Solaris User

apache2.0.x & mod_ssl¥¤¥ó¥¹¥È¡¼¥ë(openssl)

Apache2.0.x¤ËSSL¤ò¼ÂÁõ¤¹¤ë

apache2.0.x¤Ë¤Ï¥Ç¥Õ¥©¥ë¥È¤Çmod_ssl¥â¥¸¥å¡¼¥ë¤ädav¥â¥¸¥å¡¼¥ë¤¬ÁȤ߹þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
¤È¤¤¤¦¤ï¤±¤ÇSSLÂбþ¡¢DAVÂбþ¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤­¤âÊÌÅӥ⥸¥å¡¼¥ë¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ÏɬÍפ¢¤ê¤Þ¤»¤ó¡£

¢£ ½àÈ÷
¡¡¤Þ¤º¤Ï¥½¥Õ¥È¥¦¥§¥¢¤ÎÆþ¼ê¤«¤é¹Ô¤­¤Þ¤·¤ç¤¦¡£
 
 http://www.apache.org/
 http://www.openssl.org/
 http://sunfreeware.com/

¡¡¾åµ­¤Î¥µ¥¤¥È¤Ç°Ê²¼¤Î¥½¥Õ¥È¥¦¥§¥¢¤ò¥À¥¦¥ó¥í¡¼¥É¤¹¤ë¡£¤È¤ê¤¢¤¨¤º/var/tmp¥Ç¥£¥ì¥¯¥È¥ê¤¢¤¿¤ê¤ËÃÖ¤¤¤Æ¤ª¤­¤Þ¤·¤ç¤¦¡¡

¡¡gcc-3.2.2-sol9-sparc-local.gz
¡¡httpd-2.0.47.tar.gz
¡¡openssl-0.9.7b.tar.gz

¢£ GCC¤Î¥¤¥ó¥¹¥È¡¼¥ë
¥Õ¥ê¡¼¥½¥Õ¥È¤ò¥³¥ó¥Ñ¥¤¥ë¤¹¤ë¤È¤­¤Ë¤Ï¾ï¼±¤Ç¤¹¡£´û¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¾ì¹ç(¥Ð¡¼¥¸¥ç¥ó¤ÏÉÔÌä)¤ÏÈô¤Ð¤·¤Æ¤¯¤À¤µ¤¤¡£¥Ñ¥¹¤ÎÀßÄê¤À¤±¤Ï˺¤ì¤º¤Ë¡ª¡ª

# gunzip gcc-3.2.2-sol9-sparc-local.gz # pkgadd -d gcc-3.2.2-sol9-sparc-local ... ...(¥Ç¥Õ¥©¥ë¥È¤Ç/usr/local°Ê²¼¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Þ¤¹)

¡Ú¥Ñ¥¹¤ÎÀßÄê¡Û

# PATH=$PATH:/usr/ccs/bin:/usr/local/bin # export PATH

¢¨ Ä̾gcc¤Ï/usr/local/bin¡¢make¤Ï/usr/ccs/bin¤Ë¤¢¤ê¤Þ¤¹¡£

¢£ openssl¤Î¥¤¥ó¥¹¥È¡¼¥ë
¤³¤Á¤é¤â´û¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢¤Ê¤±¤ì¤Ð°Ê²¼¤Î¤è¤¦¤Ë¥³¥ó¥Ñ¥¤¥ë¡õ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¡£

# gunzip openssl-0.9.7b.tar.gz # tar xvf openssl-0.9.7b.tar ... # cd openssl-0.9.7b # ./config ... # make ... # make test ... ... OpenSSL 0.9.7b 10 Apr 2003 built on: Tue Sep 16 16:10:19 JST 2003 platform: solaris-sparcv9-gcc options:  bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: gcc -DOPENSSL_SYSNAME_ULTRASPARC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM OPENSSLDIR: "/usr/local/ssl" `test' is up to date. # # make install #

¢£ apache¤Î¥¤¥ó¥¹¥È¡¼¥ë
Solarisɸ½à¤Îapache¤È¤ÏÊ̤Υǥ£¥ì¥¯¥È¥ê(/usr/local/apache2)¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤Î¤ÇÀßÄê¥Õ¥¡¥¤¥ë¤ä¥Ç¡¼¥¿¤ÎÂÔÈò¤ÎɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¤½¤Î¤Þ¤Þ¥¤¥ó¥¹¥È¡¼¥ë¤·¡¢Æ°ºî³Îǧ¸å¡¢ºÙ¤«¤ÊÀßÄê¤ä¥³¥ó¥Æ¥ó¥Ä¤Î°Ü¹Ô¤ò¹Ô¤¨¤Ð¤¤¤¤¤Ç¤·¤ç¤¦¡£

# gunzip httpd-2.0.47.tar.gz # tar xvf httpd-2.0.47.tar ... # cd httpd-2.0.47 # ./configure --disable-ipv6 --enable-ssl --with-ssl=/usr/local/ssl ... # make ... # make install ...

¢¨ --disable-ipv6 ¤ò¤Ä¤±¤Ê¤¤¤È¥·¥¹¥Æ¥à¤ËIPv6¥¢¥É¥ì¥¹¤¬¤Ä¤¤¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ê¥¨¥é¡¼¤¬ÂçÎÌ¤Ë¥í¥°¥Õ¥¡¥¤¥ë(error_log)¤Ë¤È¤é¤ì¤ë¡£Solaris¤ÏIPv6¤Ëɸ½à¤ÇÂбþ¤·¤Æ¤¤¤ë¤¬¡¢IPv6¥µ¡¼¥Ó¥¹¤òÆä˻ÈÍѤ·¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï³°¤·¤Æ¤ª¤¤¤¿Êý¤¬¤è¤¤¡£
[Thu Sep 18 17:07:45 2003] [warn] (128)Network is unreachable:
connect to listener

¡ÚÁȤ߹þ¤ß¥â¥¸¥å¡¼¥ë¤Î³Îǧ¡Û

# cd /usr/local/apache2/bin # ./httpd -l Compiled in modules:   core.c   mod_access.c   mod_auth.c   mod_include.c   mod_log_config.c   mod_env.c   mod_setenvif.c   mod_ssl.c   prefork.c   http_core.c   mod_mime.c   mod_status.c   mod_autoindex.c   mod_asis.c   mod_cgi.c   mod_negotiation.c   mod_dir.c   mod_imap.c   mod_actions.c   mod_userdir.c   mod_alias.c   mod_so.c

¢£ WWW¥µ¡¼¥Ð¸°¥Ú¥¢¤òºîÀ®¤¹¤ë¤Î¤Ë»ÈÍѤ¹¤ë¥é¥ó¥À¥à¾ðÊó¤ÎºîÀ®

# pwd      /usr/local/ssl/bin # ./openssl md5 * > rand.dat # ls c_rehash  openssl   rand.dat # cat rand.dat MD5(c_rehash)= eac0ca00fc9a2033152ec6408d489f6b MD5(openssl)= d4e3eed34246d6701d35a551ed04189e

¢¨ ¾åµ­¤Ï¡¢/usr/local/bin¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ë¥Õ¥¡¥¤¥ë¤òrand.dat¤Î¼ï¤Ë¤·¤Æ¤ª¤ê¤Þ¤¹¡£ËÜÅö¤Ë³°Éô¥µ¡¼¥Ð¤Ç¸ø³«¤¹¤ë¤Î¤Ç¤¢¤ì¤ÐÊ̤ÎŬÅö¤Ê¥Õ¥¡¥¤¥ë¤ò¼ï¤Ë¤·¤¿Êý¤¬¤è¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£

¢£ WWW¥µ¡¼¥Ð¸°¥Ú¥¢¤ÎºîÀ®

# ./openssl genrsa -des3 -rand rand.dat -out server.key 1024 95 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus ...........++++++ ...............................++++++ e is 65537 (0x10001) Enter pass phrase for server.key:xxxxxxxxxx Verifying - Enter pass phrase for server.key:xxxxxxxxxx # # cat server.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,E4EC26811DF474CF 7bmZha5l6m+13gcVcWBLpUL72VpcpMdhczps8HmJSs56dfqBF49a8wFMh5dUdVt8 c4m31l7t9UYy6pZnJ2aqXT6hKTb2ErpQKFuPEhr8og8hvGAeBbwxtn9UZH119Cfs t9aH8EZndAut2bB9ks7/I/KXFxOiNQj/5XzddWlgIG0YVRvSyb8Iq10fAFaVTRCF vWlRtb4o5bcfrAwJy2QVWLrvJagLg9nGN5K162nPGpp16g2qgcEvom9yCWHhrk2N gPnUtZZPwnAINUeQgqumT4KZC4HIGUsM2cRFNlNvCltgyECRe3F4p5d/h0x+H880 Orod8YGoAokRJQ/y2PcXe3eZOUcxRCG2EQvJO9jky1uy0b7sPo5tE9qyqAQdt4ER eQzKWfzFBk3ctC3CjibrOgTmtHfCGtbralPjcZvhd7fNUjcpch8N7GVqkupr3Bd4 eXEz93i3B+U5tJgezYQ95IYk5lzCKb0F5WKjzX6FX1NHamE+qmALOh7V00qXr8Nv U6DsEUpFzK6LG8EI8i7if1ODWAOmU5G4EaXhdJ4FWuysh1x2oGJBhhTchRDV/ib8 5qNCsbWnJ0v1CZSgXfJRQ/ZY/xku1kHttqN92ubpmaByoA/GmuhdyoKwuJ3x9eqG sju9vu91q6ACo/sogQWd6BMSz5C2Iwbab+Jta6xYnlVmUJbo0MfkPSIMvGZX+tH4 6aA6RGzIFUbP1cPVoIA3DG/56jsqbkCVG7u2YfuTMVQcSQ+hhf+4J4/RbYxRWFYC s3/D0c0+nYOe9kPQ+1rZp3tMjIqUK4snCZ5rULaT9c2cx5qg8lJS1A== -----END RSA PRIVATE KEY----- #

¡¡¥µ¡¼¥Ð¤ÎÈëÌ©¸°¤ÏÈó¾ï¤Ë½ÅÍפǤ¢¤ë¤¿¤á¡¢¾åµ­¤Î¤è¤¦¤Ë¥Ñ¥¹¥Õ¥ì¡¼¥º¤Ç°Å¹æ²½¤µ¤ì server.key ¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

¢£ CSR¤ÎºîÀ®

# ./openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----¢¨º£²ó¤ÏŬÅö¤ËÆþÎϤ·¤Æ¤Þ¤¹ Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:TOKYO Locality Name (eg, city) []:Shibuya Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:www.apache-test.com Email Address []:hogehoge@apache-test.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # -----CSR¤ÎÃæ¿È--------- # ./openssl req -in server.csr -text Certificate Request:     Data:         Version: 0 (0x0)         Subject: C=JP, ST=TOKYO, L=Shibuya, O=Internet Widgits Pty Ltd, CN=www.apache-test.com/emailAddress=hogehoge@apache-test.com         Subject Public Key Info:             Public Key Algorithm: rsaEncryption             RSA Public Key: (1024 bit)                 Modulus (1024 bit):                     00:c3:3b:f6:ce:1f:41:6f:f4:b4:53:76:f7:43:68                     54:a0:09:c3:67:f2:c1:6c:c0:e9:50:ca:d3:7a:81:                     ab:6d:fe:ce:46:1b:17:3f:cf:8f:3a:87:0e:40:f5:                     9b:29:79:6f:38:66:bd:e5:bb:2e:9e:e0:b1:b3:e4:                     54:de:53:e1:b6:6d:9b:fa:e0:46:72:2e:33:a1:72:                     42:06:57:1b:09:7e:90:ac:12:1e:16:8c:d6:07:87:                     ea:84:45:0b:00:cf:4a:6b:67:7a:48:81:75:62:56:                     c6:74:70:75:71:a1:93:4a:39:d2:c5:e4:5f:1a:66:                     16:63:20:5b:8a:ef:af:d0:fb                 Exponent: 65537 (0x10001)         Attributes:            Signature Algorithm: md5WithRSAEncryption         79:3f:57:c3:fb:5e:74:a4:52:6d:23:18:0a:e3:73:d9:c2:60:         6f:d0:3a:4a:5c:de:6b:15:2d:67:95:5b:51:e3:61:ea:58:1d:         b4:52:3e:6a:75:c2:e1:9c:83:e0:1c:62:f8:a4:e8:ec:00:d4:         b7:d2:10:1d:3a:fa:60:48:6c:2c:5e:40:7f:54:b2:cc:0e:19:         5c:32:9a:58:84:53:4a:e2:f2:59:bf:d0:59:35:1d:4c:9d:8a:         7c:8d:3b:13:38:0a:86:b4:01:bc:4c:80:66:f7:a7:4f:86:6f:         74:85:a1:9c:79:63:0c:d4:a5:86:e0:f5:bb:33:33:d8:8b:46:         1a:47 -----BEGIN CERTIFICATE REQUEST----- MIIB8TCCAVoCAQAwgYIxCzAJBgNVBAYTAkpQMQ4wDAYDVQQIEwVUT0tZTzEOMAwG A1UEBxMFRnVjaHUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEV MBMGA1UEAxMMU2FubWFpIEt1cm91MRkwFwYJKoZIhvcNAQkBFgp0ZXN0QGJsYWRl MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDO/bOH0Fv9LRTdvdDaFSgCcNn 8sFswOlQytN6gatt/s5GGxc/z486hw5A9ZspeW84Zr3luy6e4LGz5FTeU+G2bZv6 4EZyLjOhckIGVxsJfpCsEh4WjNYHh+qERQsAz0prZ3pIgXViVsZ0cHVxoZNKOdLF 5F8aZhZjIFuK76/Q+wIDAQABoC4wEwYJKoZIhvcNAQkCMQYTBGhvZ2UwFwYJKoZI hvcNAQkHMQoTCGhvZ2Vob2dlMA0GCSqGSIb3DQEBBAUAA4GBAHk/V8P7XnSkUm0j GArjc9nCYG/QOkpc3msVLWeVW1HjYepYHbRSPmp1wuGcg+AcYvik6OwA1LfSEB06 +mBIbCxeQH9UsswOGVwymliEU0ri8lm/0Fk1HUydinyNOxM4Coa0AbxMgGb3p0+G b3SFoZx5YwzUpYbg9bszM9iLRhpH -----END CERTIFICATE REQUEST-----

¢£ ¥×¥é¥¤¥Ù¡¼¥ÈCAºîÀ®¤Î¤¿¤á¤Î½àÈ÷ºî¶È

# cd /usr/local/ssl # cp -r /var/tmp/openssl-0.9.7/apps/demoCA /usr/local/ssl/CA # chmod 700 CA # cd CA # mv cacert.pem cacert.pem.org # cd private/ # mv cakey.pem cakey.pem.org # cp /usr/local/ssl/openssl.cnf /usr/local/ssl/CA/ # cd /usr/local/ssl/CA/ # vi openssl.cnf ... #dir = ./demoCA # Where everything is kept  <-- ¥³¥á¥ó¥È¥¢¥¦¥È dir = /usr/local/ssl/CA # Where everything is kept  <-- ÄɲÃ

¢£ ¥×¥é¥¤¥Ù¡¼¥ÈCAÍѤÎCRT¤ÎºîÀ®

# cd /usr/local/ssl/CA # openssl req -new -x509 -key private/cakey.pem -out cacert.pem Enter pass phrase for private/ca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- ¢¨¤Þ¤¿Å¬Åö¤Ë¡¦¡¦¡¦ Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:TOKYO Locality Name (eg, city) []:Shibuya Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:www.apache-test.com Email Address []:hogehoge@apache-test.com

¢£ CSR¤ò½ð̾¤·¤ÆCRT¤òºîÀ®
¼«Ê¬¼«¿È¤¬Ç§¾Ú¶É(CA)¤Ê¤Î¤Ç¼«Ê¬¼«¿È¤Ç¥µ¡¼¥Ð¤ÎCSR¤ò½ð̾¤·¤Þ¤¹¡£

# mkdir /usr/local/ssl/CA/newcerts # openssl ca -config ./openssl.cnf -policy policy_anything -in /usr/local/ssl/bin/server.csr -out server.crt Using configuration from ./openssl.cnf Enter pass phrase for /usr/local/ssl/CA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details:         Serial Number: 286 (0x11e)         Validity             Not Before: Sep 16 09:08:03 2003 GMT             Not After : Sep 15 09:08:03 2004 GMT         Subject:             countryName               = JP             stateOrProvinceName       = TOKYO             localityName              = Shibuya             organizationName          = Internet Widgits Pty Ltd             commonName                = www.apache-test.com             emailAddress              = hogehoge@apache-test.com         X509v3 extensions:             X509v3 Basic Constraints:             CA:FALSE             Netscape Comment:             OpenSSL Generated Certificate             X509v3 Subject Key Identifier:             89:9D:C3:1F:25:8E:0C:BE:24:78:C7:4F:96:F3:95:27:38:D7:8F:FD             X509v3 Authority Key Identifier:             keyid:31:D6:FD:C5:60:D8:CC:55:8E:A8:C3:68:54:D1:38:A2:9E:0E:BF:D0             DirName:/C=JP/ST=Tokyo/L=Shibuya/O=Internet Widgits Pty Ltd/CN=www.apache-test.com/emailAddress=hogehoge@apache-test.com             serial:00 Certificate is to be certified until Sep 15 09:08:03 2004 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated #

¢£ SSL´Ø·¸¤Î¥Õ¥¡¥¤¥ë¤òŬÀڤʥǥ£¥ì¥¯¥È¥ê(Ǥ°Õ)¤Ø°ÜÆ°

# cp /usr/local/ssl/bin/server.* /usr/local/apache2/conf # cp /usr/local/ssl/CA/server.crt /usr/local/apache2/conf

¢£ apache¤ÎÀßÄê
¥Ç¥Õ¥©¥ë¥È¤Îhttpd.conf¤Ç°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤¿¤áSSL¤ÎÀßÄê¤Ïssl.conf¥Õ¥¡¥¤¥ë¤ÇÀßÄꤹ¤ì¤Ð¤è¤¤¡£(ÅöÁ³¡¢ServerNameÅù¤ÎÊѹ¹¤ÏɬÍ×)

# cat /usr/local/apache2/conf/httpd.conf ... <IfModule mod_ssl.c>     Include conf/ssl.conf </IfModule> ...

# cat /usr/local/apache2/conf/ssl.conf ... ... °Ê²¼¤ÎÂÀ»ú¤Î¤¢¤¿¤ê¤ò½¤Àµ #<VirtualHost _default_:443> <VirtualHost 192.168.1.3:443> #  General setup for the virtual host DocumentRoot "/usr/local/apache2/htdocs" ServerName www.apache-test.com ServerAdmin hogehoge@apache-test.com ErrorLog logs/error_log TransferLog logs/access_log ... SSLCertificateFile /usr/local/apache2/conf/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/server.key ...

¢£ apache¤Îµ¯Æ°

# /usr/local/apache2/bin/apachectl startssl ... ...¢¨¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤ¬É¬Í× Àµ¤·¤¯µ¯Æ°¤·¤Æ¤¤¤ë¤«³Îǧ¤¹¤ë # tail -f /usr/local/apache2/logs/error_log # ps -ef | grep httpd

¢£ ¼«Æ°µ¯Æ°¤Î¤¿¤á¥Ñ¥¹¥Õ¥ì¡¼¥º¤òʹ¤«¤ì¤Ê¤¤¤è¤¦¤Ë¤·¤Þ¤¹

¥µ¡¼¥Ð¤ÎÈëÌ©¸°/usr/local/apache2/conf/server.key¤Î°Å¹æ²½¤ò²ò½ü¤·¤Æ¤¢¤é¤¿¤á¤Æserver.key¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤¹¤ë¡£

# PATH=$PATH:/usr/local/ssl/bin # export PATH # cd /usr/local/apache2/conf # openssl rsa -in server.key -out server.key Enter pass phrase for server.key: <-- ¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎÏ writing RSA key # ¤Á¤Ê¤ß¤ËÃæ¿È¤Ï¤³¤ó¤Ê´¶¤¸¤Ë¤Ê¤ê¤Þ¤¹¡£¡Ê¤Æ¤¤¤¦¤«¸ø³«¤·¤Á¤ã¤Þ¤º¤¤¤«¤Ê¡©¡Ë # cat server.key -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDDO/bOH0Fv9LRTdvdDaFSgCcNn8sFswOlQytN6gatt/s5GGxc/ z486hw5A9ZspeW84Zr3luy6e4LGz5FTeU+G2bZv64EZyLjOhckIGVxsJfpCsEh4W jNYHh+qERQsAz0prZ3pIgXViVsZ0cHVxoZNKOdLF5F8aZhZjIFuK76/Q+wIDAQAB AoGAe+Y3J/Jv/dPnCL0MCIxSgEoR54sIs7LtnqdJdIqMN78oOxeANq/LbtI8+n6j 3LtDGSEizINw/8ULIWX7cij7qUOBkRRo4n6RM6tSfE1VhrRL7Nx3hVzBXnEYJqyi q+u9+r3wUll4b/WaAKrwXqBmNcgRQE6vsFs+LqdUSEGuXokCQQD9dTrzsm4LwPMG 4YjmrUu9Ih6+qeY8cKhiB6J5Pp0eeGLs6xiivpmM8gaI4RkW71DQrWaBAMIlTgDU jWjRO+blAkEAxTE9nO4vFrlnIhLuUF4OvxuC9uPThFKdmgsKMZ8SUqcqXQ6iY2ov yGIxlyMhVL8t1Sm6aUvGOM1lGYe1Ufx6XwJACM5a5v6rDiN9Dh8l54Xb3M1jrhIv Gqh7YTSMs5O2V8ms/jhI2davdRMvoO/ZNE/KSgXMSu0g0bT9GGV1X9ep9QJAECO7 m0CTchSysENEZieMpW+nBHYZNdddNuJ4bx9J7KHqAbvU5rYmOwxuaqRhcgJDyhKk Q0IEc1m8UJ6e5Jr5mQJBALPsZxEJ7c2hSxT2oKAmZlfqOu+7Ly54lazEtPUX/chp VXQQWJTE7DjtAe24dejVC4a6oiDPpy9UsSlnfknj/WQ= -----END RSA PRIVATE KEY-----

¡¡¤µ¤é¤Ë apachectl¥³¥Þ¥ó¥É¤Ëstart¤Î°ú¿ô¤À¤±¤ÇSSL¤¬Í­¸ú¤Ë¤Ê¤ë¤è¤¦¤Ëssl.confÆâ¤Î<IfDefine SSL>¤ò³°¤¹¤«¡¢SSLÀßÄêÁ´Éô(ssl.conf¤ÎÍ­¸ú¤Ê¥¨¥ó¥È¥ê)¤òhttpd.conf¤Ë°Ü¿¢¤¹¤ë¡£°Ê²¼¤ÎÎã¤Ï¡¢httpd.conf¤ËÅý¹ç¤·¤¿·Á¼°¡£

# vi /usr/local/apache2/conf/httpd.conf ... ...°Ê²¼¥³¥á¥ó¥È¥¢¥¦¥È #<IfModule mod_ssl.c> #    Include conf/ssl.conf #</IfModule> °Ê²¼¤òÄɲà Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl       .crl SSLSessionCache        dbm:logs/ssl_scache SSLSessionCacheTimeout    300 SSLMutex  file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin <VirtualHost 192.168.1.3:443> DocumentRoot "/usr/local/apache2/htdocs" ServerName www.apache-test.com ServerAdmin hogehoge@apache-test.com ErrorLog logs/error_log TransferLog logs/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL SSLCertificateFile /usr/local/apache2/conf/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$">     SSLOptions +StdEnvVars </Files> <Directory "/usr/local/apache2/cgi-bin">     SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \      nokeepalive ssl-unclean-shutdown \      downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \       "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine> ... ...

¡¡¤³¤ì¤Ç°Ê²¼¤Î¤è¤¦¤Ê´Êñ¤Êµ¯Æ°¥¹¥¯¥ê¥×¥È¤Ç¼«Æ°¼Â¹Ô¤¬²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£

¥Ç¥Õ¥©¥ë¥È¤Îµ¯Æ°¥¹¥¯¥ê¥×¥È¤òÇ°¤Î¤¿¤á¥³¥Ô¡¼¤·¤Æ¤ª¤¯¡£ # cp /etc/init.d/apache /etc/init.d/apache.org °Ê²¼¤Î¤è¤¦¤ËÊÔ½¸¤¹¤ì¤Ð/etc/rcS.d¡¢/etc/rc2.d¡¢/etc/rc3.d ...¤Ê¤É¤Îµ¯Æ°¥¹¥¯¥ê¥×¥È¤Ï¥Ï¡¼¥É¥ê¥ó¥¯¤µ¤ì¤¿¤Þ¤Þ¤Ê¤Î¤ÇÊÔ½¸¤ÎɬÍפϤʤ¤¡£ ¸µ¤ËÌ᤹¤È¤­¤âapache.org¤òapache¤Ë¾å½ñ¤­¥³¥Ô¡¼¤¹¤ì¤Ð¤è¤¤¡£ # cat /etc/init.d/apache #!/sbin/sh APACHE_HOME=/usr/local/apache2 CONF_FILE=/usr/local/apache2/conf/httpd.conf PIDFILE=/usr/local/apache2/logs/httpd.pid if [ ! -f ${CONF_FILE} ]; then     exit 0 fi case "$1" in start)     /bin/rm -f ${PIDFILE}     cmdtext="starting"     ;; restart)     cmdtext="restarting"     ;; stop)     cmdtext="stopping"     ;; *)     echo "Usage: $0 {start|stop|restart}"     exit 1     ;; esac echo "httpd $cmdtext." status=`${APACHE_HOME}/bin/apachectl $1 2>&1` if [ $? != 0 ]; then     echo "$status"     exit 1 fi exit 0

¡Ú¥¢¥ó¥±¡¼¥È¡Û
¤³¤Îµ­»ö¤Ï¤¿¤á¤Ë¤Ê¤ê¤Þ¤·¤¿¤«¡©
¡¡¡¡¡¡¤Ï¤¤¡¡¡¡/¡¡¡¡¤¤¤¤¤¨