{{category コンピュータ関連Tips}}
{{category ネットワーク}}

!!必要なもの
*Apache(apache_1.3.29)
*OpenSSL(openssl-0.9.7c)
*mod_ssl(mod_ssl-2.8.16-1.3.29)

!!インストール
!opensslのコンパイル
 tar xvfz openssl-0.9.7c.tar.gz
 cd openssl-0.9.7c
 ./config --prefix=/usr/local --openssldir=/usr/local/openssl -fPIC
 make
!mod_ssl付きのapacheのコンパイル
 tar zxvf apache_1.3.29
 tar xvfz mod_ssl-2.8.3-1.3.29.tar.gz
 cd mod_ssl-2.8.3-1.3.29
 ./configure --with-apache=../apache_1.3.29 --with-ssl=../openssl-0.9.7c?
  --prefix=/usr/local/apache --enable-shared=ssl --enable-module=so?
  --enable-rule=SHARED_CORE --enable-module=rewrite --enable-shared=rewrite
 make
 make certificate
 make install

!!設定
httpd.conf
*Portは通常のHTTPを8080から80に、またHTTPSを8443から443に変更
*<VertualHost>のところのサーバ名に注意

!!起動
startのかわりにstartssl

!!設定方法 (自分がCAになる)
!CA 自身の秘密鍵 ca.key の作成。
 $ openssl genrsa -des3 -out ca.key 1024
!CA 自身の証明書 ca.crt を作成。
 $ openssl req -new -x509 -key ca.key -out ca.crt

 Using configuration from /usr/local/ssl/openssl.cnf
 Enter PEM pass phrase:       <--- パスフレーズ入力
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:JP
 State or Province Name (full name) [Some-State]:Kanagawa
 Locality Name (eg, city) []:Yokohama
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:T.I.Tech
 Organizational Unit Name (eg, section) []:Sugino Laboratory
 Common Name (eg, YOUR name) []:foo baar
 Email Address []:foo@bar
!サーバ用秘密鍵 server.key の作成。
 $ openssl genrsa -des3 -out server.key 1024
!サーバ証明書発行のための CSR (Certificate Signing Request) の作成。
 $ openssl req -new -key server.key -out server.csr

 Using configuration from /usr/local/ssl/openssl.cnf
 Enter PEM pass phrase:       <--- パスフレーズ入力
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:JP
 State or Province Name (full name) [Some-State]:Kanagawa
 Locality Name (eg, city) []:Yokohama
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:T.I.Tech
 Organizational Unit Name (eg, section) []:Sugino Laboratory
 Common Name (eg, YOUR name) []:www.sgn.ip.titech.ac.jp
 Email Address []:foo@bar
 
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:         <--- Enter
 An optional company name []:     <--- Enter
!サーバ用証明書の発行。
この時、ca.key は ca.crt 等はこのファイル名通りでないとダメ
 $ $SRC/mod_ssl-2.8.16-1.3.29/pkg.contrib/sign.sh server.csr

 ...
 Certificate is to be certified until Sep 13 04:30:55 2001 GMT (365 days)
 Sign the certificate? [y/n]:y

 1 out of 1 certificate requests certified, commit? [y/n]y
 
 ...

!コピー
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key