Degian Apache SSL

Debian ApacheでSSL環境を作ったときのメモです。

apt-get install libapache-mod-ssl
#apt-get install apache2-doc

cd /etc/apache2/sites-available
cp /usr/share/doc/apache2.2-common/examples/apache2/extra/httpd-ssl.conf.gz ssl.gz
gzip -d ssl.gz
vi ssl

最低限書き換える必要があるのはこのくらい。
==================================================================================
--- ssl.conf 2006-04-18 15:28:22.000000000 +0900
+++ ssl 2006-04-18 14:37:45.000000000 +0900
@@ -80,14 +80,14 @@
## SSL Virtual Host Context
##

-
+

# General setup for the virtual host
DocumentRoot "/usr/share/apache2/default-site/htdocs"
-ServerName www.example.com:443
+DocumentRoot "/path/to/root"
+ServerName 192.168.145.128:443
ServerAdmin you@example.com
-ErrorLog /var/log/apache2/error_log
-TransferLog /var/log/apache2/access_log
+ErrorLog /var/log/apache2/error_log.ssl
+TransferLog /var/log/apache2/access_log.ssl

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
@@ -105,7 +105,7 @@
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
-SSLCertificateFile /etc/apache2/ssl.crt/server.crt
+SSLCertificateFile /etc/apache2/ssl/apache.pem
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt

# Server Private Key:
@@ -113,7 +113,7 @@
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
+SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key

# Server Certificate Chain:
==================================================================================

/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
/etc/apache2/ssl/apache.pem

a2enmod ssl
a2ensite ssl

/etc/init.d/apache2 restart

もどる