SSLの設定

mod_sslインストール

# yum -y install mod_ssl
# httpd -M | grep ssl
ssl_module(shared)

秘密鍵の生成

opensslで秘密鍵(server.key)を生成する

openssl genrsa > server.key

Generating RSA private key, 2048 bit long modulus
...........+++
..........................+++

認証用ファイルの生成

opensslで認証用ファイル(server.csr)を生成する←CSRファイルは認証局にサーバ証明書を発行してもらう時に使用するファイル

openssl req -new -key server.key > server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

サーバ証明書の生成

$ openssl x509 -req -signkey server.key < server.csr > server.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key

サーバ証明書を生成したらserver.csrは不要になる。

秘密鍵とサーバ証明書の配置

# mv server.key /etc/httpd/
# mv server.crt /etc/httpd/

SSLモジュールの設定

# vi /etc/httpd/conf.d/ssl.conf

# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/server.crt
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/server.key

apache再起動

sudo systemctl start httpd

---