2008年9月アーカイブ
あらかじめ用意されているテスト用の仮の鍵と証明書をバックアップする。
# cd /etc/pki/tls # mv private/localhost.key private/localhost.key.bk # mv certs/localhost.crt certs/localhost.crt.bk
サーバ鍵を作成する。
# openssl genrsa 1024 > private/test.key
これでパスフレーズなしのサーバ鍵が作成される。
テスト用に自己証明書を作成。
# openssl req -new -x509 -days 365 -key /etc/pki/tls/private/test.key -out /etc/pki/tls/certs/test.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:JP State or Province Name (full name) [Berkshire]:Tokyo Locality Name (eg, city) [Newbury]:Chiyoda-ku Organization Name (eg, company) [My Company Ltd]:Pistolfly Co., Ltd. Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:test.pistolfly.jp Email Address []:webmaster@pistolfly.jp # apachectl restart
あとは、/etc/httpd/conf.d/ssl.confにバーチャルホストを設定して、
・サーバ鍵と証明書のパス
・その他バーチャルホストの設定
を行う。
SSLのテスト用に、MacPortsでインストールしたApacheにSSLの設定をした。
conf/httpd.conf
# Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf
秘密鍵と証明書ファイルのパスの設定を確認。(デフォルトのまま使用することにする。)
conf/extra/httpd-ssl.conf
# Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) SSLCertificateFile "/opt/local/apache2/conf/server.crt" #SSLCertificateFile "/opt/local/apache2/conf/server-dsa.crt" # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile "/opt/local/apache2/conf/server.key" #SSLCertificateKeyFile "/opt/local/apache2/conf/server-dsa.key"
秘密鍵の作成。
$ cd /opt/local/apache2/conf/ $ sudo openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus ...................................++++++ .................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
自己証明書を作成。
$ sudo openssl req -new -x509 -days 365 -key server.key -out server.crt Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Tokyo Locality Name (eg, city) []:Chiyoda-ku Organization Name (eg, company) [Internet Widgits Pty Ltd]:Pistolfly inc. Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:secure.pistolfly.jp Email Address []:webmaster@pistolfly.jp
Apacheを起動。
$ sudo apachectl start Apache/2.2.9 mod_ssl/2.2.9 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server www.example.com:443 (RSA) Enter pass phrase: (パスフレーズを入力) OK: Pass Phrase Dialog successful.
Apache起動時にパスフレーズを聞かれるので、暗号化された秘密鍵を暗号化されていない鍵に変更する。
$ sudo openssl rsa -in server.key -out server.key Enter pass phrase for server.key: (秘密鍵のパスフレーズを入力) writing RSA key
$ sudo apachectl stop $ sudo apachectl start
起動時にパスフレーズを聞かれなくなった。
$ sudo port install php5-xdebug
Password:
---> Fetching php5-xdebug
---> Attempting to fetch xdebug-2.0.3.tgz from http://www.xdebug.org/files/
---> Verifying checksum(s) for php5-xdebug
---> Extracting php5-xdebug
---> Configuring php5-xdebug
---> Building php5-xdebug with target all
---> Staging php5-xdebug into destroot
---> Installing php5-xdebug 2.0.3_0
***************************************************************************
* To enable the xdebug extension in php, add or edit the following
* lines in /opt/local/etc/php.ini:
*
* zend_extension="/opt/local/lib/php/extensions/no-debug-non-zts-20060613/xdebug.so"
*
* Once the extension is installed, you can get a list of the available
* configuration settings with the following command:
*
* % php --ri xdebug
*
* For more information and details about configuration settings, see
* http://www.xdebug.org/docs/
***************************************************************************
---> Activating php5-xdebug 2.0.3_0
---> Cleaning php5-xdebug
php.iniに以下を追加。
zend_extension="/opt/local/lib/php/extensions/no-debug-non-zts-20060613/xdebug.so"
$ sudo port install postgresql82 ---> Fetching postgresql82 ---> Attempting to fetch postgresql-8.2.9.tar.bz2 from http://ftp8.us.postgresql.org/postgresql/source/v8.2.9 ---> Attempting to fetch postgresql-8.2.9.tar.bz2 from http://ftp9.us.postgresql.org/pub/mirrors/postgresql/source/v8.2.9 ---> Verifying checksum(s) for postgresql82 ---> Extracting postgresql82 ---> Configuring postgresql82 ---> Building postgresql82 ---> Staging postgresql82 into destroot ---> Installing postgresql82 8.2.9_0 To use the postgresql server, install the postgresql82-server port ---> Activating postgresql82 8.2.9_0 ---> Cleaning postgresql82 $ sudo port install postgresql82-server Password: ---> Fetching postgresql82-server ---> Verifying checksum(s) for postgresql82-server ---> Extracting postgresql82-server ---> Configuring postgresql82-server ---> Building postgresql82-server with target all ---> Staging postgresql82-server into destroot ---> Creating launchd control script ########################################################### # A startup item has been generated that will aid in # starting postgresql82-server with launchd. It is disabled # by default. Execute the following command to start it, # and to cause it to launch at startup: # # sudo launchctl load -w /Library/LaunchDaemons/org.macports.postgresql82-server.plist ########################################################### ---> Installing postgresql82-server 8.2.9_0 To create a database instance, after install do sudo mkdir -p /opt/local/var/db/postgresql82/defaultdb sudo chown postgres:postgres /opt/local/var/db/postgresql82/defaultdb sudo su postgres -c '/opt/local/lib/postgresql82/bin/initdb -D /opt/local/var/db/postgresql82/defaultdb' To tweak your DBMS, consider increasing kern.sysv.shmmax by adding an increased kern.sysv.shmmax .. to /etc/sysctl.conf ---> Activating postgresql82-server 8.2.9_0 ---> Cleaning postgresql82-server
$ sudo mkdir -p /opt/local/var/db/postgresql82/defaultdb
$ sudo chown postgres:postgres /opt/local/var/db/postgresql82/defaultdb
$ sudo su postgres -c '/opt/local/lib/postgresql82/bin/initdb -D /opt/local/var/db/postgresql82/defaultdb'
Password:
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale ja_JP.UTF-8.
The default database encoding has accordingly been set to UTF8.
fixing permissions on existing directory /opt/local/var/db/postgresql82/defaultdb ... ok
creating subdirectories ... ok
selecting default max_connections ... 30
selecting default shared_buffers/max_fsm_pages ... 2400kB/20000
creating configuration files ... ok
creating template1 database in /opt/local/var/db/postgresql82/defaultdb/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating conversions ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
copying template1 to postgres ... ok
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.
Success. You can now start the database server using:
/opt/local/lib/postgresql82/bin/postgres -D /opt/local/var/db/postgresql82/defaultdb
or
/opt/local/lib/postgresql82/bin/pg_ctl -D /opt/local/var/db/postgresql82/defaultdb -l logfile start
最近のコメント