Server/Apache/SSL
¤ò¥Æ¥ó¥×¥ì¡¼¥È¤Ë¤·¤ÆºîÀ®
¥È¥Ã¥×
¿·µ¬
°ìÍ÷
¸¡º÷
¥Ø¥ë¥×
³«»Ï¹Ô:
#contents
*¤Ï¤¸¤á¤Ë [#ee5ad33d]
*CACert [#wbda2c08]
*WebÍѾÚÌÀ½ñ [#e7ffefa5]
**¥Ç¥£¥ì¥¯¥È¥ê¤Î½àÈ÷ [#r40e7d33]
¥¡¼¤òÃÖ¤¯¤¿¤á¤Î¥Ç¥£¥ì¥¯¥È¥ê¤òÍÑ°Õ¤·¤Þ¤¹¡£
# mkdir /usr/local/certs/local.domain/ssl.key/
# mkdir /usr/local/certs/local.domain/ssl.crt/
# chmod 700 /usr/local/certs/local.domain/
# cd /usr/local/certs/local.domain/
**¸°¤Î½àÈ÷ [#uad4fe3c]
***ÈëÌ©¸° [#w2dcd245]
# openssl genrsa -rand /var/log/messages -des3 -out ./ss...
¤³¤³¤Ç¤Ï¡¢¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬µá¤á¤é¤ì¤Þ¤¹¡£
***¾ÚÌÀ½ñ¿½ÀÁ¥Ç¡¼¥¿(CSR) [#c3c5f993]
# openssl req -new -key ./ssl.key/server.key -out ./ssl...
¤³¤³¤Ç¤Ï¡¢ÁÈ¿¥¤Î¾ðÊó¤òÆþÎϤ·¤Þ¤¹¡£
-Country Name (2 letter code) [AU]:~
¹ñ̾¤Ç¤¹¡£ÆüËܤʤé''JP''¡£
-State or Province Name (full name) [Some-State]:~
¸©¡¦½£Ì¾¤Ç¤¹¡£''Ibaraki''
-Locality Name (eg, city) []:~
ÅÔ»Ô̾¤Ç¤¹¡£''Tsukuba''
-Organization Name (eg, company) [Internet Widgits Pty Lt...
ÁÈ¿¥Ì¾¤Ç¤¹¡£
-Organizational Unit Name (eg, section) []:~
ÁÈ¿¥Æâ¤ÎÉô½ð̾¤Ç¤¹¡£''Admin''
-Common Name (eg, YOUR name) []:~
¥µ¡¼¥Ð̾¤òFQDN¤Ç»ØÄꤷ¤Þ¤¹¡£''local.domain''¡Ê¤³¤Î̾Á°¤È...
-Email Address []:~
´ÉÍý¼Ô¤Î¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ç¤¹¡£
~
¶õÍó¤Î¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤ÎÃͤ¬ÂåÆþ¤µ¤ì¤Þ¤¹~
~
ºÇ¸å¤Ë¡¢Àè¤Û¤É»ØÄꤷ¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬µá¤á¤é¤ì¤Þ¤¹¡£
***¥µ¡¼¥Ð¾ÚÌÀ½ñ¤Î¿½ÀÁ¤È¼èÆÀ [#acf4616e]
# cat ./ssl.key/server.csr
¥Õ¥¡¥¤¥ë¤ÎÆâÍƤòɽ¼¨¤·¡¢¥³¥Ô¡¼¤·¤Þ¤¹¡£
¼¡¤Ë¡¢¥³¥Ô¡¼¤·¤¿ÆâÍƤò¡¢'''²¼¤ËCSR¤ò¥Ú¡¼¥¹¥È¤·¤Æ¤¯¤À¤µ¤¤...
#ref(server_new_1.png)
¤·¤Ð¤é¤¯¤¹¤ë¤È¡¢°Ê²¼¤ÎÍͤËɽ¼¨¤µ¤ì¡¢¾ÚÌÀ½ñ¤¬ÍÑ°Õ¤µ¤ì¤Þ¤¹¡£
#ref(server_new_2.png)
ºÇ¸å¤Ë¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñÆâÍƤò¡¢¥Õ¥¡¥¤¥ë¤ËÍî¤È¤·¤Þ¤¹¡£~
'''-----BEGIN CERTIFICATE-----'''¤«¤é'''-----END CERTIFIC...
# emacs ./ssl.crt/server.crt
***¥Ñ¥¹¥Õ¥ì¡¼¥º¤Î¾Êά [#v0d3d348]
# mv ./ssl.key/server.key ./ssl.key/server.key.org
# openssl rsa -in ./ssl.key/server.key.org -out ./ssl.ke...
***httpd.conf¤Î½¤Àµ [#o07ef248]
# emacs /etc/httpd/conf/httpd.conf
½¤ÀµÅÀ
# diff httpd.conf httpd.conf.org
1088c1088
< SSLCertificateFile /usr/local/certs/local.domain/ssl.c...
---
> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
1096c1096
< SSLCertificateKeyFile /usr/local/certs/local.domain/ss...
---
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
*¥á¡¼¥ëÍѾÚÌÀ½ñ¤ÎÀ¸À® [#y3a4fa03]
# cd /usr/local/certs/local.domain/
# (cat ./ssl.crt/server.crt ; cat ./ssl.key/server.key) ...
**courier-imapÀßÄê¥Õ¥¡¥¤¥ë¤Î½¤Àµ [#rd663d46]
# emacs /usr/lib/courier-imap/etc/imapd-ssl
½¤ÀµÅÀ
# diff imapd-ssl imapd-ssl.dist
149,150c149
< TLS_CERTFILE=/usr/local/certs/local.domain/mail.pem
< #TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem
---
> TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem
¤½¤Î¤¢¤È¡¢copurier-imap¤òºÆµ¯Æ°¤·¤Þ¤¹¡£
# /sbin/service courier-imap restart
***Ãí°Õ [#k0efe2cd]
mail.pem¥Õ¥¡¥¤¥ë¤ÎÆâÍƤϡ¢¾ÚÌÀ½ñ¤ÎÉôʬ¡¢¸°¤ÎÉôʬ¡¢¥Õ¥¡¥¤...
courier-imap¤òµ¯Æ°¤·¤¿ºÝ¤Ë¡¢''/var/log/maillog''¤Ë¡¢'''.....
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----[²þ¹Ô]
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----[²þ¹Ô]
[²þ¹Ô]
*»²¹Í [#t7fec881]
http://www.fkimura.com/apache13.html~
http://www.aconus.com/~oyaji/www/certs_linux.htm~
RIGHT:2005-09-19 (·î) 11:40:15
----
[[²È¥µ¡¼¥Ð´ÉÍýÄ¢]]
½ªÎ»¹Ô:
#contents
*¤Ï¤¸¤á¤Ë [#ee5ad33d]
*CACert [#wbda2c08]
*WebÍѾÚÌÀ½ñ [#e7ffefa5]
**¥Ç¥£¥ì¥¯¥È¥ê¤Î½àÈ÷ [#r40e7d33]
¥¡¼¤òÃÖ¤¯¤¿¤á¤Î¥Ç¥£¥ì¥¯¥È¥ê¤òÍÑ°Õ¤·¤Þ¤¹¡£
# mkdir /usr/local/certs/local.domain/ssl.key/
# mkdir /usr/local/certs/local.domain/ssl.crt/
# chmod 700 /usr/local/certs/local.domain/
# cd /usr/local/certs/local.domain/
**¸°¤Î½àÈ÷ [#uad4fe3c]
***ÈëÌ©¸° [#w2dcd245]
# openssl genrsa -rand /var/log/messages -des3 -out ./ss...
¤³¤³¤Ç¤Ï¡¢¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬µá¤á¤é¤ì¤Þ¤¹¡£
***¾ÚÌÀ½ñ¿½ÀÁ¥Ç¡¼¥¿(CSR) [#c3c5f993]
# openssl req -new -key ./ssl.key/server.key -out ./ssl...
¤³¤³¤Ç¤Ï¡¢ÁÈ¿¥¤Î¾ðÊó¤òÆþÎϤ·¤Þ¤¹¡£
-Country Name (2 letter code) [AU]:~
¹ñ̾¤Ç¤¹¡£ÆüËܤʤé''JP''¡£
-State or Province Name (full name) [Some-State]:~
¸©¡¦½£Ì¾¤Ç¤¹¡£''Ibaraki''
-Locality Name (eg, city) []:~
ÅÔ»Ô̾¤Ç¤¹¡£''Tsukuba''
-Organization Name (eg, company) [Internet Widgits Pty Lt...
ÁÈ¿¥Ì¾¤Ç¤¹¡£
-Organizational Unit Name (eg, section) []:~
ÁÈ¿¥Æâ¤ÎÉô½ð̾¤Ç¤¹¡£''Admin''
-Common Name (eg, YOUR name) []:~
¥µ¡¼¥Ð̾¤òFQDN¤Ç»ØÄꤷ¤Þ¤¹¡£''local.domain''¡Ê¤³¤Î̾Á°¤È...
-Email Address []:~
´ÉÍý¼Ô¤Î¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ç¤¹¡£
~
¶õÍó¤Î¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤ÎÃͤ¬ÂåÆþ¤µ¤ì¤Þ¤¹~
~
ºÇ¸å¤Ë¡¢Àè¤Û¤É»ØÄꤷ¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬µá¤á¤é¤ì¤Þ¤¹¡£
***¥µ¡¼¥Ð¾ÚÌÀ½ñ¤Î¿½ÀÁ¤È¼èÆÀ [#acf4616e]
# cat ./ssl.key/server.csr
¥Õ¥¡¥¤¥ë¤ÎÆâÍƤòɽ¼¨¤·¡¢¥³¥Ô¡¼¤·¤Þ¤¹¡£
¼¡¤Ë¡¢¥³¥Ô¡¼¤·¤¿ÆâÍƤò¡¢'''²¼¤ËCSR¤ò¥Ú¡¼¥¹¥È¤·¤Æ¤¯¤À¤µ¤¤...
#ref(server_new_1.png)
¤·¤Ð¤é¤¯¤¹¤ë¤È¡¢°Ê²¼¤ÎÍͤËɽ¼¨¤µ¤ì¡¢¾ÚÌÀ½ñ¤¬ÍÑ°Õ¤µ¤ì¤Þ¤¹¡£
#ref(server_new_2.png)
ºÇ¸å¤Ë¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñÆâÍƤò¡¢¥Õ¥¡¥¤¥ë¤ËÍî¤È¤·¤Þ¤¹¡£~
'''-----BEGIN CERTIFICATE-----'''¤«¤é'''-----END CERTIFIC...
# emacs ./ssl.crt/server.crt
***¥Ñ¥¹¥Õ¥ì¡¼¥º¤Î¾Êά [#v0d3d348]
# mv ./ssl.key/server.key ./ssl.key/server.key.org
# openssl rsa -in ./ssl.key/server.key.org -out ./ssl.ke...
***httpd.conf¤Î½¤Àµ [#o07ef248]
# emacs /etc/httpd/conf/httpd.conf
½¤ÀµÅÀ
# diff httpd.conf httpd.conf.org
1088c1088
< SSLCertificateFile /usr/local/certs/local.domain/ssl.c...
---
> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
1096c1096
< SSLCertificateKeyFile /usr/local/certs/local.domain/ss...
---
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
*¥á¡¼¥ëÍѾÚÌÀ½ñ¤ÎÀ¸À® [#y3a4fa03]
# cd /usr/local/certs/local.domain/
# (cat ./ssl.crt/server.crt ; cat ./ssl.key/server.key) ...
**courier-imapÀßÄê¥Õ¥¡¥¤¥ë¤Î½¤Àµ [#rd663d46]
# emacs /usr/lib/courier-imap/etc/imapd-ssl
½¤ÀµÅÀ
# diff imapd-ssl imapd-ssl.dist
149,150c149
< TLS_CERTFILE=/usr/local/certs/local.domain/mail.pem
< #TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem
---
> TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem
¤½¤Î¤¢¤È¡¢copurier-imap¤òºÆµ¯Æ°¤·¤Þ¤¹¡£
# /sbin/service courier-imap restart
***Ãí°Õ [#k0efe2cd]
mail.pem¥Õ¥¡¥¤¥ë¤ÎÆâÍƤϡ¢¾ÚÌÀ½ñ¤ÎÉôʬ¡¢¸°¤ÎÉôʬ¡¢¥Õ¥¡¥¤...
courier-imap¤òµ¯Æ°¤·¤¿ºÝ¤Ë¡¢''/var/log/maillog''¤Ë¡¢'''.....
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----[²þ¹Ô]
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----[²þ¹Ô]
[²þ¹Ô]
*»²¹Í [#t7fec881]
http://www.fkimura.com/apache13.html~
http://www.aconus.com/~oyaji/www/certs_linux.htm~
RIGHT:2005-09-19 (·î) 11:40:15
----
[[²È¥µ¡¼¥Ð´ÉÍýÄ¢]]
¥Ú¡¼¥¸Ì¾: