質問編集履歴
4
編集事項を追記
test
CHANGED
File without changes
|
test
CHANGED
@@ -55,3 +55,43 @@
|
|
55
55
|
初めて作業するのでよくわかっていません
|
56
56
|
|
57
57
|
宜しくお願いいたします。
|
58
|
+
|
59
|
+
|
60
|
+
|
61
|
+
ssl.conf の編集部分
|
62
|
+
|
63
|
+
Virtual Hostの部分に
|
64
|
+
|
65
|
+
DocumentRoot "/var/www/html"
|
66
|
+
|
67
|
+
ServerName www.hogehoge.com
|
68
|
+
|
69
|
+
|
70
|
+
|
71
|
+
SSLCertificateFile パス/file名
|
72
|
+
|
73
|
+
SSLCertificateKeyFile パス/file名
|
74
|
+
|
75
|
+
SSLCertificateChainFile パス/file名
|
76
|
+
|
77
|
+
|
78
|
+
|
79
|
+
を追記しました。
|
80
|
+
|
81
|
+
これでサーバを再起動したら
|
82
|
+
|
83
|
+
http://hogehoge.com/
|
84
|
+
|
85
|
+
で表示されますが、
|
86
|
+
|
87
|
+
https://hogehoge.com/
|
88
|
+
|
89
|
+
が表示されません。
|
90
|
+
|
91
|
+
httpd.confは編集していません。
|
92
|
+
|
93
|
+
|
94
|
+
|
95
|
+
どこがおかしいのでしょうか?
|
96
|
+
|
97
|
+
宜しくお願いいたしあす
|
3
ssl\.conf 削除
test
CHANGED
File without changes
|
test
CHANGED
@@ -55,177 +55,3 @@
|
|
55
55
|
初めて作業するのでよくわかっていません
|
56
56
|
|
57
57
|
宜しくお願いいたします。
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
ssl.confの内容です(不要な行を削除しています)
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
``
|
68
|
-
|
69
|
-
LoadModule ssl_module modules/mod_ssl.so
|
70
|
-
|
71
|
-
Listen 443
|
72
|
-
|
73
|
-
## SSL Global Context
|
74
|
-
|
75
|
-
# Pass Phrase Dialog:
|
76
|
-
|
77
|
-
SSLPassPhraseDialog builtin
|
78
|
-
|
79
|
-
# Inter-Process Session Cache:
|
80
|
-
|
81
|
-
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
|
82
|
-
|
83
|
-
SSLSessionCacheTimeout 300
|
84
|
-
|
85
|
-
# Semaphore:
|
86
|
-
|
87
|
-
SSLMutex default
|
88
|
-
|
89
|
-
# Pseudo Random Number Generator (PRNG):
|
90
|
-
|
91
|
-
SSLRandomSeed startup file:/dev/urandom 256
|
92
|
-
|
93
|
-
SSLRandomSeed connect builtin
|
94
|
-
|
95
|
-
#SSLRandomSeed startup file:/dev/random 512
|
96
|
-
|
97
|
-
#SSLRandomSeed connect file:/dev/random 512
|
98
|
-
|
99
|
-
#SSLRandomSeed connect file:/dev/urandom 512
|
100
|
-
|
101
|
-
SSLEngine on
|
102
|
-
|
103
|
-
SSLCryptoDevice builtin
|
104
|
-
|
105
|
-
#SSLCryptoDevice ubsec
|
106
|
-
|
107
|
-
##
|
108
|
-
|
109
|
-
## SSL Virtual Host Context
|
110
|
-
|
111
|
-
<VirtualHost _default_:443>
|
112
|
-
|
113
|
-
# General setup for the virtual host, inherited from global configuration
|
114
|
-
|
115
|
-
#DocumentRoot "/var/www/html"
|
116
|
-
|
117
|
-
#ServerName www.example.com:443
|
118
|
-
|
119
|
-
DocumentRoot "/var/www/html"
|
120
|
-
|
121
|
-
ServerName hogehoge.com:443
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
# Use separate log files for the SSL virtual host; note that LogLevel
|
126
|
-
|
127
|
-
# is not inherited from httpd.conf.
|
128
|
-
|
129
|
-
ErrorLog logs/ssl_error_log
|
130
|
-
|
131
|
-
TransferLog logs/ssl_access_log
|
132
|
-
|
133
|
-
LogLevel warn
|
134
|
-
|
135
|
-
# SSL Engine Switch:
|
136
|
-
|
137
|
-
# Enable/Disable SSL for this virtual host.
|
138
|
-
|
139
|
-
SSLEngine on
|
140
|
-
|
141
|
-
# SSL Protocol support:
|
142
|
-
|
143
|
-
# List the enable protocol levels with which clients will be able to
|
144
|
-
|
145
|
-
# connect. Disable SSLv2 access by default:
|
146
|
-
|
147
|
-
SSLProtocol all -SSLv2 -SSLv3
|
148
|
-
|
149
|
-
# SSL Cipher Suite:
|
150
|
-
|
151
|
-
# List the ciphers that the client is permitted to negotiate.
|
152
|
-
|
153
|
-
# See the mod_ssl documentation for a complete list.
|
154
|
-
|
155
|
-
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW
|
156
|
-
|
157
|
-
# Server Certificate:
|
158
|
-
|
159
|
-
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
160
|
-
|
161
|
-
SSLCertificateFile /etc/httpd/conf/ssl.crt/hogehoge_com.crt
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
# Server Private Key:
|
166
|
-
|
167
|
-
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
168
|
-
|
169
|
-
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/hogehoge20160519.pem
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
# Server Certificate Chain:
|
174
|
-
|
175
|
-
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
|
176
|
-
|
177
|
-
# Certificate Authority (CA):
|
178
|
-
|
179
|
-
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
180
|
-
|
181
|
-
# Client Authentication (Type):
|
182
|
-
|
183
|
-
#SSLVerifyClient require
|
184
|
-
|
185
|
-
#SSLVerifyDepth 10
|
186
|
-
|
187
|
-
# Access Control:
|
188
|
-
|
189
|
-
#<Location />
|
190
|
-
|
191
|
-
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
|
192
|
-
|
193
|
-
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
|
194
|
-
|
195
|
-
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
|
196
|
-
|
197
|
-
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
|
198
|
-
|
199
|
-
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
|
200
|
-
|
201
|
-
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
|
202
|
-
|
203
|
-
#</Location>
|
204
|
-
|
205
|
-
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
|
206
|
-
|
207
|
-
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
|
208
|
-
|
209
|
-
SSLOptions +StdEnvVars
|
210
|
-
|
211
|
-
</Files>
|
212
|
-
|
213
|
-
<Directory "/var/www/cgi-bin">
|
214
|
-
|
215
|
-
SSLOptions +StdEnvVars
|
216
|
-
|
217
|
-
</Directory>
|
218
|
-
|
219
|
-
SetEnvIf User-Agent ".*MSIE.*" \
|
220
|
-
|
221
|
-
nokeepalive ssl-unclean-shutdown \
|
222
|
-
|
223
|
-
downgrade-1.0 force-response-1.0
|
224
|
-
|
225
|
-
CustomLog logs/ssl_request_log \
|
226
|
-
|
227
|
-
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
228
|
-
|
229
|
-
</VirtualHost>
|
230
|
-
|
231
|
-
```
|
2
書式変更
test
CHANGED
File without changes
|
test
CHANGED
@@ -60,9 +60,11 @@
|
|
60
60
|
|
61
61
|
|
62
62
|
|
63
|
-
ssl.confの内容です(不要な行を削除)
|
63
|
+
ssl.confの内容です(不要な行を削除しています)
|
64
|
+
|
65
|
+
|
66
|
+
|
64
|
-
|
67
|
+
``
|
65
|
-
|
66
68
|
|
67
69
|
LoadModule ssl_module modules/mod_ssl.so
|
68
70
|
|
@@ -96,71 +98,77 @@
|
|
96
98
|
|
97
99
|
#SSLRandomSeed connect file:/dev/urandom 512
|
98
100
|
|
101
|
+
SSLEngine on
|
102
|
+
|
103
|
+
SSLCryptoDevice builtin
|
104
|
+
|
105
|
+
#SSLCryptoDevice ubsec
|
106
|
+
|
107
|
+
##
|
108
|
+
|
109
|
+
## SSL Virtual Host Context
|
110
|
+
|
111
|
+
<VirtualHost _default_:443>
|
112
|
+
|
113
|
+
# General setup for the virtual host, inherited from global configuration
|
114
|
+
|
115
|
+
#DocumentRoot "/var/www/html"
|
116
|
+
|
117
|
+
#ServerName www.example.com:443
|
118
|
+
|
99
119
|
DocumentRoot "/var/www/html"
|
100
120
|
|
101
121
|
ServerName hogehoge.com:443
|
102
122
|
|
123
|
+
|
124
|
+
|
125
|
+
# Use separate log files for the SSL virtual host; note that LogLevel
|
126
|
+
|
127
|
+
# is not inherited from httpd.conf.
|
128
|
+
|
129
|
+
ErrorLog logs/ssl_error_log
|
130
|
+
|
131
|
+
TransferLog logs/ssl_access_log
|
132
|
+
|
133
|
+
LogLevel warn
|
134
|
+
|
135
|
+
# SSL Engine Switch:
|
136
|
+
|
137
|
+
# Enable/Disable SSL for this virtual host.
|
138
|
+
|
103
139
|
SSLEngine on
|
104
140
|
|
141
|
+
# SSL Protocol support:
|
142
|
+
|
143
|
+
# List the enable protocol levels with which clients will be able to
|
144
|
+
|
145
|
+
# connect. Disable SSLv2 access by default:
|
146
|
+
|
147
|
+
SSLProtocol all -SSLv2 -SSLv3
|
148
|
+
|
149
|
+
# SSL Cipher Suite:
|
150
|
+
|
151
|
+
# List the ciphers that the client is permitted to negotiate.
|
152
|
+
|
153
|
+
# See the mod_ssl documentation for a complete list.
|
154
|
+
|
155
|
+
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW
|
156
|
+
|
157
|
+
# Server Certificate:
|
158
|
+
|
159
|
+
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
160
|
+
|
105
161
|
SSLCertificateFile /etc/httpd/conf/ssl.crt/hogehoge_com.crt
|
106
162
|
|
163
|
+
|
164
|
+
|
165
|
+
# Server Private Key:
|
166
|
+
|
167
|
+
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
168
|
+
|
107
169
|
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/hogehoge20160519.pem
|
108
170
|
|
109
|
-
|
171
|
+
|
110
|
-
|
111
|
-
#SSLCryptoDevice ubsec
|
112
|
-
|
113
|
-
##
|
114
|
-
|
115
|
-
## SSL Virtual Host Context
|
116
|
-
|
117
|
-
<VirtualHost _default_:443>
|
118
|
-
|
119
|
-
# General setup for the virtual host, inherited from global configuration
|
120
|
-
|
121
|
-
#DocumentRoot "/var/www/html"
|
122
|
-
|
123
|
-
#ServerName www.example.com:443
|
124
|
-
|
125
|
-
# Use separate log files for the SSL virtual host; note that LogLevel
|
126
|
-
|
127
|
-
# is not inherited from httpd.conf.
|
128
|
-
|
129
|
-
ErrorLog logs/ssl_error_log
|
130
|
-
|
131
|
-
TransferLog logs/ssl_access_log
|
132
|
-
|
133
|
-
LogLevel warn
|
134
|
-
|
135
|
-
# SSL Engine Switch:
|
136
|
-
|
137
|
-
# Enable/Disable SSL for this virtual host.
|
138
|
-
|
139
|
-
SSLEngine on
|
140
|
-
|
141
|
-
# SSL Protocol support:
|
142
|
-
|
143
|
-
# List the enable protocol levels with which clients will be able to
|
144
|
-
|
145
|
-
# connect. Disable SSLv2 access by default:
|
146
|
-
|
147
|
-
SSLProtocol all -SSLv2 -SSLv3
|
148
|
-
|
149
|
-
# SSL Cipher Suite:
|
150
|
-
|
151
|
-
# List the ciphers that the client is permitted to negotiate.
|
152
|
-
|
153
|
-
# See the mod_ssl documentation for a complete list.
|
154
|
-
|
155
|
-
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW
|
156
|
-
|
157
|
-
# Server Certificate:
|
158
|
-
|
159
|
-
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
160
|
-
|
161
|
-
# Server Private Key:
|
162
|
-
|
163
|
-
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
164
172
|
|
165
173
|
# Server Certificate Chain:
|
166
174
|
|
@@ -219,3 +227,5 @@
|
|
219
227
|
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
220
228
|
|
221
229
|
</VirtualHost>
|
230
|
+
|
231
|
+
```
|
1
confファイルの追記
test
CHANGED
File without changes
|
test
CHANGED
@@ -55,3 +55,167 @@
|
|
55
55
|
初めて作業するのでよくわかっていません
|
56
56
|
|
57
57
|
宜しくお願いいたします。
|
58
|
+
|
59
|
+
|
60
|
+
|
61
|
+
|
62
|
+
|
63
|
+
ssl.confの内容です(不要な行を削除)
|
64
|
+
|
65
|
+
|
66
|
+
|
67
|
+
LoadModule ssl_module modules/mod_ssl.so
|
68
|
+
|
69
|
+
Listen 443
|
70
|
+
|
71
|
+
## SSL Global Context
|
72
|
+
|
73
|
+
# Pass Phrase Dialog:
|
74
|
+
|
75
|
+
SSLPassPhraseDialog builtin
|
76
|
+
|
77
|
+
# Inter-Process Session Cache:
|
78
|
+
|
79
|
+
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
|
80
|
+
|
81
|
+
SSLSessionCacheTimeout 300
|
82
|
+
|
83
|
+
# Semaphore:
|
84
|
+
|
85
|
+
SSLMutex default
|
86
|
+
|
87
|
+
# Pseudo Random Number Generator (PRNG):
|
88
|
+
|
89
|
+
SSLRandomSeed startup file:/dev/urandom 256
|
90
|
+
|
91
|
+
SSLRandomSeed connect builtin
|
92
|
+
|
93
|
+
#SSLRandomSeed startup file:/dev/random 512
|
94
|
+
|
95
|
+
#SSLRandomSeed connect file:/dev/random 512
|
96
|
+
|
97
|
+
#SSLRandomSeed connect file:/dev/urandom 512
|
98
|
+
|
99
|
+
DocumentRoot "/var/www/html"
|
100
|
+
|
101
|
+
ServerName hogehoge.com:443
|
102
|
+
|
103
|
+
SSLEngine on
|
104
|
+
|
105
|
+
SSLCertificateFile /etc/httpd/conf/ssl.crt/hogehoge_com.crt
|
106
|
+
|
107
|
+
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/hogehoge20160519.pem
|
108
|
+
|
109
|
+
SSLCryptoDevice builtin
|
110
|
+
|
111
|
+
#SSLCryptoDevice ubsec
|
112
|
+
|
113
|
+
##
|
114
|
+
|
115
|
+
## SSL Virtual Host Context
|
116
|
+
|
117
|
+
<VirtualHost _default_:443>
|
118
|
+
|
119
|
+
# General setup for the virtual host, inherited from global configuration
|
120
|
+
|
121
|
+
#DocumentRoot "/var/www/html"
|
122
|
+
|
123
|
+
#ServerName www.example.com:443
|
124
|
+
|
125
|
+
# Use separate log files for the SSL virtual host; note that LogLevel
|
126
|
+
|
127
|
+
# is not inherited from httpd.conf.
|
128
|
+
|
129
|
+
ErrorLog logs/ssl_error_log
|
130
|
+
|
131
|
+
TransferLog logs/ssl_access_log
|
132
|
+
|
133
|
+
LogLevel warn
|
134
|
+
|
135
|
+
# SSL Engine Switch:
|
136
|
+
|
137
|
+
# Enable/Disable SSL for this virtual host.
|
138
|
+
|
139
|
+
SSLEngine on
|
140
|
+
|
141
|
+
# SSL Protocol support:
|
142
|
+
|
143
|
+
# List the enable protocol levels with which clients will be able to
|
144
|
+
|
145
|
+
# connect. Disable SSLv2 access by default:
|
146
|
+
|
147
|
+
SSLProtocol all -SSLv2 -SSLv3
|
148
|
+
|
149
|
+
# SSL Cipher Suite:
|
150
|
+
|
151
|
+
# List the ciphers that the client is permitted to negotiate.
|
152
|
+
|
153
|
+
# See the mod_ssl documentation for a complete list.
|
154
|
+
|
155
|
+
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW
|
156
|
+
|
157
|
+
# Server Certificate:
|
158
|
+
|
159
|
+
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
160
|
+
|
161
|
+
# Server Private Key:
|
162
|
+
|
163
|
+
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
164
|
+
|
165
|
+
# Server Certificate Chain:
|
166
|
+
|
167
|
+
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
|
168
|
+
|
169
|
+
# Certificate Authority (CA):
|
170
|
+
|
171
|
+
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
172
|
+
|
173
|
+
# Client Authentication (Type):
|
174
|
+
|
175
|
+
#SSLVerifyClient require
|
176
|
+
|
177
|
+
#SSLVerifyDepth 10
|
178
|
+
|
179
|
+
# Access Control:
|
180
|
+
|
181
|
+
#<Location />
|
182
|
+
|
183
|
+
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
|
184
|
+
|
185
|
+
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
|
186
|
+
|
187
|
+
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
|
188
|
+
|
189
|
+
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
|
190
|
+
|
191
|
+
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
|
192
|
+
|
193
|
+
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
|
194
|
+
|
195
|
+
#</Location>
|
196
|
+
|
197
|
+
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
|
198
|
+
|
199
|
+
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
|
200
|
+
|
201
|
+
SSLOptions +StdEnvVars
|
202
|
+
|
203
|
+
</Files>
|
204
|
+
|
205
|
+
<Directory "/var/www/cgi-bin">
|
206
|
+
|
207
|
+
SSLOptions +StdEnvVars
|
208
|
+
|
209
|
+
</Directory>
|
210
|
+
|
211
|
+
SetEnvIf User-Agent ".*MSIE.*" \
|
212
|
+
|
213
|
+
nokeepalive ssl-unclean-shutdown \
|
214
|
+
|
215
|
+
downgrade-1.0 force-response-1.0
|
216
|
+
|
217
|
+
CustomLog logs/ssl_request_log \
|
218
|
+
|
219
|
+
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
220
|
+
|
221
|
+
</VirtualHost>
|