RSA形式の秘密鍵を作成する

[root@adm01 ~]# openssl genrsa 2048 > server.key
Generating RSA private key, 2048 bit long modulus
........................+++
...+++
e is 65537 (0x10001)
[root@adm01 ~]# ll
-rw-r--r--. 1 root root  1675 11月  4 18:05 2014 server.key

CSRファイルを作成する。

[root@adm01 ~]# openssl req -new -key server.key > server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Osaka
Locality Name (eg, city) [Default City]:Osaka-shi,Cyuoh-ku
Organization Name (eg, company) [Default Company Ltd]:Yamada Inc.
Organizational Unit Name (eg, section) []:Yamada Section
Common Name (eg, your name or your server's hostname) []:yamada.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

デジタル証明書（server.crt）の作成

[root@adm01 ~]# openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt
Signature ok
subject=/C=JP/ST=Osaka/L=Osaka-shi,Cyuoh-ku/O=Yamada Inc./OU=Yamada Section/CN=yamada.com
Getting Private key

適当な場所にデジタル証明書、秘密鍵を設置

[root@adm01 ~]# mkdir /etc/httpd/conf/ssl.crt/
[root@adm01 ~]# mv server.crt /etc/httpd/conf/ssl.crt/
[root@adm01 ~]# mkdir /etc/httpd/conf/ssl.key/
[root@adm01 ~]# mv server.key /etc/httpd/conf/ssl.key/
[root@adm01 ~]# rm -rf server.csr
[root@adm01 ~]# chmod 700 /etc/httpd/conf/ssl.key
[root@adm01 ~]# chmod 400 /etc/httpd/conf/ssl.key/server.key

ssl.confを編集する

[root@adm01 ~]# vi /etc/httpd/conf.d/ssl.conf

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

設定反映

[root@adm01 ~]# /etc/init.d/httpd configtest
Syntax OK
[root@adm01 ~]# /etc/init.d/httpd reload
httpd を再読み込み中: 

適当な場所にデジタル証明書、秘密鍵を設置

[root@adm01 ~]# mkdir /etc/nginx/conf/ssl.crt/
[root@adm01 ~]# mv server.crt /etc/nginx/conf/ssl.crt/
[root@adm01 ~]# mkdir /etc/nginx/conf/ssl.key/
[root@adm01 ~]# mv server.key /etc/nginx/conf/ssl.key/
[root@adm01 ~]# rm -rf server.csr
[root@adm01 ~]# chmod 700 /etc/nginx/conf/ssl.key
[root@adm01 ~]# chmod 400 /etc/nginx/conf/ssl.key/server.key

nginx の SSL設定ファイルを設定

# vi /etc/nginx/conf.d/ssl.conf

5行目付近「sever {」以下のコメントをすべてはずす。 10～11行目付近、鍵のパスを修正

#    ssl_certificate      cert.pem;
#    ssl_certificate_key  cert.key;
    ssl_certificate      /etc/httpd/conf/ssl.crt/server.crt;
    ssl_certificate_key  /etc/httpd/conf/ssl.key/server.key;

SSL 有効化（nginx 再起動）

# /etc/init.d/nginx restart