テスト用に決済APIのモックサーバーが必要だったので、ローカルでなんちゃってサーバーを立てる。
1 2 3 |
$ httpd -v Server version: Apache/2.2.15 (Unix) Server built: Oct 19 2017 16:43:38 |
mod_ssl をインストール
1 |
$ sudo yum -y install mod_ssl |
OpenSSL ライブラリのインストール
1 |
$ sudo yum -y install openssl |
秘密鍵の作成
1 2 3 |
$ cd /etc/httpd/conf $ sudo mkdir ssl $ sudo openssl genrsa 2024 > server.key |
CSRの作成
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
$ sudo openssl req -new -key server.key > server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:CA Locality Name (eg, city) [Default City]:Los Angeles Organization Name (eg, company) [Default Company Ltd]:Test 123 Co. Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:test.example.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
サーバ証明書の作成
1 |
$ sudo openssl x509 -req -days 3650 -signkey server.key < server.csr > server.crt |
設定
1 2 3 4 |
$ vi /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/httpd/conf/ssl/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl/server.key $ sudo service httpd restart |
参考サイト
Apache httpd 2.2 に HTTPS (SSL/TLS) の設定をする (CentOS 6) | WEB ARCH LABO
https://weblabo.oscasierra.net/apache-httpd22-ssl-centos6/
OpenSSL で SSL 自己証明書を発行する手順 | WEB ARCH LABO
https://weblabo.oscasierra.net/openssl-gencert-1/