$ sudo service httpd restart httpd を停止中: [ OK ] httpd を起動中: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 12 of /etc/httpd/conf.d/ssl.conf: Cannot load /etc/httpd/modules/mod_ssl.so into server: /etc/httpd/modules/mod_ssl.so: cannot open shared object file: No such file or directory [失敗]mod_ssl無いと。
mod_sslのインストール
$ sudo yum install mod_ssl openssl $ sudo service httpd restart httpd を停止中: [失敗] httpd を起動中: Syntax error on line 123 of /etc/httpd/conf.d/ssl.conf: SSLCertificateChainFile: file '/etc/pki/tls/certs/server-chain.crt' does not exist or is emptyやっぱテスト環境とはいえ鍵作らないとダメか。
秘密鍵を作成
$ sudo mkdir /etc/httpd/conf/ssl.key $ cd /etc/httpd/conf/ssl.key/ $ openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .............................++++++ ....................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: [パスフレーズを入力] Verifying - Enter pass phrase for server.key: [確認用パスフレーズを入力] $ sudo chmod 400 server.key
署名要求を作成
$ sudo openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: [パスフレーズ入力] You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP State or Province Name (full name) []:Tokyo Locality Name (eg, city) [Default City]:Chiyoda Organization Name (eg, company) [Default Company Ltd]:Hogehoge Organizational Unit Name (eg, section) []:[Enter:省略] Common Name (eg, your name or your server's hostname) []:[ホスト名入力] Email Address []:[メールアドレス入力] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:[Enter:省略] An optional company name []:[Enter:省略] $ sudo chmod 400 server.csr
勘違いでNGな設定
/etc/httpd/conf.d/ssl.confSSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLCertificateFile /etc/httpd/conf/ssl.key/server.csr
$ sudo service httpd restart httpd を停止中: [ OK ] [失敗]ちきしょー動かねぇ
/var/log/httpd/error_log
[Mon Jan 25 17:21:30 2016] [error] Init: Unable to read server certificate from file /etc/httpd/conf/ssl.key/server.csr [Mon Jan 25 17:21:30 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Jan 25 17:21:30 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 errorCSRファイル壊れてる?
$ sudo openssl x509 -noout -text -in /etc/httpd/conf/ssl.key/server.csr unable to load certificate 140169678825288:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
ロードできないが、、
ああ、、署名要求と証明書を混同していた。。
サーバー証明書を作成
$ sudo openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 $ chmod 400 server.crt/etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/conf/ssl.key/server.crt
$ sudo service httpd restart httpd を停止中: [ OK ] httpd を起動中: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server 127.0.0.1:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. [ OK ]パスフレーズ聞かれたけど、無事起動。
でも、パスフレーズを聞かれると障害時の自動再起動がされないので困る。
パスフレーズの解除
openssl rsa -in server.key -out server.key Enter pass phrase for server.key: [元のパスフレーズを入力]
$ sudo service httpd restart httpd を停止中: [ OK ] httpd を起動中: httpd: apr_sockaddr_info_get() failed for sitetest [ OK ]うまくいった。やれやれ。
参考にしたサイト
・apache+mod_sslでSSLhttp://www.server-memo.net/server-setting/apache/apache-mod_ssl.html
・サーバ証明書導入失敗の顛末
https://pc.shigizemi.com/2015/07/31/error-crt/
・Apache 2.2(Wind32) with SSL テスト環境導入ノート
http://ptsv.org/repository/apache-22wind32-with-ssl-%E3%83%86%E3%82%B9%E3%83%88%E7%92%B0%E5%A2%83%E5%B0%8E%E5%85%A5%E3%83%8E%E3%83%BC%E3%83%88/
・Apacheでの、パスフレーズ入力なしでの起動方法。
https://jp.globalsign.com/support/faq/93.html
Experience essentially the most advanced technology, that includes every little thing 바카라 사이트 from video poker to the most recent video reel slots. Whether penny slots are your ardour, quarter slots are your calling or $100 games are your pleasure, our skilled attendants can be found assist you|that will help you|that can help you} find the game for you. Online slots are totally reliant on likelihood, however that doesn’t mean there aren’t issues you are able to to} do} to place yourself in a greater position to win.
返信削除