• 秘密鍵作成

    cd /etc/pki/tls/certs
    openssl genrsa -aes256 1024 > server.key
    Generating RSA private key, 1024 bit long modulus
    e is 65537 (0x10001)
    Enter pass phrase:パスワード入力
    Verifying - Enter pass phrase:パスワード再入力
  • 公開鍵作成

    openssl req -new -key server.key > server.csr
    Enter pass phrase for server.key:パスワード入力
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    Country Name (2 letter code) [XX]:JP
    State or Province Name (full name) []:Tokyo
    Locality Name (eg, city) [Default City]:Akihabara
    Organization Name (eg, company) [Default Company Ltd]:OreOreCA
    Organizational Unit Name (eg, section) []:z-area
    Common Name (eg, your name or your server's hostname) []:z-area.net
    Email Address []:空欄
    A challenge password []:空欄
    An optional company name []:空欄
  • 証明書作成

    openssl x509 -in server.csr -days 36500 -req -signkey server.key > server.crt
    Signature ok
    Getting Private key
    Enter pass phrase for server.key:パスワード入力
  • 秘密鍵パスワード解除

    mv server.key server.key.org
    openssl rsa -in server.key.org > server.key
    Enter pass phrase for server.key.org:パスワード入力
    writing RSA key
  • Apache2のSSL導入

    yum install mod_ssl
  • Apache2のSSL設定

    cp -pi /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.org
    vi /etc/httpd/conf.d/ssl.conf
    #DocumentRoot "/var/www/html"
    DocumentRoot "/var/www/html"
    #ServerName www.example.com:443
    ServerName z-area.net:443
    ErrorLog logs/ssl_error_log
    ErrorLog /var/log/httpd/ssl_error_log
    TransferLog logs/ssl_access_log
    #TransferLog logs/ssl_access_log
    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    CustomLog /var/log/httpd/ssl_access_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    # POODLE SSLv3.0 脆弱性問題対処
    SSLProtocol all -SSLv2
    SSLProtocol all -SSLv2 -SSLv3
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateFile /etc/pki/tls/certs/server.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    SSLCertificateKeyFile /etc/pki/tls/certs/server.key
  • Apache2SSLの動作確認

    echo '<h1>It works!</h1>' > /var/www/html/index.html
    /etc/rc.d/init.d/iptables stop
    /etc/rc.d/init.d/httpd restart


    証明書の確認が表示された後、「It works!」が表示されれば正常です。

    /etc/rc.d/init.d/iptables start
    rm -f /var/www/html/index.html