centos:ssl_self_certificate
文書の過去の版を表示しています。
SSL自己証明書
自己証明書を作成する
RSA形式の秘密鍵を作成する
[root@adm01 ~]# openssl genrsa 2048 > server.key Generating RSA private key, 2048 bit long modulus ........................+++ ...+++ e is 65537 (0x10001)
CSRファイルを作成する。
[root@adm01 ~]# openssl req -new -key server.key > server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP State or Province Name (full name) []:Osaka Locality Name (eg, city) [Default City]:Osaka-shi,Cyuoh-ku Organization Name (eg, company) [Default Company Ltd]:Yamada Inc. Organizational Unit Name (eg, section) []:Yamada Section Common Name (eg, your name or your server's hostname) []:yamada.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
デジタル証明書(server.crt)の作成
[root@adm01 ~]# openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt Signature ok subject=/C=JP/ST=Osaka/L=Osaka-shi,Cyuoh-ku/O=Yamada Inc./OU=Yamada Section/CN=yamada.com Getting Private key
Apacheで利用する
適当な場所にデジタル証明書、秘密鍵を設置
[root@adm01 ~]# mkdir /etc/httpd/conf/ssl.crt/ [root@adm01 ~]# mv server.crt /etc/httpd/conf/ssl.crt/ [root@adm01 ~]# mkdir /etc/httpd/conf/ssl.key/ [root@adm01 ~]# mv server.key /etc/httpd/conf/ssl.key/ [root@adm01 ~]# rm -rf server.csr [root@adm01 ~]# chmod 700 /etc/httpd/conf/ssl.key [root@adm01 ~]# chmod 400 /etc/httpd/conf/ssl.key/server.key
ssl.confを編集する
[root@adm01 ~]# vi /etc/httpd/conf.d/ssl.conf #SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
設定反映
[root@adm01 ~]# /etc/init.d/httpd configtest Syntax OK [root@adm01 ~]# /etc/init.d/httpd reload httpd を再読み込み中:
Nginxで利用する
適当な場所にデジタル証明書、秘密鍵を設置
[root@adm01 ~]# mkdir /etc/nginx/conf/ssl.crt/ [root@adm01 ~]# mv server.crt /etc/nginx/conf/ssl.crt/ [root@adm01 ~]# mkdir /etc/nginx/conf/ssl.key/ [root@adm01 ~]# mv server.key /etc/nginx/conf/ssl.key/ [root@adm01 ~]# rm -rf server.csr [root@adm01 ~]# chmod 700 /etc/nginx/conf/ssl.key [root@adm01 ~]# chmod 400 /etc/nginx/conf/ssl.key/server.key
nginx の SSL設定ファイルを設定
# vi /etc/nginx/conf.d/ssl.conf
5行目付近「sever {」以下のコメントをすべてはずす。 10~11行目付近、鍵のパスを修正
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
ssl_certificate /etc/httpd/conf/ssl.crt/server.crt;
ssl_certificate_key /etc/httpd/conf/ssl.key/server.key;
SSL 有効化(nginx 再起動)
# /etc/init.d/nginx restart
centos/ssl_self_certificate.1397528653.txt.gz · 最終更新: 2025/02/16 13:50 (外部編集)