メモブロ

IT技術のメモ

apacheにOpenSSL設定 

なければ↓
# yum install openssl
# yum install mod_ssl

[root@localhost ~]# openssl version

OpenSSL 1.0.1e-fips 11 Feb 2013

 

[root@localhost ~]# cd /etc/httpd/conf

[root@localhost conf]# ls

extra  httpd.conf  httpd.conf.back20160811  magic

[root@localhost conf]# openssl genrsa -aes128 1024 > server.key

Generating RSA private key, 1024 bit long modulus

.............................................................................++++++

..........................++++++

e is 65537 (0x10001)

Enter pass phrase:openssl

Verifying - Enter pass phrase:openssl

 

[root@localhost conf]# openssl req -new -key server.key > server.csr

Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:JP

State or Province Name (full name) :TOKYO

Locality Name (eg, city) [Default City]:Shinagawa

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) :

Common Name (eg, your name or your server's hostname) :192.168.56.101

Email Address :

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password :

An optional company name :

 

[root@localhost conf]# openssl x509 -in server.csr -days 36500 -req -signkey server.key > server.crt

Signature ok

subject=/C=JP/ST=TOKYO/L=Shinagawa/O=Default Company Ltd/CN=192.168.56.101

Getting Private key

Enter pass phrase for server.key:openssl

青字を追加

# vi /etc/httpd/conf.d/ssl.conf

  :
<VirtualHost _default_:443>
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn
  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLCertificateFile /etc/httpd/conf/server.crt
  SSLCertificateKeyFile /etc/httpd/conf/server.key
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    :
  </Files>
</VirtualHost>
# /etc/init.d/httpd start

https接続するも、つながらず

 

iptablesssl用ポートの開放

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

 

再起動

[root@localhost sysconfig]# /etc/init.d/iptables restart

 

これでhttps接続可能に