使用する証明書
証明書作成手順
- 鍵とCSR作成
# mkdir 20151116-SSL
# cd /root/20151116-SSL
# openssl md5 * > rand.dat
# openssl genrsa -rand rand.dat -des3 2048 > 20151116-www.mylines.org.key
# openssl req -new -key 20151116-www.mylines.org.key -out 20151116-www.mylines.org.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Hiroshima
Locality Name (eg, city) [Default City]:Hiroshima
Organization Name (eg, company) [Default Company Ltd]:XXXXXXX
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.mylines.org
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl rsa -in 20151116-www.mylines.org.key -out 20151116-www.mylines.org_nonepass.key
- さくらのSSLに申し込みする
作成した
CSRをさくらの
SSLの申し込み途中で貼り付ける
# cat /root/20151116-www.mylines.org.csr
MIICqDCCAZACAQAwYzELMAkGA1UEBhMCSlAxEjAQBgNVBAgMCUhpcm9zaGltYTES
MBAGA1UEBwwJSGlyb3NoaW1hMRIwEAYDVQQKDAl5YXN1bWlrYW4xGDAWBgNVBAMM
D3d3dy5teWxpbmVzLm9yZzCCASIwXXJKoZIhvcNAQEBBQADggEPADCCAQoCggEBX
ALTXHHzn7V/qRtktuQzDXv8RVRgnSTyBHJG/pWnOW67jGX1PCkq6ipHVRaNgMzjD
oEY1PdPqB30lMQkOw5rFZgbpbrk9NXeogLfMhwTW56/c8dJi7n9FhMbP30h3fhFi
lYU5ypPlRzOEtBH3teNNvTfg8qFA6hryKTivuTNJ5MjFXeN5blQ/EXmTNQ7qUX6w
Ahj9pGRvHiC70/VIIfku9+5Wglsw4OlmkuRuHQAcEr9ld0cbnM0Aqzc7Y4/mBQBZ
ZiGEE3e4Z4njq9EUiD/phiScI4AtznyRyaaO7CmuM6fEVtuhboPq8TQWugw0ksgI
iNsDR1RM6VDskZWz7l8zAesCAwXXAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBdrDXo
WRxYNndIr+n2CgwUauCR8/+kw/bDMBVFGyZjCI/0F0sxWfCFLHZp3NJwtNayBpAc
gcjDlW9EJuYDG9K7uP44VAct24WkgKQCIsQqPE96t58WQaMxs9SZYEz9FRe4qiHh
ZQeQ2fv2C9kmHonOXKESDFBFDb/6DjEp4adk+HHBWmFCT3V0wty3LbVfJDjcSfPH
xDb0hrFTUCs1UY2Ik+0qCklf22fu1wvNkAkgQ6mbACfykvTE9d48pkkgADEB189K
AMiI6x9OOLiJYmVBaZVXn2uQYCpS/zQbdwIF+prE2+VvahGsjXzmOaIGCPf6rxl0
jt7xJjFLQnKwNo+SXX
認証ファイルをアップロード
さくらの
SSLから認証ファイルをダウンロードしてサーバにアップロード
# mv nm3acaco.htm /var/www/html/wp-www/nw3acaco.htm
# yum install mod_ssl
# vi /etc/httpd/conf.d/ssl.conf //以下変更箇所
DocumentRoot "/var/www/html/wp-www"
ServerName www.mylines.org:443
SSLCertificateFile /etc/pki/tls/certs/20151116-www.mylines.org.crt
SSLCertificateKeyFile /etc/pki/tls/private/20151116-www.mylines.org_nonepass.key
SSLCACertificateFile /etc/pki/tls/certs/20151116-ica.crt
- 中間証明書ダウンロードと配置
# cp -a 20151116-ica.crt /etc/pki/tls/certs/20151116-ica.crt
# cat /etc/pki/tls/certs/20151116-ica.crt
MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
gP8L8mJMcCaY
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
サーバ証明書ダウンロードと配置
さくらから
サーバ証明書作成完了メールが来るのでそれに従ってダウンロード
# cp -a server.crt /etc/pki/tls/certs/20151116-www.mylines.org.crt 秘密鍵配置
# cp -a 20151116-www.mylines.org.key /etc/pki/tls/private/20151116-www.mylines.org_nonepass.key
# service httpd restart- https://www.mylines.org へアクセス
- 証明書を確認する
0 件のコメント:
コメントを投稿