{"id":10020,"date":"2024-11-15T11:13:53","date_gmt":"2024-11-15T02:13:53","guid":{"rendered":"https:\/\/www.k-in.co.jp\/niwakan\/?p=10020"},"modified":"2024-11-15T11:28:35","modified_gmt":"2024-11-15T02:28:35","slug":"ssl%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%81%ae%e6%9b%b4%e6%96%b0","status":"publish","type":"post","link":"https:\/\/www.k-in.co.jp\/niwakan\/archives\/2024\/11\/10020\/","title":{"rendered":"SSL\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u66f4\u65b0"},"content":{"rendered":"

\u671f\u9650\u304c\u6765\u305f\u306e\u3067FUJISSL<\/a>\u3063\u3066\u3068\u3053\u308d\u3067\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002
\n\u3067\u3001\u65e9\u901f\u5d4c\u308b\u308f\u3051\u3067\u3059\u3002
\n<\/p>\n

\u4eca\u56de\u306f5\u5e74\uff08\u6700\u9577\uff09\u306e\u671f\u9593\u306b\u3057\u307e\u3059\u3002
\n\u66f4\u65b0\u81ea\u4f53\u306f\u9806\u8abf\uff1f\u306b\u51fa\u6765\u3066\u3044\u307e\u3057\u305f\u3002\uff08\u3061\u3087\u3063\u3068\u6238\u60d1\u3063\u305f\uff09<\/p>\n

\u305d\u306e\u5f8c\u3001\u8a3c\u660e\u66f8\u306e\u8a2d\u7f6e\u306b\u5931\u6557\u3057\uff08\u3069\u308c\u3092\u4f7f\u3063\u3066\u826f\u3044\u306e\u304b\u5224\u3089\u306a\u304f\u306a\u3063\u3066\u3044\u305f\uff09\u53e4\u3044\u65b9\u3068\u7a81\u304d\u5408\u308f\u305b\u3001Apache\u3092\u518d\u8d77\u52d5\u3057\u3066\u306f\u7acb\u3061\u4e0a\u304c\u3089\u306a\u304f\u3066\u3001\u8a3c\u660e\u66f8\u30d5\u30a1\u30a4\u30eb\u3092\u5165\u308c\u76f4\u3057\u3092\u7e70\u308a\u8fd4\u3057\u3001\u6f38\u304f\u4eca\u7acb\u3061\u4e0a\u304c\u3063\u305f\u3068\u3053\u308d\u3067\u3059\u3002
\n\u4e8c\u65e5\u639b\u304b\u3063\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u3002(^_^;;
\n\u6b21\u306e\u66f4\u65b0\u6642\u306b\u60a9\u307e\u306a\u3044\u3088\u3046\u306b\u3001\u305d\u306e\u7d4c\u904e\u3092\u66f8\u304d\u307e\u3059\u3002<\/p>\n

#   Server Certificate:\r\n#   Point SSLCertificateFile at a PEM encoded certificate.  If\r\n#   the certificate is encrypted, then you will be prompted for a\r\n#   pass phrase.  Note that a kill -HUP will prompt again.  Keep\r\n#   in mind that if you have both an RSA and a DSA certificate you\r\n#   can configure both in parallel (to also allow the use of DSA\r\n#   ciphers, etc.)\r\n#   Some ECC cipher suites (http:\/\/www.ietf.org\/rfc\/rfc4492.txt)\r\n#   require an ECC certificate which can also be configured in\r\n#   parallel.\r\n# \u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8:\r\n# SSLCertificateFile \u3092 PEM \u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u8a3c\u660e\u66f8\u306b\u6307\u5b9a\u3057\u307e\u3059\u3002\r\n# \u8a3c\u660e\u66f8\u304c\u6697\u53f7\u5316\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u306e\u5165\u529b\u3092\u6c42\u3081\u3089\u308c\u307e\u3059\u3002\r\n# kill -HUP \u3092\u5b9f\u884c\u3059\u308b\u3068\u3001\u518d\u5ea6\u30d7\u30ed\u30f3\u30d7\u30c8\u304c\u8868\u793a\u3055\u308c\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\r\n# \u304f\u3060\u3055\u3044\u3002RSA \u8a3c\u660e\u66f8\u3068 DSA \u8a3c\u660e\u66f8\u306e\u4e21\u65b9\u304c\u3042\u308b\u5834\u5408\u306f\u3001\u4e21\u65b9\u3092\u4e26\u884c\u3057\r\n# \u3066\u69cb\u6210\u3067\u304d\u307e\u3059 (DSA \u6697\u53f7\u306e\u4f7f\u7528\u3082\u8a31\u53ef\u3059\u308b\u305f\u3081\u306a\u3069)\u3002\r\n# \u4e00\u90e8\u306e ECC \u6697\u53f7\u30b9\u30a4\u30fc\u30c8 (http:\/\/www.ietf.org\/rfc\/rfc4492.txt) \u3067\u306f\u3001\r\n# ECC \u8a3c\u660e\u66f8\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001\u3053\u308c\u3082\u4e26\u884c\u3057\u3066\u69cb\u6210\u3067\u304d\u307e\u3059\u3002\r\nSSLCertificateFile \"\/opt\/local\/etc\/apache2\/conf\/server.crt\"\r\n\r\n#   Server Private Key:\r\n#   If the key is not combined with the certificate, use this\r\n#   directive to point at the key file.  Keep in mind that if\r\n#   you've both a RSA and a DSA private key you can configure\r\n#   both in parallel (to also allow the use of DSA ciphers, etc.)\r\n#   ECC keys, when in use, can also be configured in parallel\r\n# \u30b5\u30fc\u30d0\u30fc\u79d8\u5bc6\u9375:\r\n# \u30ad\u30fc\u304c\u8a3c\u660e\u66f8\u3068\u7d50\u5408\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306f\u3001\u3053\u306e\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u3092\r\n# \u4f7f\u7528\u3057\u3066\u30ad\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002RSA \u3068 DSA \u306e\u79d8\u5bc6\u9375\u306e\u4e21\u65b9\r\n# \u304c\u3042\u308b\u5834\u5408\u306f\u3001\u4e21\u65b9\u3092\u4e26\u884c\u3057\u3066\u69cb\u6210\u3067\u304d\u307e\u3059 (DSA \u6697\u53f7\u306e\u4f7f\u7528\u3082\r\n# \u8a31\u53ef\u3059\u308b\u305f\u3081\u306a\u3069)\u3002ECC \u30ad\u30fc\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001\u4e26\u884c\u3057\u3066\u69cb\u6210\u3059\r\n# \u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002\r\nSSLCertificateKeyFile \"\/opt\/local\/etc\/apache2\/conf\/none-pass-server.key\"\r\n\r\n#   Server Certificate Chain:\r\n#   Point SSLCertificateChainFile at a file containing the\r\n#   concatenation of PEM encoded CA certificates which form the\r\n#   certificate chain for the server certificate. Alternatively\r\n#   the referenced file can be the same as SSLCertificateFile\r\n#   when the CA certificates are directly appended to the server\r\n#   certificate for convenience.\r\n# \u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u30c1\u30a7\u30fc\u30f3:\r\n# SSLCertificateChainFile \u3092\u3001\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u8a3c\u660e\u66f8\u30c1\u30a7\u30fc\u30f3\u3092\u5f62\u6210\r\n# \u3059\u308b PEM \u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f CA \u8a3c\u660e\u66f8\u306e\u9023\u7d50\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u306b\u30dd\u30a4\u30f3\u30c8\r\n# \u3057\u307e\u3059\u3002\u307e\u305f\u306f\u3001\u4fbf\u5b9c\u4e0a\u3001CA \u8a3c\u660e\u66f8\u304c\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306b\u76f4\u63a5\u8ffd\u52a0\u3055\u308c\u3066\r\n# \u3044\u308b\u5834\u5408\u306f\u3001\u53c2\u7167\u3055\u308c\u308b\u30d5\u30a1\u30a4\u30eb\u306f SSLCertificateFile \u3068\u540c\u3058\u306b\u3059\u308b\u3053\r\n# \u3068\u304c\u3067\u304d\u307e\u3059\u3002\r\nSSSLCertificateChainFile \"\/opt\/local\/etc\/apache2\/conf\/server.ca\"<\/pre>\n
\u3082\u3046\u306d\u3001\u5224\u3089\u306a\u3044\u3082\u306e\u3060\u304b\u3089\u3001Google\u3055\u3093\u306b\u7ffb\u8a33\u3057\u3066\u8cb0\u3044\u3001\u305d\u308c\u3067\u3082apache\u306f\u7acb\u3061\u4e0a\u304c\u3063\u3066\u304f\u308c\u306a\u304f\u3066\u3001\u6ce3\u304d\u305d\u3046\u3067\u3059\u3002<\/p>\n
sudo openssl genrsa -des3 2048 >servername.key
\nsudo openssl req -new -key servername.key -out server.csr -sha256<\/code><\/p>\n
\u3067\u9375\u30da\u30a2\u3068\u8a3c\u660e\u66f8\u3092\u4f5c\u308a\u3001\u8a3c\u660e\u66f8\u3092\u9001\u3063\u305f\u3089\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u304c\u5c4a\u304d\u307e\u3057\u305f\u3002
\n\u3053\u306e\u6642\u70b9\u3067mail server\u306f\u52d5\u3044\u3066\u3044\u306a\u3044\u306e\u3067\uff08\u672a\u3060\u5d4c\u3063\u305f\u307e\u307e\u306a\u306e\u3067\u3059\uff09\u3001DNS\u8a8d\u8a3c\u3068\u3001HTTPS\u8a8d\u8a3c\u3067\u78ba\u8a8d\u3057\u3066\u8cb0\u3044\u307e\u3057\u305f\u3002<\/p>\n
\u6b21\u306bSecigo<\/a>\u304b\u3089\u30b5\u30a4\u30c8\u8a3c\u660e\u66f8\u6dfb\u4ed8\u306e\u30e1\u30fc\u30eb\u304c\u5c4a\u3044\u305f\u306e\u3067\u3001\u305d\u308c\u3092\u4f7f\u3063\u305f\u306e\u304c\u5931\u6557\u3067\u3057\u305f\u3002
\n\u305d\u306e\u307e\u307e\u7f6e\u304d\u63db\u3048\u305f\u306e\u3067\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u304c\u7121\u304b\u3063\u305f\u306e\u3067\u3059\u3002<\/p>\n
\u305d\u3057\u3066Sectigo\u306e\u30b5\u30dd\u30fc\u30c8\u30da\u30fc\u30b8\u306b\u884c\u3063\u305f\u3089\u8a3c\u660e\u66f8\u304c4\u3064\u5728\u308a\u307e\u3057\u305f\u3002
\n\u4f55\u3082\u8003\u3048\u305a\u306b\u9806\u756a\u306b\u7f6e\u304d\u63db\u3048\u308b\u3068\u3044\u3046\u7d06\u4f59\u66f2\u6298\u306e\u5143\u3001\u8272\u3005\u3068web\u3092\u5f77\u5fa8\u3063\u3066\u3044\u308b\u3068\u3001\u7e8f\u3081\u3066\u304f\u3063\u4ed8\u3051\u3061\u3083\u3046\u3089\u3057\u3044\u3002
\n\u305d\u3046\u3060\u3063\u305f\u306e\u304b\u301c\u3002(^_^;;<\/p>\n
\u305d\u306e\u5f8c\u3001FUJISSL\u304b\u3089\u30e1\u30fc\u30eb\u304c\u5c4a\u3044\u3066\u3044\u308b\u306e\u306b\u6c17\u4ed8\u304d\u3001\u305d\u3061\u3089\u3092\u898b\u305f\u30893\u3064\u306e\u4e2d\u9593\u8a3c\u660e\u66f8\u304c\u304f\u3063\u4ed8\u3044\u3066\u3044\u308b\u306e\u3092\u767a\u898b\u3002
\n\u6700\u521d\u304b\u3089\u3053\u308c\u4f7f\u3063\u3066\u3044\u308c\u3070\u60a9\u3080\u3053\u3068\u3082\u7121\u304b\u3063\u305f\u2026\u2026\u2026\u3002<\/p>\n
\u3068\u4eca\u306b\u81f3\u3063\u3066\u3044\u308b\u8a33\u3067\u3059\u3002
\n\u3061\u3083\u3093\u3068\u30e1\u30fc\u30eb\u306f\u6700\u5f8c\u307e\u3067\u898b\u307e\u3057\u3087\u3046\u306d\u3002\uff08\u5f8c\u308d\u306e\u65b9\u306b\u3042\u3063\u305f\u306e\u3067\u8aad\u307f\u98db\u3070\u3057\u3066\u3044\u307e\u3057\u305f\u2026\u2026\u99ac\u9e7f\u3060\u306d\u301c(^_^;;\uff09<\/p>\n
\u3067\u3001
\nSSLCertificateFile<\/strong>\u306f\u5c4a\u3044\u305f\u30b5\u30a4\u30c8\u8a3c\u660e\u66f8\u30d5\u30a1\u30a4\u30eb\u3002
\nSSLCertificateKeyFile<\/strong>\u306f\u8a3c\u660e\u66f8\u3092\u4f5c\u308b\u306b\u4f7f\u3063\u305f\u3001\u9375\u30da\u30a2\uff08\u4f55\u6545\u30da\u30a2\u306a\u306e\u304b\u306f\u77e5\u3089\u306a\u3044\uff09\u30d5\u30a1\u30a4\u30eb\u3002
\nSSSLCertificateChainFile<\/strong>\u306fFUJISSL<\/strong>\u304b\u3089\u5c4a\u3044\u305f\u4e2d\u9593\u8a3c\u660e\u66f8\u30d5\u30a1\u30a4\u30eb\u3002
\n\u3068\u306a\u308b\u69d8\u3067\u3059\u3002
\n\u4eca\u56de\u3082
\nopenssl rsa -in server.key -out non-pass-server.key<\/code>
\n\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u89e3\u9664\u3057\u3066\u307e\u3059\u3002
\nshell\u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u5165\u529b\u3055\u305b\u3066\u3082\u826f\u3044\u3051\u308c\u3069\u3001\u9762\u5012\u3060\u3057\u3002<\/p>\n
\u81ea\u5206\u3067\u4f5c\u3063\u305f\u8a3c\u660e\u66f8\u3092\u4f7f\u3046\u3082\u306e\u3060\u3068\u601d\u3063\u3066\u3044\u305f\u306e\u3067\u3001\u4e2d\u9593\u8a3c\u660e\u66f8\u304c\u5728\u3063\u3066\u3082Apache\u3055\u3093\u306f\u52d5\u304b\u306a\u304b\u3063\u305f\u6a21\u69d8\u3002
\n\u81ea\u5206\u3067\u4f5c\u3063\u305f\u8a3c\u660e\u66f8\u306f\u4f7f\u308f\u306a\u3044\u306e\u304b\uff1f\uff08\u4f55\u3093\u3068\u4e91\u3046\u304b\u52ff\u4f53\u7121\u3044\uff09<\/p>\n
\u6b21\u306b\u66f4\u65b0\u6642\u3001\u3053\u308c\u8aad\u3093\u3067\u304f\u308c\u308b\u304b\u306a\u3041\u3002\uff1e\u672a\u6765\u306e\u81ea\u5206
\n\u66f8\u3044\u305f\u3053\u3068\u5fd8\u308c\u3066\u3044\u305d\u3046\u3060\u306a\u3041\u3002
\n5\u5e74\u3082\u5148\u3060\u3057\u306a\u3041\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u671f\u9650\u304c\u6765\u305f\u306e\u3067FUJISSL\u3063\u3066\u3068\u3053\u308d\u3067\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002 \u3067\u3001\u65e9\u901f\u5d4c\u308b\u308f\u3051\u3067\u3059\u3002<\/p>\n","protected":false},"author":1,"featured_media":7183,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[115],"tags":[159,148,46],"class_list":["post-10020","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software","tag-apache","tag-server","tag-software"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.k-in.co.jp\/niwakan\/wp-content\/uploads\/2020\/02\/Apache_HTTP_server_logo_2016.png?fit=1200%2C458&ssl=1","_links":{"self":[{"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/posts\/10020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/comments?post=10020"}],"version-history":[{"count":0,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/posts\/10020\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/media\/7183"}],"wp:attachment":[{"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/media?parent=10020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/categories?post=10020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.k-in.co.jp\/niwakan\/wp-json\/wp\/v2\/tags?post=10020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}