DebianのSSL+Apache2の設定

root@almond:/etc/apache2# apache2-ssl-certificate

creating selfsigned certificate
replace it with one signed by a certification authority (CA)

enter your ServerName at the Common Name prompt

If you want your certificate to expire after x days call this programm
with -days x
Generating a 1024 bit RSA private key
…++++++
.++++++
writing new private key to ‘/etc/apache2/ssl/apache.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:Suginami-ku
Organization Name (eg, company; recommended) []:
Organizational Unit Name (eg, section) []:
server name (eg. ssl.domain.tld; required!!!) []:www.example.com
Email Address []:webmaster@example.com

root@almond:/etc/apache2# cd /etc/apache2/sites-available
root@almond:/etc/apache2# gunzip -c /usr/share/doc/apache2/examples/ssl.conf.gz > sites-available/ssl
root@almond:/etc/apache2# vi sites-available/ssl

<中略>
# General setup for the virtual host
DocumentRoot “/var/www/”
ServerName www.example.com:443
ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/error-ssl.log
TransferLog /var/log/apache2/access-ssl.log
<中略>
SSLCertificateFile /etc/apache2/ssl/apache.pem
<中略>
SSLCertificateKeyFile /etc/apache2/ssl/XXXXXXXX.0
<中略>
わたしの注：「XXXXXXXX.0」のファイル名は確認すること。
root@almond:/var/log/apache2# a2ensite ssl
Site ssl installed; run /etc/init.d/apache2 reload to enable.
root@almond:/var/log/apache2# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
root@almond:/var/log/apache2# /etc/init.d/apache2 restart
Restarting web server: Apache2.