Home > Debian > Webサーバ > SSLの設定をし通信を暗号化できるようにする
| SSLの設定をし通信を暗号化できるようにする |
SSLを利用できるようにする為、自己署名ファイルを作成する
# apache2-ssl-certificate creating selfsigned certificate replace it with one signed by a certification authority (CA) enter your ServerName at the Common Name prompt If you want your certificate to expire after x days call this programm with -days x Generating a 1024 bit RSA private key ..............++++++ ..........................................++++++ writing new private key to '/etc/apache2/ssl/apache.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:JP ←JPを指定 State or Province Name (full name) [Some-State]:Tokyo ←都道府県名を指定 Locality Name (eg, city) []:Shinjuku-ku ←町の名前を指定 Organization Name (eg, company; recommended) []:chibi style ←会社名を指定 Organizational Unit Name (eg, section) []: ←省略可 server name (eg. ssl.domain.tld; required!!!) []:chibi.name ←サーバ名を指定 Email Address []:webmaster@chibi.name ←メールアドレス |
出来上がった、秘密鍵と証明書を確認しておく
# ls -l /etc/apache2/ssl/ 合計 4 lrwxrwxrwx 1 root root 27 2005-07-06 13:07 1670d77d.0 -> /etc/apache2/ssl/apache.pem -rw------- 1 root root 1819 2005-07-06 13:07 apache.pem |
SSLモジュールを読み込ませる
# a2enmod Which module would you like to enable? Your choices are: actions asis auth_anon auth_dbm auth_digest auth_ldap cache cern_meta cgi cgid dav dav_fs deflate disk_cache expires ext_filter file_cache headers imap include info ldap mem_cache mime_magic php4 proxy proxy_connect proxy_ftp proxy_http rewrite speling ssl suexec unique_id userdir usertrack vhost_alias Module name? ssl ←sslと入力 Module ssl installed; run /etc/init.d/apache2 force-reload to enable. |
SSLの設定の為のサンプルファイルを/etc/apache2/sites-available/に
# cd /etc/apache2/sites-available/ # zcat /usr/share/doc/apache2/examples/ssl.conf.gz > ssl |
SSLの設定ファイルを編集する
# vi /etc/apache2/sites-available/ssl <VirtualHost _default_:443> ↓ <VirtualHost chibi.name:443> DocumentRoot "/usr/share/apache2/default-site/htdocs" ↓ DocumentRoot "/var/www/html" ServerName www.example.com:443 ↓ ServerName chibi.name:443 ServerAdmin you@example.com ↓ ServerAdmin webmaster@chibi.name ErrorLog /var/log/apache2/error_log ↓ ErrorLog /var/log/apache2/ssl_error_log TransferLog /var/log/apache2/access_log ↓ TransferLog /var/log/apache2/ssl_access_log SSLCertificateFile /etc/apache2/ssl.crt/server.crt ↓ SSLCertificateFile /etc/apache2/ssl/apache.pem SSLCertificateKeyFile /etc/apache2/ssl.key/server.key ↓ SSLCertificateKeyFile /etc/apache2/ssl/1670d77d.0 ←先ほど確認した鍵を指定 |
このSSLの設定ファイルを有効にする。またその後はApacheを再起動する
# a2ensite Which site would you like to enable? Your choices are: default ssl Site name? ssl ←sslと入力 Site ssl installed; run /etc/init.d/apache2 reload to enable. # /etc/init.d/apache2 restart |
以上で、httpsを指定してアクセスすれば通信を暗号化できる。
最終更新 : 09/26/2005