apacheにOpenSSL設定
なければ↓
# yum install openssl # yum install mod_ssl
[root@localhost ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@localhost ~]# cd /etc/httpd/conf
[root@localhost conf]# ls
extra httpd.conf httpd.conf.back20160811 magic
[root@localhost conf]# openssl genrsa -aes128 1024 > server.key
Generating RSA private key, 1024 bit long modulus
.............................................................................++++++
..........................++++++
e is 65537 (0x10001)
Enter pass phrase:openssl
Verifying - Enter pass phrase:openssl
[root@localhost conf]# openssl req -new -key server.key > server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) :TOKYO
Locality Name (eg, city) [Default City]:Shinagawa
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :192.168.56.101
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
[root@localhost conf]# openssl x509 -in server.csr -days 36500 -req -signkey server.key > server.crt
Signature ok
subject=/C=JP/ST=TOKYO/L=Shinagawa/O=Default Company Ltd/CN=192.168.56.101
Getting Private key
Enter pass phrase for server.key:openssl
青字を追加
# vi /etc/httpd/conf.d/ssl.conf : <VirtualHost _default_:443> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/httpd/conf/server.crt SSLCertificateKeyFile /etc/httpd/conf/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> : </Files> </VirtualHost>
# /etc/init.d/httpd start
https接続するも、つながらず
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
再起動
[root@localhost sysconfig]# /etc/init.d/iptables restart
これでhttps接続可能に