テスト用に決済APIのモックサーバーが必要だったので、ローカルでなんちゃってサーバーを立てる。
$ httpd -v Server version: Apache/2.2.15 (Unix) Server built: Oct 19 2017 16:43:38
mod_ssl をインストール
$ sudo yum -y install mod_ssl
OpenSSL ライブラリのインストール
$ sudo yum -y install openssl
秘密鍵の作成
$ cd /etc/httpd/conf $ sudo mkdir ssl $ sudo openssl genrsa 2024 > server.key
CSRの作成
$ sudo openssl req -new -key server.key > server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:CA Locality Name (eg, city) [Default City]:Los Angeles Organization Name (eg, company) [Default Company Ltd]:Test 123 Co. Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:test.example.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
サーバ証明書の作成
$ sudo openssl x509 -req -days 3650 -signkey server.key < server.csr > server.crt
設定
$ vi /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/httpd/conf/ssl/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl/server.key $ sudo service httpd restart
参考サイト
Apache httpd 2.2 に HTTPS (SSL/TLS) の設定をする (CentOS 6) | WEB ARCH LABO
https://weblabo.oscasierra.net/apache-httpd22-ssl-centos6/
OpenSSL で SSL 自己証明書を発行する手順 | WEB ARCH LABO
https://weblabo.oscasierra.net/openssl-gencert-1/