SSL暗号化通信

秘密鍵作成

cd /etc/ssl
openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...+++
........................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key: ←パスフレーズ入力
Verifying - Enter pass phrase for server.key: ←パスフレーズ再入力

パスフレーズ削除

openssl rsa -in server.key -out server.key
Enter pass phrase for server.key: ←先ほどのパスフレーズを入力
writing RSA key

chmod 400 server.key　←アクセス権変更

自己証明書作成

openssl req -new -x509 -days 3650 -key server.key -out server.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP ←国名
State or Province Name (full name) [Some-State]:Niigata ←都道府県名
Locality Name (eg, city) []:Niigata ←市区町村名
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tommybsd.plala.jp ←ホスト名(または会社名)
Organizational Unit Name (eg, section) []: ←空エンター
Common Name (eg, YOUR name) []:tommybsd.plala.jp ←ホスト名(または管理者名)
Email Address []:tommy@tommybsd.plala.jp ←管理者メールアドレス

chmod 400 server.crt  ←アクセス権変更

ブラウザインポート用バイナリDER作成

openssl x509 -in server.crt -out /usr/local/www/apache22/data/server.der -outform DER

apacheのhttpd.conf編集

ee  /usr/local/etc/apache22/httpd.conf

# Secure (SSL/TLS) connections
#Include etc/apache22/extra/httpd-ssl.conf
↓
Include etc/apache22/extra/httpd-ssl.conf ←コメント解除

apacheのSSL用設定ファイルhttpd-ssl.conf編集

ee  /usr/local/etc/apache22/extra/httpd-ssl.conf

ServerName www.example.com:443
↓
ServerName tommybsd.plala.jp:443 ←変更(サーバー名を記入)

ServerAdmin you@example.com
↓
ServerAdmin tommy@tommybsd.plala.jp ←変更(管理者のメールアドレスを記入)

ErrorLog "/var/log/httpd-error.log"
↓
ErrorLog "/var/log/httpd-ssl_error.log" ←変更

TransferLog "/var/log/httpd-access.log"
↓
TransferLog "/var/log/httpd-ssl_access.log" ←変更

SSLCertificateFile "/usr/local/etc/apache22/server.crt"
↓
SSLCertificateFile "/etc/ssl/server.crt" ←変更(証明書へのパスを指定)

SSLCertificateKeyFile "/usr/local/etc/apache22/server.key"
↓
SSLCertificateKeyFile "/etc/ssl/server.key" ←変更(秘密鍵へのパスを指定)

CustomLog "/var/log/httpd-ssl_request.log"
↓
CustomLog "/var/log/httpd-ssl_request.log" ←コメント解除

Apache再起動

/usr/local/etc/rc.d/apache22  restart

ブラウザで確認　( https://tommybsd.plala.jp/ )