SSL付Apache構築手順の下書き

  • 投稿日:
  • by
  • カテゴリ:

# mount /dev/cdrom /media/cdrom
mount: block device /dev/cdrom is write-protected, mounting read-only

# cd /media/cdrom/CentOS/

# rpm -ihv apr-1.2.7-11.el5_3.1.i386.rpm
warning: apr-1.2.7-11.el5_3.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:apr ########################################### [100%]

# rpm -ihv postgresql-libs-8.1.11-1.el5_1.1.i386.rpm
warning: postgresql-libs-8.1.11-1.el5_1.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:postgresql-libs ########################################### [100%]

# rpm -ihv apr-util-1.2.7-7.el5_3.2.i386.rpm
warning: apr-util-1.2.7-7.el5_3.2.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:apr-util ########################################### [100%]

# rpm -ihv httpd-2.2.3-31.el5.centos.i386.rpm
warning: httpd-2.2.3-31.el5.centos.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:httpd ########################################### [100%]

# rpm -ihv gmp-4.1.4-10.el5.i386.rpm
warning: gmp-4.1.4-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:gmp ########################################### [100%]

# rpm -ihv php-common-5.1.6-23.2.el5_3.i386.rpm
warning: php-common-5.1.6-23.2.el5_3.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:php-common ########################################### [100%]

# rpm -ihv php-mbstring-5.1.6-23.2.el5_3.i386.rpm
warning: php-mbstring-5.1.6-23.2.el5_3.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:php-mbstring ########################################### [100%]

# rpm -qa | grep openssl
openssl-0.9.8e-12.el5

# cd /etc/pki/tls/misc

# cd /etc/pki/tls/
# cp -piv openssl.conf openssl.cnf.bk100508
`openssl.cnf' -> `openssl.cnf.bk100508'
# vi openssl.cnf
# diff openssl.cnf.bk100508 openssl.cnf
76c76
< default_days = 365 # how long to certify for
---
> default_days = 3650 # how long to certify for
178c178
< basicConstraints=CA:FALSE
---
> basicConstraints=CA:TRUE

# pwd
/etc/pki/tls/misc
# ./CA -newca
mkdir: cannot create directory `../../CA': File exists
mkdir: cannot create directory `../../CA/private': File exists
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
..............++++++
.++++++
writing new private key to '../../CA/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase: