とりあえずメモ.
- マニュアル
# zless /usr/share/doc/apache2-doc/README.Debian.gzSSL === Enabling SSL ------------ To enable SSL, type (as user root): a2ensite default-ssl a2enmod ssl If you want to use self-signed certificates, you should install the ssl-cert package (see below). Otherwise, just adjust the SSLCertificateFile and SSLCertificateKeyFile directives in /etc/apache2/sites-available/default-ssl to point to your SSL certificate. Then restart apache: /etc/init.d/apache2 restart Creating self-signed certificates --------------------------------- If you install the ssl-cert package, a self-signed certificate will be automatically created using the hostname currently configured on your computer. You can recreate that certificate (e.g. after you have changed /etc/hosts or DNS to give the correct hostname) as user root with: make-ssl-cert generate-default-snakeoil --force-overwrite To create more certificates with different host names, you can use make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt This will ask you for the hostname and place both SSL key and certificate in the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile directive in the apache config (you don't need the SSLCertificateKeyFile in this case).
- 証明書の作成
# cd /etc/apache2/ssl # make-ssl-cert /usr/share/ssl-cert/ssleay.cnf apache.pem
# emacs /etc/apache2/sites-available/default-ssl
(前略)
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
(後略)
いろんな情報に惑わされて設定にのべ4日くらいかかったぜ!
後でまとめ直す.