mod_ssl設定

 

目標

rhceの勉強するついでに自宅のサーバにmod_sslの設定を入れてみた

 

必要パッケージ設置

yum install httpd
yum install mod_ssl
yum install open_ssl

作業ディレクトリ移動

cd /etc/httpd/conf

秘密鍵作成=server.keyファイル作成

[root@web2 conf]# openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
.........+++
.........+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:

 

証明申請情報入力=server.csrファイル作成

[root@web2 conf]# openssl req -new -key server.key > server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:tokyo
Locality Name (eg, city) [Default City]:itabashi
Organization Name (eg, company) [Default Company Ltd]:negabaro.com
Organizational Unit Name (eg, section) []:negabaro
Common Name (eg, your name or your server's hostname) []:web2.test.negabaro.com
Email Address []:negabaro@gmail.com 

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

 

デジタル証明書作成(おれおれ証明書)=server.crt

[root@web2 conf]# openssl x509 -in server.csr -days 365 -req -signkey server.key > server.crt
Signature ok
subject=/C=JP/ST=tokyo/L=itabashi/O=negabaro.com/OU=negabaro/CN=web2.test.negabaro.com/emailAddress=negabaro@gmail.com
Getting Private key
Enter pass phrase for server.key:

 

ssl.confファイル設定

vim /etc/httpd/conf.d/ssl.conf

ServerName web2.test.negabaro.com:443

SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です