{"id":117,"date":"2009-06-20T08:41:09","date_gmt":"2009-06-19T23:41:09","guid":{"rendered":"http:\/\/qos.mine.nu\/wordpress\/?p=117"},"modified":"2009-06-20T08:41:09","modified_gmt":"2009-06-19T23:41:09","slug":"post-21","status":"publish","type":"post","link":"https:\/\/qos.dev7.net\/wordpress\/2009\/06\/post-21.html","title":{"rendered":"\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b"},"content":{"rendered":"<div id=\"wppda_alert\">\u3053\u306e\u8a18\u4e8b\u306f\uff12\u5e74\u4ee5\u4e0a\u524d\u306b\u66f8\u3044\u305f\u3082\u306e\u3067\u3059\u3002<br\/>\r\n\u305d\u306e\u305f\u3081\u60c5\u5831\u304c\u53e4\u3044\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3054\u4e86\u627f\u304f\u3060\u3055\u3044\u3002m(_ _)m<\/div><p>\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u306b\u3064\u3044\u3066\u306e\u8a73\u7d30\u306f\u3001\u4ee5\u4e0b\u3002<\/p>\n<ul>\n<li><a href=\"http:\/\/takagi-hiromitsu.jp\/diary\/20071117.html\">\u9ad8\u6728\u6d69\u5149\uff20\u81ea\u5b85\u306e\u65e5\u8a18 &#8211; \u3053\u3093\u306a\u9280\u884c\u306f\u5acc\u3060, \u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u306e\u533a\u5206 \u7b2c\u4e09\u7248<\/a>  <\/li>\n<li><a href=\"http:\/\/ja.wikipedia.org\/wiki\/%E8%87%AA%E5%B7%B1%E7%BD%B2%E5%90%8D%E8%A8%BC%E6%98%8E%E6%9B%B8\">\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8 &#8211; Wikipedia<\/a>  <\/li>\n<li><a href=\"http:\/\/d.hatena.ne.jp\/keyword\/%A5%AA%A5%EC%A5%AA%A5%EC%BE%DA%CC%C0%BD%F1\">\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u3068\u306f &#8211; \u306f\u3066\u306a\u30ad\u30fc\u30ef\u30fc\u30c9<\/a><\/li>\n<\/ul>\n<p>\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u3092\u30aa\u30ec\u5c02\u7528\u306b\u4f7f\u7528\u3059\u308b(\u30aa\u30ec\u4ee5\u5916\u306b\u306f\u4f7f\u308f\u306a\u3044)\u5206\u306b\u306f\u3001\u554f\u984c\u306a\u3044\u3068\u601d\u308f\u308c\u308b\u3002\u305f\u3076\u3093\u3002\u7528\u9014\u306f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a8d\u8a3c\u3002<\/p>\n<p>\u4f5c\u6210\u3059\u308b\u306b\u8fba\u308a\u4ee5\u4e0b\u306e\u30b5\u30a4\u30c8\u3092\u7279\u306b\u53c2\u7167\u3055\u305b\u3066\u9802\u3044\u305f\u3002<\/p>\n<ul>\n<li><a href=\"http:\/\/blog.mufu.jp\/2009\/01\/apachessl.html\">\u81ea\u524d\u3067\u8a8d\u8a3c\u5c40\u3092\u7acb\u3066\u3066\u3001\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u3067Apache\u3067SSL &#8211; Java\u3068ruby\u3068\u7537\u3068\u5973<\/a>  <\/li>\n<li><a href=\"http:\/\/park15.wakwak.com\/%7Eunixlife\/practical\/openssl.html\">OpenSSL\u3067\u306e\u81ea\u5df1\u8a8d\u8a3c\u5c40(CA)\u3068\u81ea\u5df1\u8a3c\u660e\u66f8\u306e\u4f5c\u6210<\/a><\/li>\n<\/ul>\n<p>\u4ee5\u4e0b\u306b\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u305f\u6642\u306e\u624b\u9806\u8a18\u8ff0\u3059\u308b\u3002(FreeBSD-7.2)  <\/p>\n<p>% mkdir ssl-self-signed<br \/>% cd ssl-self-signed<\/p>\n<hr>\n<p><strong>\u25a0 \u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u7528CA(\u8a8d\u8a3c\u5c40)\u306e\u4f5c\u6210 (\u203b \u770c\u540d\u7b49\u3005\u306f\u9069\u5f53)<\/strong><br \/>% \/usr\/src\/crypto\/openssl\/apps\/CA.pl -newca<br \/>CA certificate filename (or enter to create) <\/p>\n<p>Making CA certificate &#8230;<br \/>Generating a 1024 bit RSA private key<br \/>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;..++++++<br \/>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;..++++++<br \/>writing new private key to &#8216;.\/demoCA\/private\/cakey.pem&#8217;<br \/>Enter PEM pass phrase:<br \/>Verifying &#8211; Enter PEM pass phrase:<br \/>&#8212;&#8211;<br \/>You are about to be asked to enter information that will be incorporated<br \/>into your certificate request.<br \/>What you are about to enter is what is called a Distinguished Name or a DN.<br \/>There are quite a few fields but you can leave some blank<br \/>For some fields there will be a default value,<br \/>If you enter &#8216;.&#8217;, the field will be left blank.<br \/>&#8212;&#8211;<br \/>Country Name (2 letter code) [AU]:<strong>JP<\/strong><br \/>State or Province Name (full name) [Some-State]:<strong>Kanagawa<\/strong><br \/>Locality Name (eg, city) []:<strong>Kawasaki<\/strong><br \/>Organization Name (eg, company) [Internet Widgits Pty Ltd]:<strong>foo bar Ltd<\/strong><br \/>Organizational Unit Name (eg, section) []:<strong>System<\/strong><br \/>Common Name (eg, YOUR name) []:<strong>qos.mine.nu-CA<\/strong><br \/>Email Address []:root@qos.mine.nu  <\/p>\n<p>Please enter the following &#8216;extra&#8217; attributes<br \/>to be sent with your certificate request<br \/>A challenge password []:<br \/>An optional company name []:<br \/>Using configuration from \/etc\/ssl\/openssl.cnf<br \/>Enter pass phrase for .\/demoCA\/private\/cakey.pem:<br \/>Check that the request matches the signature<br \/>Signature ok<br \/>Certificate Details:<br \/>\u30fb\u30fb\u30fb<br \/>Write out database with 1 new entries<br \/>Data Base Updated  <\/p>\n<p><strong>demoCA\u3068\u3044\u3046\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u51fa\u6765\u3066\u3044\u308b\u306f\u305a\u3002\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u7528CA\u306e\u79d8\u5bc6\u9375\u3084\u3089\u516c\u958b\u9375\u3084\u3089\u3082\u305d\u306e\u4e2d\u306b\u4f5c\u6210\u3055\u308c\u308b\u3002<\/strong>  <\/p>\n<hr>\n<p><strong>\u25a0 \u30aa\u30ec\u30aa\u30ec\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u4f5c\u6210<\/strong>  <\/p>\n<p>% mkdir server-keys<br \/>% cd server-keys<\/p>\n<p>\u25cf <strong>\u79d8\u5bc6\u9375\u3092\u4f5c\u6210<\/strong><\/p>\n<p>% openssl genrsa -des3 -out secret.key 2048<br \/>Generating RSA private key, 2048 bit long modulus<br \/>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;+++<br \/>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;..+++<br \/>e is 65537 (0x10001)<br \/>Enter pass phrase for secret.key:<br \/>Verifying &#8211; Enter pass phrase for secret.key:<br \/>% openssl rsa -in secret.key -out secret-nopass.key<br \/>Enter pass phrase for secret.key:<br \/>writing RSA key <\/p>\n<p><strong>\u25cf <a href=\"http:\/\/ja.wikipedia.org\/wiki\/%E8%A8%BC%E6%98%8E%E6%9B%B8%E7%BD%B2%E5%90%8D%E8%A6%81%E6%B1%82\">CSR\uff08Certificate Signing Request\uff09<\/a>\u4f5c\u6210<\/strong>  <\/p>\n<p>% openssl req -new -key secret.key -out csr.pem<br \/>Enter pass phrase for secret.key:<br \/>You are about to be asked to enter information that will be incorporated<br \/>into your certificate request.<br \/>What you are about to enter is what is called a Distinguished Name or a DN.<br \/>There are quite a few fields but you can leave some blank<br \/>For some fields there will be a default value,<br \/>If you enter &#8216;.&#8217;, the field will be left blank.<br \/>&#8212;&#8211;<br \/>Country Name (2 letter code) [AU]:<strong>JP<\/strong><br \/>State or Province Name (full name) [Some-State]:<strong>Kanagawa<\/strong><br \/>Locality Name (eg, city) []:<strong>Kawasaki<\/strong><br \/>Organization Name (eg, company) [Internet Widgits Pty Ltd]:<strong>foo bar Ltd<\/strong><br \/>Organizational Unit Name (eg, section) []:<strong>System<\/strong><br \/>Common Name (eg, YOUR name) []:<strong>qos.mine.nu<\/strong><br \/>Email Address []:<strong>root@qos.mine.nu<\/strong>  <\/p>\n<p>Please enter the following &#8216;extra&#8217; attributes<br \/>to be sent with your certificate request<br \/>A challenge password []:<br \/>An optional company name []:  <\/p>\n<p><strong>\u25cf \u30aa\u30ec\u30aa\u30ecCA\u3067\u7f72\u540d\u3059\u308b<\/strong>  <\/p>\n<p>% cd ..<br \/>% cp \/usr\/src\/crypto\/openssl\/apps\/openssl.cnf .<br \/>% vi openssl.cnf<br \/>\u30fb\u30fb\u30fb<br \/>nsCertType&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; = server&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \u30fb\u30fb\u30fb\u30b3\u30e1\u30f3\u30c8\u3092\u5916\u3059<br \/>\u30fb\u30fb\u30fb<br \/>% openssl ca -in .\/server-keys\/csr.pem -out .\/server-keys\/server.cert -config .\/openssl.cnf<br \/>Using configuration from .\/openssl.cnf<br \/>Enter pass phrase for .\/demoCA\/private\/cakey.pem:<br \/>Check that the request matches the signature<br \/>Signature ok<br \/>Certificate Details:<br \/>\u30fb\u30fb\u30fb<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 extensions:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 Basic Constraints:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CA:FALSE<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Netscape Cert Type:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSL Server<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Netscape Comment:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OpenSSL Generated Certificate<br \/>\u30fb\u30fb\u30fb<br \/>Sign the certificate? [y\/n]:<strong>y<\/strong><br \/>CERTIFICATE WILL NOT BE CERTIFIED  <\/p>\n<p><strong><\/strong>&nbsp; <\/p>\n<hr>\n<p><strong>\u25a0 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u4f5c\u6210<\/strong>  <\/p>\n<p>% mkdir client-keys<\/p>\n<p>\u25cf <strong>\u79d8\u5bc6\u9375\u3092\u4f5c\u6210<strong>(\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u7528)<\/strong><\/strong><br \/>% openssl genrsa -des3 -out secret.key 2048<br \/>Generating RSA private key, 2048 bit long modulus<br \/>&#8230;&#8230;&#8230;&#8230;&#8230;+++<br \/>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;.+++<br \/>e is 65537 (0x10001)<br \/>Enter pass phrase for secret.key:<br \/>Verifying &#8211; Enter pass phrase for secret.key: <\/p>\n<p><strong>\u25cf <a href=\"http:\/\/ja.wikipedia.org\/wiki\/%E8%A8%BC%E6%98%8E%E6%9B%B8%E7%BD%B2%E5%90%8D%E8%A6%81%E6%B1%82\">CSR\uff08Certificate Signing Request\uff09<\/a>\u4f5c\u6210<\/strong> <strong>(\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u7528)<\/strong>  <\/p>\n<p>% openssl req -new -key secret.key -out csr.pem<br \/>Enter pass phrase for secret.key:<br \/>You are about to be asked to enter information that will be incorporated<br \/>into your certificate request.<br \/>What you are about to enter is what is called a Distinguished Name or a DN.<br \/>There are quite a few fields but you can leave some blank<br \/>For some fields there will be a default value,<br \/>If you enter &#8216;.&#8217;, the field will be left blank.<br \/>&#8212;&#8211;<br \/>Country Name (2 letter code) [AU]:<strong>JP<br \/><\/strong>State or Province Name (full name) [Some-State]:<strong>Kanagawa<\/strong><br \/>Locality Name (eg, city) []:Kawasaki<br \/>Organization Name (eg, company) [Internet Widgits Pty Ltd]:<strong>foo bar Ltd<\/strong><br \/>Organizational Unit Name (eg, section) []:<strong>user<\/strong><br \/>Common Name (eg, YO<br \/>\nUR name) []:<strong>user<\/strong><br \/>Email Address []:<strong>user@qos.mine.nu<\/strong>  <\/p>\n<p>Please enter the following &#8216;extra&#8217; attributes<br \/>to be sent with your certificate request<br \/>A challenge password []:<br \/>An optional company name []: <\/p>\n<p>&nbsp;<\/p>\n<p>\u25cf <strong>\u30aa\u30ec\u30aa\u30ecCA\u3067\u7f72\u540d\u3059\u308b<\/strong> <strong>(\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u7528)<\/strong> <br \/>% cd ..<br \/>% vi openssl.cnf<br \/>\u30fb\u30fb\u30fb<br \/># nsCertType&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; = server&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong>\u30fb\u30fb\u30fb\u30b3\u30e1\u30f3\u30c8\u306b\u3059\u308b<br \/><\/strong>nsCertType = client, email&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong>\u30fb\u30fb\u30fb\u30b3\u30e1\u30f3\u30c8\u3092\u5916\u3059<\/strong><br \/>\u30fb\u30fb\u30fb <\/p>\n<p>% openssl ca -in .\/client-keys\/csr.pem -out .\/client-keys\/client.cert -config .\/openssl.cnf<br \/>Using configuration from .\/openssl.cnf<br \/>Enter pass phrase for .\/demoCA\/private\/cakey.pem:<br \/>Check that the request matches the signature<br \/>Signature ok<br \/>Certificate Details:<br \/>\u30fb\u30fb\u30fb<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 extensions:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; X509v3 Basic Constraints:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CA:FALSE<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Netscape Cert Type:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSL Client, S\/MIME<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Netscape Comment:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OpenSSL Generated Certificate<br \/>\u30fb\u30fb\u30fb<br \/>Sign the certificate? [y\/n]:<strong>y<\/strong>  <\/p>\n<p>1 out of 1 certificate requests certified, commit? [y\/n]<strong>y<br \/><\/strong>Write out database with 1 new entries<br \/>Data Base Updated  <\/p>\n<p><strong>\u25cf \u30d6\u30e9\u30a6\u30b6\u306b\u30a4\u30f3\u30dd\u30fc\u30c8\u3057\u3084\u3059\u3044\u5f62(\u79d8\u5bc6\u9375\u3068\u8a3c\u660e\u66f8\u306e\u30bb\u30c3\u30c8)\u306b\u3059\u308b<\/strong>  <\/p>\n<p>% cd client-keys<br \/>% openssl pkcs12 -export -in client.cert -inkey secret.key -out client.p12  <\/p>\n<p>\u51fa\u6765\u305fclient.p12\u3092SCP\u3068\u304b\u3067\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7aef\u672b\u306b\u6301\u3063\u3066\u304d\u3066\u3001<br \/>\u30d6\u30e9\u30a6\u30b6\u306b\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b\u3002<\/p>\n<p>\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u304c\u898b\u77e5\u3089\u306cCA\u3067\u7f72\u540d\u3055\u308c\u3066\u3044\u308b\u3068\u3001\u300c\u304a\u307e\u3048\u8ab0\u3060\u3088\uff1f\u300d\u7684\u306a\u611f\u3058\u3067\u8b66\u544a\u304c\u51fa\u308b\u306e\u3067\u3001\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u7528CA\u306e\u8a3c\u660e\u66f8\u3082\u30d6\u30e9\u30a6\u30b6\u306b\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b\u3002demoCA\/cacert.pem\u3000\u304c\u3001\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u7528CA\u306e\u8a3c\u660e\u66f8\u306a\u306e\u3067\u3001\u3053\u3044\u3064\u3082SCP\u3068\u304b\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7aef\u672b\u306b\u6301\u3063\u3066\u304d\u3066\u3001\u30a4\u30f3\u30dd\u30fc\u30c8\u3002<\/p>\n<hr>\n<p>\u25a0 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a8d\u8a3c\u3092\u3059\u308b\u305f\u3081\u306eApache2\u306e\u8a2d\u5b9a<\/p>\n<ul>\n<li><a href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/mod_ssl.html#sslengine\">SSLEngine<\/a>  <\/li>\n<li><a href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/mod_ssl.html#sslcertificatefile\">SSLCertificateFile<\/a>\u3000\u3000\u3000\u30fb\u30fb\u30fb\u30aa\u30ec\u30aa\u30ec\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8  <\/li>\n<li><a href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/mod_ssl.html#sslcertificatekeyfile\">SSLCertificateKeyFile<\/a>\u3000\u3000\u30fb\u30fb\u30fb\u30aa\u30ec\u30aa\u30ec\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u79d8\u5bc6\u9375  <\/li>\n<li><a href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/mod_ssl.html#sslcacertificatefile\">SSLCACertificateFile<\/a>\u3000\u3000\u30fb\u30fb\u30fb\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u7528CA\u306e\u8a3c\u660e\u66f8  <\/li>\n<li><a href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/mod_ssl.html#sslverifyclient\">SSLVerifyClient<\/a>\u3000\u3000\u3000\u3000\u30fb\u30fb\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a8d\u8a3c\u306e\u8a2d\u5b9a\u3002<\/li>\n<\/ul>\n<p> \u8fba\u308a\u3092\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002<\/p>\n<p>\u25cf \u8a2d\u5b9a\u8a18\u8ff0\u30a4\u30e1\u30fc\u30b8<\/p>\n<p>Listen 443<br \/>NameVirtualHost *:443<br \/>&lt;IfModule mod_ssl.c&gt;<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;VirtualHost *:443&gt;<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLEngine on<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLCertificateFile&nbsp;&nbsp;&nbsp; \/home\/user\/ssl-self-signed\/server-keys\/server.cert<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLCertificateKeyFile \/home\/user\/ssl-self-signed\/server-keys\/secret-nopass.key<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLCACertificateFile \/home\/user\/ssl-self-signed\/demoCA\/cacert.pem<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLVerifyClient require<br \/>\u30fb\u30fb\u30fb<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (\u4ed6\u306e\u8a2d\u5b9a)<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;\/VirtualHost&gt;<br \/>&lt;\/IfModule&gt;  <\/p>\n<p>\u8a2d\u5b9a\u5b8c\u4e86\u5f8c\u3001Apache\u3092\u518d\u8d77\u52d5\u3057\u3066\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\u3057\u305f\u30d6\u30e9\u30a6\u30b6\u3067https\u30a2\u30af\u30bb\u30b9\u3002\u8a3c\u660e\u66f8\u3092\u8981\u6c42\u3055\u308c\u3001\u30a4\u30f3\u30dd\u30fc\u30c8\u3057\u305f\u8a3c\u660e\u66f8\u3092\u9078\u629e\u3059\u308b\u3053\u3068\u3067\u6b63\u5e38\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u305f\u3089\u6210\u529f\u3002  <\/p>\n<p>Google Chrome\u306fSSL\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a8d\u8a3c\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u306a\u3044\u3088\u3046\u306a\u306e\u3067\u3001IE\u304bFirefox\u304bOpera\u8fba\u308a\u3067\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u3053\u306e\u8a18\u4e8b\u306f\uff12\u5e74\u4ee5\u4e0a\u524d\u306b\u66f8\u3044\u305f\u3082\u306e\u3067\u3059\u3002 \u305d\u306e\u305f\u3081\u60c5\u5831\u304c\u53e4\u3044\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3054\u4e86\u627f\u304f\u3060\u3055\u3044\u3002m(_ _)m\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u306b\u3064\u3044\u3066\u306e\u8a73\u7d30\u306f\u3001\u4ee5\u4e0b\u3002 \u9ad8\u6728\u6d69\u5149\uff20\u81ea\u5b85\u306e\u65e5\u8a18 &#8211; \u3053\u3093\u306a\u9280\u884c\u306f\u5acc\u3060, \u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u306e &hellip; <a href=\"https:\/\/qos.dev7.net\/wordpress\/2009\/06\/post-21.html\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[29,78,47,40,46,44,45],"class_list":["post-117","post","type-post","status-publish","format-standard","hentry","category-auafafcc","tag-apache","tag-firefox","tag-freebsd","tag-google-chrome","tag-ssl","tag-aafaafeaezae","tag-eaca"],"_links":{"self":[{"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/posts\/117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/comments?post=117"}],"version-history":[{"count":0,"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/posts\/117\/revisions"}],"wp:attachment":[{"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/media?parent=117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/categories?post=117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qos.dev7.net\/wordpress\/wp-json\/wp\/v2\/tags?post=117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}