Solaris 10 で Apache2・SSL を動作させるときの設定メモ
OS標準のApache2のSSL設定についてメモ。SMF の設定も。
# openssl genrsa -out /etc/apache2/ssl.key/server.org 1024 Generating RSA private key, 1024 bit long modulus .................++++++ ......................++++++ unable to write 'random state' e is 65537 (0x10001) # cd /etc/sfw/openssl/ /etc/sfw/openssl # chmod -R go-rwx /etc/apache2/ssl.key/ # openssl rsa -in /etc/apache2/ssl.key/server.org -out /etc/apache2/ssl.key/server.key writing RSA key # openssl req -new -key /etc/apache2/ssl.key/server.key -out ./csr.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:JA State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Unconfigured OpenSSL Installation]:OFFICE Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:ホストのFQDN Email Address []:you@email.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl x509 -req -days 365 -in ./csr.pem -signkey /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.crt/server.crt # svcprop -p httpd/ssl svc:/network/http:apache2 false # svccfg -s apache2 editprop setprop httpd/ssl = boolean: (true) # svcadm refresh apache2 # svcprop -p httpd/ssl svc:/network/http:apache2 true # svcs -l apache2
補足)nsswitch.conf の hosts に dns がないとコアダンプする。