lost and found ( for me ? )

Apache SSL

Apache SSL 使用方法

OS: Fedora 11

必要なパッケージ

httpd , mod_ssl , openssl

# yum install -y httpd.i586
# yum install -y mod_ssl.i586
# yum install -y openssl.i686

# httpd -v
Server version: Apache/2.2.11 (Unix)
Server built: Mar 17 2009 09:15:10



証明書、鍵を openssl で作成、、と思いきや、
テスト用の証明書、鍵がインストールされている。
opensslコマンドで証明書、鍵の作成をしなくてよさそう。
うーん楽ちんだ。

# egrep -v "^#" /etc/httpd/conf.d/ssl.conf | egrep -v "^$"
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt ←証明書 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ←秘密キー

SSLOptions +StdEnvVars


SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


# ls /etc/pki/tls/certs/*.crt
/etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/localhost.crt

# ls /etc/pki/tls/private/*.key
/etc/pki/tls/private/localhost.key

ためしに起動。

あれ、apachectl startssl がない。。

# apachectl startssl
Usage: /usr/sbin/httpd [-D name] [-d directory] [-f file]
[-C "directive"] [-c "directive"]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-S]


じゃあ、apachectl start で。

# apachectl start

Fedora 11 の httpd.conf は conf.d 下の設定ファイルを読み込んでくれる
みたい。( i.e. /etc/httpd/conf.d/ssl.conf を読み込んでくれる )

# egrep -i include /etc/httpd/conf/httpd.conf | grep "conf.d"
Include conf.d/*.conf

ポートをリッスンしているかチェック。
# lsof -i:443 | head -2
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 3140 root 6u IPv6 35807 0t0 TCP *:https (LISTEN)

# lsof -i:80 | head -2
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 3140 root 4u IPv6 35803 0t0 TCP *:http (LISTEN)

では、ブラウザでアクセス。
get things done!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.