Linux/Apache2で自己認証 の変更点
*Linux Apache2で自己認証ssl [#h23882f7]
[[dokuwiki.fl8.jp転載済み>http://dokuwiki.fl8.jp/doku.php/01_linux/02_www/apache2%E3%81%A7%E8%87%AA%E5%B7%B1%E8%AA%8D%E8%A8%BCssl]]
#contents
**mod_sslインストール [#o6e7b210]
# yum install mod_ssl
**サーバ秘密鍵・証明書の作成 [#h256aa93]
# cd /etc/pki/tls/certs/
# sed -i 's/365/3650/g' Makefile
※サーバー用証明書有効期限を1年から10年に変更
# make server.crt
***秘密鍵作成 [#gc5ca5a1]
# openssl genrsa -des3 -out ./ssl.key/ssl.globalsign.com.key 2048
***csr作成 [#e3624b9b]
# openssl req -new -key server.key -out server.csr
***秘密鍵をパスワード無しにする。 [#p93e320d]
# openssl rsa -in server.key -out server.key
**apacheの設定ファイル修正 [#he5caaa7]
# vi /etc/httpd/conf.d/ssl.conf
#DocumentRoot "/var/www/html"
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
**Apache再起動 [#m2a604ee]
# /etc/init.d/httpd restart
**参考サイト [#gde50fe0]
こちらのサイトの方がはるかに詳しく丁寧に書いてくれてます。
[[http://centossrv.com/apache-ssl.shtml>http://centossrv.com/apache-ssl.shtml]]
**秘密鍵と証明書がマッチしているかどうかの確認 [#d2a40fe6]
openssl rsa -in [秘密鍵] -pubout
openssl x509 -in [証明書] -pubkey
***これで、「BEGIN PUBLIC KEY」の箇所が合致していればOK [#t6ad7b7f]
# openssl rsa -in /etc/pki/tls/certs/server.key -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/smbmb0cX7DLKTTtDrbAEcORd
RKwFLXB4kysLD5M8rdZ7mrKatJxkJy0G1zTaGGgRRn4vnK9gpAiG1st8JLEtV3H3
8RWbS14che8EmuKNn4U5pf6M67d68V9eMsBKFAERTWHGihoVGQ04rflzoaegdjQA
5dmU5eL0l8ktANsZ5QIDAQAB
-----END PUBLIC KEY-----
# openssl x509 -in /etc/pki/tls/certs/server.crt -pubkey
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/smbmb0cX7DLKTTtDrbAEcORd
RKwFLXB4kysLD5M8rdZ7mrKatJxkJy0G1zTaGGgRRn4vnK9gpAiG1st8JLEtV3H3
8RWbS14che8EmuKNn4U5pf6M67d68V9eMsBKFAERTWHGihoVGQ04rflzoaegdjQA
5dmU5eL0l8ktANsZ5QIDAQAB
-----END PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIDcTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCSkEx
EDAOBgNVBAgTB1RvdWt5b3UxEjAQBgNVBAcTCVR5dXVvdS1rdTEWMBQGA1UEChMN
RmxhdEVpZ2h0LmNvbTEYMBYGA1UEAxMPd3d3LmZsYXQ4LmNvLmpwMSEwHwYJKoZI
hvcNAQkBFhJtYXRzdWlAZmxhdDguY28uanAwHhcNMTAwNDI3MDIwODA4WhcNMjAw
NDI0MDIwODA4WjCBiDELMAkGA1UEBhMCSkExEDAOBgNVBAgTB1RvdWt5b3UxEjAQ
BgNVBAcTCVR5dXVvdS1rdTEWMBQGA1UEChMNRmxhdEVpZ2h0LmNvbTEYMBYGA1UE
AxMPd3d3LmZsYXQ4LmNvLmpwMSEwHwYJKoZIhvcNAQkBFhJtYXRzdWlAZmxhdDgu
Y28uanAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL+yZuZvRxfsMspNO0Ot
sARw5F1ErAUtcHiTKwsPkzyt1nuaspq0nGQnLQbXNNoYaBFGfi+cr2CkCIbWy3wk
sS1XcffxFZtLXhyF7wSa4o2fhTml/ozrt3rxX14ywEoUARFNYcaKGhUZDTit+XOh
p6B2NADl2ZTl4vSXyS0A2xnlAgMBAAGjgegwgeUwHQYDVR0OBBYEFOoA+LP6/ew0
dD+cHN1/ddKZxlooMIG1BgNVHSMEga0wgaqAFOoA+LP6/ew0dD+cHN1/ddKZxloo
oYGOpIGLMIGIMQswCQYDVQQGEwJKQTEQMA4GA1UECBMHVG91a3lvdTESMBAGA1UE
BxMJVHl1dW91LWt1MRYwFAYDVQQKEw1GbGF0RWlnaHQuY29tMRgwFgYDVQQDEw93
d3cuZmxhdDguY28uanAxITAfBgkqhkiG9w0BCQEWEm1hdHN1aUBmbGF0OC5jby5q
cIIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAD5mWuFfXRZAXzXc
iGsAY4oS1tQHl9NVGkEy7BF8lRNc7gLZjyxgApq6OcULUuPGALQcHCxOTHNLvQU+
AeKfYDuOKrjZxXnHS/+V5iM9hq+WoeAnZpkfA3MW7qdDlkC3L+/bqcZNvF0/Jlnc
U19qc1XDEGuVRTBgaJtk+XKwC+QO
-----END CERTIFICATE-----
**CSR確認方法 [#gb518f78]
# openssl req -in fl8.jp.csr -text
**秘密鍵の内容を確認 [#n42cd953]
# openssl rsa -in fl8.jp.key -text
**証明書の内容を確認 [#k7346e73]
# openssl x509 -in fl8.jp.crt -text