とりあえずメモ.
- マニュアル
# zless /usr/share/doc/apache2-doc/README.Debian.gzSSL
===
Enabling SSL
------------
To enable SSL, type (as user root):
a2ensite default-ssl
a2enmod ssl
If you want to use self-signed certificates, you should install the ssl-cert
package (see below). Otherwise, just adjust the SSLCertificateFile and
SSLCertificateKeyFile directives in /etc/apache2/sites-available/default-ssl to
point to your SSL certificate. Then restart apache:
/etc/init.d/apache2 restart
Creating self-signed certificates
---------------------------------
If you install the ssl-cert package, a self-signed certificate will be
automatically created using the hostname currently configured on your computer.
You can recreate that certificate (e.g. after you have changed /etc/hosts or
DNS to give the correct hostname) as user root with:
make-ssl-cert generate-default-snakeoil --force-overwrite
To create more certificates with different host names, you can use
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt
This will ask you for the hostname and place both SSL key and certificate in
the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile
directive in the apache config (you don't need the SSLCertificateKeyFile in
this case).
- 証明書の作成
# cd /etc/apache2/ssl # make-ssl-cert /usr/share/ssl-cert/ssleay.cnf apache.pem
# emacs /etc/apache2/sites-available/default-ssl
(前略)
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
(後略)
いろんな情報に惑わされて設定にのべ4日くらいかかったぜ!
後でまとめ直す.
