OS: Fedora 11
必要なパッケージ
httpd , mod_ssl , openssl
# yum install -y httpd.i586
# yum install -y mod_ssl.i586
# yum install -y openssl.i686
# httpd -v
Server version: Apache/2.2.11 (Unix)
Server built: Mar 17 2009 09:15:10
証明書、鍵を openssl で作成、、と思いきや、
テスト用の証明書、鍵がインストールされている。
opensslコマンドで証明書、鍵の作成をしなくてよさそう。
うーん楽ちんだ。
# egrep -v "^#" /etc/httpd/conf.d/ssl.conf | egrep -v "^$"
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt ←証明書 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ←秘密キー
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# ls /etc/pki/tls/certs/*.crt
/etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/localhost.crt
# ls /etc/pki/tls/private/*.key
/etc/pki/tls/private/localhost.key
ためしに起動。
あれ、apachectl startssl がない。。
# apachectl startssl
Usage: /usr/sbin/httpd [-D name] [-d directory] [-f file]
[-C "directive"] [-c "directive"]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-S]
じゃあ、apachectl start で。
# apachectl start
Fedora 11 の httpd.conf は conf.d 下の設定ファイルを読み込んでくれる
みたい。( i.e. /etc/httpd/conf.d/ssl.conf を読み込んでくれる )
# egrep -i include /etc/httpd/conf/httpd.conf | grep "conf.d"
Include conf.d/*.conf
ポートをリッスンしているかチェック。
# lsof -i:443 | head -2
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 3140 root 6u IPv6 35807 0t0 TCP *:https (LISTEN)
# lsof -i:80 | head -2
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 3140 root 4u IPv6 35803 0t0 TCP *:http (LISTEN)
では、ブラウザでアクセス。
get things done!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.