1.mod_SSLインストール
| # yum -y install mod_ssl Setting up Install Process Setting up Repos base 100% |=========================| 1.1 kB 00:00 updates-released 100% |=========================| 951 B 00:00 Reading repository metadata in from local files base : ################################################## 2622/2622 updates-re: ################################################## 888/888 Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Package mod_ssl.i386 1:2.0.52-3.1 set to be updated --> Running transaction check --> Processing Dependency: libdistcache.so.1 for package: mod_ssl --> Processing Dependency: libnal.so.1 for package: mod_ssl --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Package distcache.i386 0:1.4.5-6 set to be updated --> Running transaction check Dependencies Resolved Transaction Listing: Install: mod_ssl.i386 1:2.0.52-3.1 - updates-released Performing the following to resolve dependencies: Install: distcache.i386 0:1.4.5-6 - base Total download size: 200 k Downloading Packages: (1/2): distcache-1.4.5-6. 100% |=========================| 111 kB 00:00 (2/2): mod_ssl-2.0.52-3.1 100% |=========================| 89 kB 00:00 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: distcache 100 % done 1/2 Installing: mod_ssl 100 % done 2/2 Installed: mod_ssl.i386 1:2.0.52-3.1 Dependency Installed: distcache.i386 0:1.4.5-6 Complete! # yum clean packages Cleaning up Packages 2 packages removed |
2.WebサーバSSL設定
| # cd /etc/httpd/conf/ # make server.key umask 77 ; \ /usr/bin/openssl genrsa -des3 1024 > server.key Generating RSA private key, 1024 bit long modulus ..++++++ ..........................................................++++++ e is 65537 (0x10001) Enter pass phrase:(パスワード) Verifying - Enter pass phrase:(パスワード) # openssl rsa -in server.key -out server.key Enter pass phrase for server.key:(パスワード) writing RSA key # make server.csr umask 77 ; \ /usr/bin/openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:JP State or Province Name (full name) [Berkshire]:kokura Locality Name (eg, city) [Newbury]:kita Organization Name (eg, company) [My Company Ltd]:kkataru.mine.nu Organizational Unit Name (eg, section) []:「enter」 Common Name (eg, your name or your server's hostname) []:kkataru.mine.nu Email Address []:root@kkataru.mine.nu Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:「enter」 An optional company name []:「enter」 # openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 365 Signature ok subject=/C=JP/ST=kokura/L=kita/O=kkataru.mine.nu/CN=kkataru.mine.nu/emailAddress=r oot@kkataru.mine.nu Getting Private key # chmod 400 server.*
|
||||||||||
3.Webサーバの設定反映
| # /etc/init.d/httpd reload httpd を再読み込み中: [ OK ] |
Copyright (C) 2005 ataru