Top > Install Log > ApacheでPrivateCA
AND OR

ApacheでPrivate CA

RedHat Linuxをインストール済みのサーバに、Private CAをたてて、証明書を発行。 VerisignとかのPublicなCAからの証明書とは手順が違うので注意。

鍵の作成

インストール時の鍵と証明書を削除

# cd /etc/httpd/conf 
# rm ssl.key/server.key
# rm ssl.crt/server.crt

一般的には次のようにして鍵を作成するが

# make genkey

今回は、起動時にpass phraseを入力しなくてもいいようにするため、次のようにする

# /usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
# chmod go-rwx /etc/httpd/conf/ssl.key/server.key

ssl.key/server.keyが作成される

自己署名証明書の作成

次を実行して、pass phraseを入力し、自己署名証明書を作成

# make testcert

途中の情報は、次のように入力

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Hyogo
Locality Name (eg, city) []:Kakogawa
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hyogo University
Organizational Unit Name (eg, section) []:ISC
Common Name (eg, your name or your server's hostname) []:hoge.hoge.hyogo-dai.ac.jp
Email Address []:isc@hyogo-dai.ac.jp

最後に、httpdを再起動

# /sbin/service httpd restart

Reload   Diff   Front page List of pages Search Recent changes Backup Referer   Help   RSS of recent changes
Last-modified: Tue, 11 Mar 2014 02:20:22 HADT (3728d)