◆sslでWebページを表示するようにする

[root@localhost ~]# yum -y install mod_ssl
Loaded plugins: downloadonly, fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
* fedora: ftp.dti.ad.jp
* updates: ftp.dti.ad.jp
fedora | 2.8 kB 00:00
updates | 3.4 kB 00:00
Setting up Install Process
Resolving Dependencies
There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them.
--> Running transaction check
---> Package mod_ssl.i386 1:2.2.11-2.fc10 set to be updated
--> Processing Dependency: libnal.so.1 for package: 1:mod_ssl-2.2.11-2.fc10.i386
--> Processing Dependency: libdistcache.so.1 for package: 1:mod_ssl-2.2.11-2.fc10.i386
--> Running transaction check
---> Package distcache.i386 0:1.4.5-17 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================
Package Arch Version Repository Size
=========================================================================================
Installing:
mod_ssl i386 1:2.2.11-2.fc10 updates 86 k
Installing for dependencies:
distcache i386 1.4.5-17 fedora 121 k

Transaction Summary
=========================================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 207 k
Downloading Packages:
(1/2): distcache-1.4.5-17.i386.rpm | 121 kB 00:00
(2/2): mod_ssl-2.2.11-2.fc10.i386.rpm | 86 kB 00:00
-----------------------------------------------------------------------------------------
Total 171 kB/s | 207 kB 00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : distcache-1.4.5-17.i386 1/2
Installing : 1:mod_ssl-2.2.11-2.fc10.i386 2/2

Installed:
mod_ssl.i386 1:2.2.11-2.fc10

Dependency Installed:
distcache.i386 0:1.4.5-17

Complete!
[root@localhost ~]# cd /etc/pki/tls/certs/
[root@localhost certs]# sed -i 's/365/3650/g' Makefile
[root@localhost certs]# make server.crt
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key
Generating RSA private key, 1024 bit long modulus
...................++++++
.................................................++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -x509 -days 3650 -out server.crt -set_serial 0
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:JP
State or Province Name (full name) [Berkshire]:xxxxx
Locality Name (eg, city) [Newbury]:xxxxx
Organization Name (eg, company) [My Company Ltd]:xxxxx
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:xxxxx
Email Address []:xxxxx@xxxxx.xxxxx
[root@localhost certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key

[root@localhost certs]# vi /etc/httpd/conf.d/ssl.conf
※変更箇所のみ
SSLCertificateFile /etc/pki/tls/certs/server.crt

SSLCertificateKeyFile /etc/pki/tls/certs/server.key

[root@localhost conf]# cd /etc/httpd/conf/
[root@localhost conf]# vi httpd.conf
以下をコメントアウトすることでhttpsのみ許可する
#Listen 80

[root@localhost certs]# /etc/rc.d/init.d/httpd restart
httpd を停止中: [ OK ]
httpd を起動中: [ OK ]



これでhttpsでアクセスできるようになりました。
ですが、今の自宅環境ではLAN内からしか
アクセスできないのが残念です。