...ing logging 4.0

はてなブログに移行しました。D言語の話とかいろいろ。

HTTPS接続のための証明書作成方法(Apache2 + SSL) - Debian [Lenny]

とりあえずメモ.

  • マニュアル
# zless /usr/share/doc/apache2-doc/README.Debian.gz
SSL
===

Enabling SSL
------------

To enable SSL, type (as user root):

        a2ensite default-ssl
        a2enmod ssl

If you want to use self-signed certificates, you should install the ssl-cert
package (see below). Otherwise, just adjust the SSLCertificateFile and
SSLCertificateKeyFile directives in /etc/apache2/sites-available/default-ssl to
point to your SSL certificate. Then restart apache:

        /etc/init.d/apache2 restart


Creating self-signed certificates
---------------------------------

If you install the ssl-cert package, a self-signed certificate will be
automatically created using the hostname currently configured on your computer.
You can recreate that certificate (e.g. after you have changed /etc/hosts or
DNS to give the correct hostname) as user root with:

        make-ssl-cert generate-default-snakeoil --force-overwrite

To create more certificates with different host names, you can use

        make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt

This will ask you for the hostname and place both SSL key and certificate in
the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile
directive in the apache config (you don't need the SSLCertificateKeyFile in
this case).
  • 証明書の作成
# cd /etc/apache2/ssl
# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf apache.pem
  • apache2のSSL接続の設定.make-ssl-certで作ったなら同じファイルを指定すればよい.

# emacs /etc/apache2/sites-available/default-ssl
(前略)
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
(後略)

いろんな情報に惑わされて設定にのべ4日くらいかかったぜ!
後でまとめ直す.