MacPortsのApache2にテスト用のSSL(自己署名証明書)を設定

Chromeに対応するためには、subjectAltNameを設定した自己署名証明書を作成する必要があります。
subjectAltNameが設定されていない証明書はChromeで NET::ERR_CERT_COMMON_NAME_INVALID エラーを参照してください。

SSLのテスト用に、MacPortsでインストールしたApacheにSSLの設定をした。
conf/httpd.conf

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

秘密鍵と証明書ファイルのパスの設定を確認。(デフォルトのまま使用することにする。)
conf/extra/httpd-ssl.conf

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
SSLCertificateFile "/opt/local/apache2/conf/server.crt"
#SSLCertificateFile "/opt/local/apache2/conf/server-dsa.crt"
#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile "/opt/local/apache2/conf/server.key"
#SSLCertificateKeyFile "/opt/local/apache2/conf/server-dsa.key"

秘密鍵の作成。

$ cd /opt/local/apache2/conf/
$ sudo openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.......................+++
..+++
e is 65537 (0x10001)

自己証明書を作成。

$ sudo openssl req -new -x509 -days 3650 -sha256 -key server.key -out server.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.example.com
Email Address []:

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です

このサイトはスパムを低減するために Akismet を使っています。コメントデータの処理方法の詳細はこちらをご覧ください