤±¤Þ¤¹¡£
# emacs ./ssl.crt/server.crt
¥Ñ¥¹¥Õ¥ì¡¼¥º¤Î¾Êά†
# mv ./ssl.key/server.key ./ssl.key/server.key.org # openssl rsa -in ./ssl.key/server.key.org -out ./ssl.key/server.key
httpd.conf¤Î½¤Àµ†
# emacs /etc/httpd/conf/httpd.conf
½¤ÀµÅÀ
# diff httpd.conf httpd.conf.org 1088c1088 < SSLCertificateFile /usr/local/certs/local.domain/ssl.crt/server.crt --- > SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt 1096c1096 < SSLCertificateKeyFile /usr/local/certs/local.domain/ssl.key/server.key --- > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
¥á¡¼¥ëÍѾÚÌÀ½ñ¤ÎÀ¸À®†
# cd /usr/local/certs/local.domain/ # (cat ./ssl.crt/server.crt ; cat ./ssl.key/server.key) > mail.pem
courier-imapÀßÄê¥Õ¥¡¥¤¥ë¤Î½¤Àµ†
# emacs /usr/lib/courier-imap/etc/imapd-ssl
½¤ÀµÅÀ
# diff imapd-ssl imapd-ssl.dist 149,150c149 < TLS_CERTFILE=/usr/local/certs/local.domain/mail.pem < #TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem --- > TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem
¤½¤Î¤¢¤È¡¢copurier-imap¤òºÆµ¯Æ°¤·¤Þ¤¹¡£
# /sbin/service courier-imap restart
Ãí°Õ†
mail.pem¥Õ¥¡¥¤¥ë¤ÎÆâÍƤϡ¢¾ÚÌÀ½ñ¤ÎÉôʬ¡¢¸°¤ÎÉôʬ¡¢¥Õ¥¡¥¤¥ë¤ÎºÇ¸åÈø¤½¤ì¤¾¤ì¤Î¶èÀÚ¤ê¤Ë²þ¹Ô¤òÆþ¤ì¤Æ²¼¤µ¤¤¡£
courier-imap¤òµ¯Æ°¤·¤¿ºÝ¤Ë¡¢/var/log/maillog¤Ë¡¢...:PEM_read_bio:bad end line¤È¸À¤¦¥¨¥é¡¼¤¬½Ð¤Æ¡¢sslÈǤÎimap¡¢pop¤Îµ¯Æ°¤Ë¼ºÇÔ¤·¤Þ¤¹¡£¡Ê¤·¤«¤â¡¢/sbin/service courier-imap restart¤Ç¤Ï¡¢¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ë¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤Þ¤»¤ó¤Î¤ÇÌñ²ð¤Ç¤¹¡Ë
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----[²þ¹Ô] -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----[²þ¹Ô] [²þ¹Ô]
»²¹Í†
http://www.fkimura.com/apache13.html
http://www.aconus.com/~oyaji/www/certs_linux.htm
server_new_2.png
server_new_1.png
