¥¡¼¤òÃÖ¤¯¤¿¤á¤Î¥Ç¥£¥ì¥¯¥È¥ê¤òÍÑ°Õ¤·¤Þ¤¹¡£
# mkdir /usr/local/certs/local.domain/ssl.key/ # mkdir /usr/local/certs/local.domain/ssl.crt/ # chmod 700 /usr/local/certs/local.domain/ # cd /usr/local/certs/local.domain/
# openssl genrsa -rand /var/log/messages -des3 -out ./ssl.key/server.key 1024
¤³¤³¤Ç¤Ï¡¢¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬µá¤á¤é¤ì¤Þ¤¹¡£
# openssl req -new -key ./ssl.key/server.key -out ./ssl.key/server.csr
¤³¤³¤Ç¤Ï¡¢ÁÈ¿¥¤Î¾ðÊó¤òÆþÎϤ·¤Þ¤¹¡£
¶õÍó¤Î¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤ÎÃͤ¬ÂåÆþ¤µ¤ì¤Þ¤¹
ºÇ¸å¤Ë¡¢Àè¤Û¤É»ØÄꤷ¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬µá¤á¤é¤ì¤Þ¤¹¡£
# cat ./ssl.key/server.csr
¥Õ¥¡¥¤¥ë¤ÎÆâÍƤòɽ¼¨¤·¡¢¥³¥Ô¡¼¤·¤Þ¤¹¡£
¼¡¤Ë¡¢¥³¥Ô¡¼¤·¤¿ÆâÍƤò¡¢²¼¤ËCSR¤ò¥Ú¡¼¥¹¥È¤·¤Æ¤¯¤À¤µ¤¤¡£²¼Éô¤Î¥Æ¥¥¹¥È¥Ü¥Ã¥¯¥¹¤ËŽ¤êÉÕ¤±¡¢Submit¤·¤Þ¤¹¡£
¤·¤Ð¤é¤¯¤¹¤ë¤È¡¢°Ê²¼¤ÎÍͤËɽ¼¨¤µ¤ì¡¢¾ÚÌÀ½ñ¤¬ÍÑ°Õ¤µ¤ì¤Þ¤¹¡£
ºÇ¸å¤Ë¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñÆâÍƤò¡¢¥Õ¥¡¥¤¥ë¤ËÍî¤È¤·¤Þ¤¹¡£
-----BEGIN CERTIFICATE-----¤«¤é-----END CERTIFICATE-----¤Þ¤Ç¤ÎÆâÍƤò¤¹¤Ù¤Æ¥³¥Ô¡¼¤·¤Æ¡¢¥¨¥Ç¥£¥¿Åù¤ËŽ¤êÉÕ¤±¤Þ¤¹¡£
# emacs ./ssl.crt/server.crt
# mv ./ssl.key/server.key ./ssl.key/server.key.org # openssl rsa -in ./ssl.key/server.key.org -out ./ssl.key/server.key
# emacs /etc/httpd/conf/httpd.conf
½¤ÀµÅÀ
# diff httpd.conf httpd.conf.org 1088c1088 < SSLCertificateFile /usr/local/certs/local.domain/ssl.crt/server.crt --- > SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt 1096c1096 < SSLCertificateKeyFile /usr/local/certs/local.domain/ssl.key/server.key --- > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
# cd /usr/local/certs/local.domain/ # (cat ./ssl.crt/server.crt ; cat ./ssl.key/server.key) > mail.pem
# emacs /usr/lib/courier-imap/etc/imapd-ssl
½¤ÀµÅÀ
# diff imapd-ssl imapd-ssl.dist 149,150c149 < TLS_CERTFILE=/usr/local/certs/local.domain/mail.pem < #TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem --- > TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem
¤½¤Î¤¢¤È¡¢copurier-imap¤òºÆµ¯Æ°¤·¤Þ¤¹¡£
# /sbin/service courier-imap restart
mail.pem¥Õ¥¡¥¤¥ë¤ÎÆâÍƤϡ¢¾ÚÌÀ½ñ¤ÎÉôʬ¡¢¸°¤ÎÉôʬ¡¢¥Õ¥¡¥¤¥ë¤ÎºÇ¸åÈø¤½¤ì¤¾¤ì¤Î¶èÀÚ¤ê¤Ë²þ¹Ô¤òÆþ¤ì¤Æ²¼¤µ¤¤¡£
courier-imap¤òµ¯Æ°¤·¤¿ºÝ¤Ë¡¢/var/log/maillog¤Ë¡¢...:PEM_read_bio:bad end line¤È¸À¤¦¥¨¥é¡¼¤¬½Ð¤Æ¡¢sslÈǤÎimap¡¢pop¤Îµ¯Æ°¤Ë¼ºÇÔ¤·¤Þ¤¹¡£¡Ê¤·¤«¤â¡¢/sbin/service courier-imap restart¤Ç¤Ï¡¢¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ë¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤Þ¤»¤ó¤Î¤ÇÌñ²ð¤Ç¤¹¡Ë
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----[²þ¹Ô] -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----[²þ¹Ô] [²þ¹Ô]
http://www.fkimura.com/apache13.html
http://www.aconus.com/~oyaji/www/certs_linux.htm