...ing logging 3.0

HTTPS接続のための証明書作成方法（Apache2 + SSL） - Debian [Lenny]

Debian, Memo

とりあえずメモ．

• 参考：make-ssl-cert と証明書 - May the Source be with you

• マニュアル

# zless /usr/share/doc/apache2-doc/README.Debian.gz
SSL
===

Enabling SSL
------------

To enable SSL, type (as user root):

        a2ensite default-ssl
        a2enmod ssl

If you want to use self-signed certificates, you should install the ssl-cert
package (see below). Otherwise, just adjust the SSLCertificateFile and
SSLCertificateKeyFile directives in /etc/apache2/sites-available/default-ssl to
point to your SSL certificate. Then restart apache:

        /etc/init.d/apache2 restart


Creating self-signed certificates
---------------------------------

If you install the ssl-cert package, a self-signed certificate will be
automatically created using the hostname currently configured on your computer.
You can recreate that certificate (e.g. after you have changed /etc/hosts or
DNS to give the correct hostname) as user root with:

        make-ssl-cert generate-default-snakeoil --force-overwrite

To create more certificates with different host names, you can use

        make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt

This will ask you for the hostname and place both SSL key and certificate in
the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile
directive in the apache config (you don't need the SSLCertificateKeyFile in
this case).


			

• 証明書の作成

# cd /etc/apache2/ssl
# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf apache.pem

• apache2のSSL接続の設定．make-ssl-certで作ったなら同じファイルを指定すればよい．

# emacs /etc/apache2/sites-available/default-ssl

（前略）

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLCertificateKeyFile /etc/apache2/ssl/apache.pem

（後略）

いろんな情報に惑わされて設定にのべ4日くらいかかったぜ！

後でまとめ直す．

ツイートする

Permalink | コメント(0) | トラックバック(2) | 01:26