12-4. Apache £×£×£×¥µ¡Ý¥Ð
(1) Apache £×£×£×¥µ¡Ý¥Ð `21/03
* ñ½ã¤Ë¥³¥ó¥Ñ¥¤¥ë¤¹¤ë
Apache ¤Ë¤Ä¤¤¤Æ¤Ï¡¢"5-3. ¥µ¡Ý¥Ð¥µ¥¤¥É¥¹¥¯¥ê¥×¥È" ¤â»²¾È¤µ¤ì¤¿¤¤¡£ £²£°£°£±Ç¯£³·î
Sun ¥µ¥¤¥È¤Î¥¢¡Ý¥«¥¤¥Ö¤Ë¤Ï apache_1.3.4 ¤Î¥Ð¥¤¥Ê¥ê¤·¤«¤Ê¤«¤Ã¤¿¡£°Ê²¼¤Ï Apache ¤Î
1.3.9 ¤ò Solaris 2.6 ¤Ç¥³¥ó¥Ñ¥¤¥ë¤·¤¿ÍͻҤǤ¢¤ë¡£
# /bin/csh
# setenv PATH /usr/local/bin:/usr/ccs/bin:$PATH
# cd /usr/local/source/
# zcat apache_1.3.9.tar.gz | tar xvf -
# cd apache_1.3.9;ls -F
ABOUT_APACHE Makefile.tmpl cgi-bin/ icons/
Announcement README conf/ logs/
INSTALL README.NT config.layout src/
KEYS README.configure configure*
LICENSE WARNING-NT.TXT htdocs/
# ./configure << ²¿¤â¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤Æ¤¤¤Ê¤¤¡£
# make; make install
# cd /usr/local/apache;ls -F
bin/ conf/ icons/ libexec/ man/
cgi-bin/ htdocs/ include/ logs/ proxy/
# bin/httpd -l << ¤É¤ó¤Ê¥â¥¸¥å¡Ý¥ë¤¬Æþ¤Ã¤¿¤«¥ê¥¹¥È¤¹¤ë¡£¼ÂºÝ¤Ï½Ä¤Ë½Ð¤ë¡£
Compiled-in modules:
http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c
mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c
mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c
mod_access.c mod_auth.c mod_setenvif.c
# bin/apachectl start << /usr/local/apache/conf/httpd.conf ¤ò¥Ç¥Õ¥©¥ë¥È¤Ç¸«¤ë¡£
./apachectl start: httpd started
# ps -ef | grep httpd
root 741 1 0 14:16:47 ? 0:00 /usr/local/apache/bin/httpd
nobody 2196 741 0 15:26:11 ? 0:00 /usr/local/apache/bin/httpd
nobody 2183 741 0 15:25:53 ? 0:00 /usr/local/apache/bin/httpd
nobody 2192 741 0 15:26:04 ? 0:00 /usr/local/apache/bin/httpd
nobody 2184 741 0 15:25:53 ? 0:00 /usr/local/apache/bin/httpd
nobody 2181 741 0 15:25:53 ? 0:00 /usr/local/apache/bin/httpd
nobody 2182 741 0 15:25:53 ? 0:00 /usr/local/apache/bin/httpd
nobody 2180 741 0 15:25:53 ? 0:00 /usr/local/apache/bin/httpd
# kill 741 << root ¤Î httpd ¤ò»¦¤¹¤ÈÁ´Éô¤Î httpd ¥Ç¡Ý¥â¥ó¤¬¾Ã¤¨¤ë¡£
* Proxy ¤È DSO µ¡Ç½¤òÄɲ乤ë
# ./configure --enable-module=so --enable-module=proxy << DSO & Proxy support¡£
Configuring for Apache, Version 1.3.9
+ using installation path layout: Apache (config.layout)
+ Warning: no Perl interpreter detected for support scripts.
+ Perhaps you need to specify one with --with-perl=FILE.
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Solaris 260 platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ checking for system header files
+ adding selected modules
+ using -ldl for vendor DSO support
+ checking sizeof various data types
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite ¡
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/proxy
enable-module=so »ØÄê¤ÇÀÅŪ mod_so.c ¥â¥¸¥å¡Ý¥ë¤¬Äɲ䵤ì¤ë¡£enable-module=proxy
¤ÇưŪ¤Ë mod_proxy.c ¥â¥¸¥å¡Ý¥ë¤¬Äɲ䵤ì¤ë¡£ ¥×¥í¥¥·¥µ¡Ý¥Ð¤È¤·¤ÆÍøÍѤ¹¤ë¤Ë¤Ï¾¯
¤·¤Ç¤â¥Ñ¥Õ¥©¡Ý¥Þ¥ó¥¹¤ò¾å¤²¤ë¤¿¤á¥â¥¸¥å¡Ý¥ë¤òÀÅŪÁȤ߹þ¤ß¤Ë¤¹¤ë¤Î¤¬¤è¤¤¡£ÉÔÍפʥâ
¥¸¥å¡Ý¥ë¤Ïºï¤Ã¤Æ¤â¤¤¤¤¡£Æ°Åª¥â¥¸¥å¡Ý¥ë¤À¤È£µ¤«¤é£¹¡óÀǽ¤¬Íî¤Á¤ë¤È½ñ¤«¤ì¤Æ¤¢¤Ã¤¿¡£
¡ÖSoftware Design¡×2003/12 ¤Î62¥Ú¡Ý¥¸ "¥â¥¸¥å¡Ý¥ë¤òDSO¤ÇÁȤ߹þ¤à¤ÈÃÙ¤¯¤Ê¤ë¡©"»²¾È¡£
# make; make install
/usr/local/apache/conf/httpd.conf
-------------------------------------------------------------------------------
| |
|Port 80 << £¸£°ÈÖ¥Ý¡Ý¥È¤Ç Proxy ¤òÆ°¤«¤·¤Æ¤â¤¤¤¤¡£
| |
|# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
|# document that was negotiated on the basis of content. This asks proxy
|# servers not to cache the document. Uncommenting the following line disables
|# this behavior, and proxies will be allowed to cache the documents.
|
|#CacheNegotiatedDocs << ¥³¥á¥ó¥È¤ò³°¤¹¤È HTML ¤Îµ½Ò¤Ç¥¥ã¥Ã¥·¥å¤·¤Ê¤¤»Ø
| | ¼¨¤ò̵»ë¤·¤Æ¡¢¥¥ã¥Ã¥·¥å¤¹¤ë¤è¤¦¤Ë¤¹¤ë¡£
|#
|ProxyRequests On << ¥¥ã¥Ã¥·¥å¤ò¤·¤Ê¤¤¥×¥í¥¥·¤À¤±¤Ê¤é¡¢¤³¤ì¤À¤±¥³¥á
|# ¥ó¥È³°¤»¤Ð¤¤¤¤¡£
|# Order deny,allow
|# Deny from all
|# Allow from .your_domain.com
|#
|
|# Enable/disable the handling of HTTP/1.1 "Via:" headers.
|# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
|# Set to one of: Off | On | Full | Block
|#ProxyVia On
|
|# To enable the cache as well, edit and uncomment the following lines:
|# (no cacheing without CacheRoot)
|#CacheRoot "/usr/local/apache/proxy"
|
|#CacheSize 5 << ¥¥ã¥Ã¥·¥åÍѤ˻Ȥ¦¥Ç¥£¥¹¥¯ÍÆÎÌ¡£Kbyte¡£
|
|#CacheGcInterval 4 << ¥¥ã¥Ã¥·¥å´ü´Ö¤ò²á¤®¤¿¥Õ¥¡¥¤¥ë¤ò¥Á¥§¥Ã¥¯¤¹¤ë¡£hr¡£
|
|#CacheMaxExpire 24 << ¥¥ã¥Ã¥·¥å¤·¤Æ¤ª¤¯»þ´Ö¡£HTML ¤ÎÃæ¤Î Expire »Ø¼¨¤Ï
| ̵»ë¤¹¤ë¡£CacheDefaultExpire ¤ÎÃͤ¬¾å¸Â¤È¤Ê¤ë¡£
|
|#CacheLastModifiedFactor 0.1 << ͸ú´ü¸Â¤Î¤Ê¤¤¥Õ¥¡¥¤¥ë¤Î͸ú´ü¸Â¤ò·è¤á¤ë¡£squid
| ¤ä NetCache ¤ÈƱ¤¸°ÕÌ£¡£CacheMaxExpire Ãͤ¬¾å¸Â¡£
|
|#CacheDefaultExpire 1 << ͸ú´ü¸Â¤Î¤Ê¤¤¥Õ¥¡¥¤¥ë¤Î¥Ç¥Õ¥©¥ë¥È¤Î͸ú´ü¸Â¡£
|
|#NoCache a_domain.com another_domain.edu joes.garage_sale.com
|# ¢¬¥¥ã¥Ã¥·¥å¤·¤Ê¤¤¥É¥á¥¤¥ó¡¢£É£Ð¥¢¥É¥ì¥¹¤Ê¤ÉµºÜ¤¹¤ë¡£
| |
# /usr/local/apache/bin/apachectl -help
usage: apachectl (start|stop|restart|fullstatus|status|graceful|configtest|help)
start - start httpd
stop - stop httpd
restart - restart httpd if running by sending a SIGHUP or start if not running
fullstatus - dump a full status screen; requires lynx and mod_status enabled
status - dump a short status screen; requires lynx and mod_status enabled
graceful - do a graceful restart by sending a SIGUSR1 or start if not running
configtest - do a configuration syntax test
help - this screen
[ Proxy ¥µ¡Ý¥Ð¤È¤·¤Æ¼ÂºÝ¤ËÍøÍѤ¹¤ë¤Ë¤Ï ]
/etc/resolv.conf /etc/nsswitch.conf ¤³¤Î¥Þ¥·¥ó¤«¤é¥¤¥ó¥¿¡Ý¥Í
------------------------ ------------------------ ¥Ã¥È¤Î¥µ¥¤¥È¤Î̾Á°²ò·è¤¬
|domain nix.co.jj |passwd: files ¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¡££Ä£Î£Ó
|#nameserver 127.0.0.1 |group: files ¤Î¥¯¥é¥¤¥¢¥ó¥È¤È¤·¤Æ̾Á°
|nameserver £É£Ð¤òµ½Ò |hosts: files dns ²ò·è¤Ç¤¤ë¤è¤¦ÀßÄꤹ¤ë¡£
* Solaris 9 ¤ËÆþ¤Ã¤Æ¤¤¤¿ Apache `25º¢
Sun ¤Î V210 ¤Ç¤â Blade 2500 ¤Ç¤âƱ¤¸ÆâÍƤÀ¤Ã¤¿¡£¥Ð¡Ý¥¸¥ç¥ó¤Ï 1.3 ¤À¤Ã¤¿¡£ Apache
¤Îµ¯Æ°À©¸æ¥Õ¥¡¥¤¥ë /etc/rc2.d/K16apache ¤È /etc/init.d/apache ¤ÏÆâÍƤϤۤܰì½ï¤À
¤Ã¤¿¡£grep ¤ÇÈæ³Ó¤¹¤ë¤È¾¯¤·°ã¤¤¤Ï¤¢¤ë¤¬¡£ ¥½¡Ý¥¹¥Õ¥¡¥¤¥ë¤Ï¤Ê¤·¡¢¥Ð¥¤¥Ê¥ê¤¬Æþ¤Ã¤Æ
¤¤¤¿¡£`29/06 ¤Ë¤â³Îǧ¡£
# ls /etc/apache
README.Solaris jserv.conf mime.types tomcat.conf
access.conf jserv.properties mime.types.new zone.properties
httpd.conf-example magic srm.conf
# ls -F /usr/apache
bin/ htdocs/ include/ jserv/ libexec/ man/ perl5/ tomcat/
# ls /usr/apache/bin
ab checkgid htpasswd logresolve
apachectl dbmmanage httpd rotatelogs
apxs htdigest jserv_shmedit suexec.disabled
/etc/apache/httpd.conf
--------------------------------------------------------------------------------
|ServerType standalone
|ServerRoot "/usr/apache"
| |
|# Dynamic Shared Object (DSO) Support
|#
|# To be able to use the functionality of a module which was built as a DSO you
|# have to place corresponding `LoadModule' lines at this location so the
|# directives contained in it are actually available _before_ they are used.
|# Please read the file README.DSO in the Apache 1.3 distribution for more
|# details about the DSO mechanism and run `httpd -l' for the list of already
|# built-in (statically linked and thus always available) modules in your httpd
|# binary.
|#
|# Note: The order is which modules are loaded is important. Don't change
|# the order below without expert advice.
|
|LoadModule proxy_module libexec/libproxy.so
|AddModule mod_proxy.c
|AddModule mod_so.c
|#SharedModule libproxy.so
| |
|Port 80
|User nobody
|Group nobody
|ServerAdmin you@yourhost.com
|Servername 127.0.0.1
|DocumentRoot "/var/apache/htdocs"
| |
| ¢¨ProxyRequests On ¤Ê¤É¤Îµ½Ò¤Ï¤Ê¤¤¡£
/etc/init.d/apache
----------------------------------
|#!/sbin/sh
|APACHE_HOME=/usr/apache
|CONF_FILE=/etc/apache/httpd.conf
| |
# cd /etc/apache
# cp httpd.conf-example httpd.conf
# /etc/init.d/apache start
httpd starting.
# cd /usr/apache/bin
# ./httpd -v
Server version: Apache/1.3.31 (Unix)
Server built: Aug 19 2004 10:18:38
# ./httpd -l
Compiled-in modules:
http_core.c
mod_so.c
suexec: disabled; invalid wrapper /usr/apache/bin/suexec << ¥¨¥é¡Ý¤Î¤è¤¦¤Ë¸«¤¨
¤ë¤¬ÌäÂê¤Ê¤¤¤é¤·¤¤¡£
httpd.conf ¤ÎÆâÍƤϤۤȤó¤É²¿¤â¤¤¤¸¤Ã¤Æ¤Ê¤¤¡£¿¨¤Ã¤Æ¤â Servername¤Î¤È¤³¤í¤°¤é¤¤¤«¡£
¥Ñ¥½¥³¥ó¤Î¥Ö¥é¥¦¥¶¤«¤é¥¢¥¯¥»¥¹¤·¤¿¤éÆüËܸì¤Î¥Þ¥Ë¥å¥¢¥ë¤¬¸«¤¨¤¿¡£ "¤¢¤Ê¤¿¤ÎͽÁÛ¤Ë
È¿¤·¤Æ¡¢¤³¤Î¥Ú¡Ý¥¸¤¬¸«¤¨¤Æ¤¤¤ë¤Ç¤·¤ç¤¦¤«¡©"¡¢¤È¡£ ¤³¤ì¤Ç Apache ¤Ï£×£×£×¥µ¡Ý¥Ð¤È
¤·¤Æ¤ÏÀµ¾ï¤Ë²ÔƯ¤Ç¤¤¤Æ¤¤¤ë¡£httpd.conf ¤Ë¤Ï LoadModule ¤È AddModule ¤Îµ½Ò¤Ï¤¿¤¯
¤µ¤ó¤¢¤Ã¤¿¡£¥×¥í¥¥·¥µ¡Ý¥Ð¤Î¥â¥¸¥å¡Ý¥ë¤â¤¢¤ë¡£¤È¤¤¤¦¤³¤È¤Ï¡¢¤³¤ÎÀ©¸æ¥Õ¥¡¥¤¥ë¤Ç¤Ï
ºÇ½é¤«¤éÁ´Éô¡¢Í¸ú¤Ë¤·¤Æ¤¤¤ë¤È¤¤¤¦¤³¤È¤«¡£README.Solaris¤Îµ½Ò¤â¤½¤Î¤è¤¦¤ËÆɤá¤ë¡£
/usr/apache/libexec ¤Ë¤Ï¥³¥ó¥Ñ¥¤¥ëºÑ¤ß¤Î¥â¥¸¥å¡Ý¥ë libproxy.so¤Ê¤É¤¬¤¿¤¯¤µ¤ó¤¢¤ë¡£
¤Ç¤âÆ°ºî¤ò³Îǧ¤·¤¿¤È¤³¤í¥×¥í¥¥·¥µ¡Ý¥Ð¤È¤·¤Æ¤Ïµ¡Ç½¤·¤Ê¤«¤Ã¤¿¡£Â¿Ê¬ httpd.conf ¤Ë
ProxyRequests On ¤Ê¤É¤Îµ½Ò¤ò¼«Ê¬¤Ç½ñ¤±¤Ð¤¤¤¤¤Î¤Ç¤Ê¤¤¤«¡£Í׳Îǧ¡ª¡£
/etc/apache/README.Solaris È´¿è
-----------------------------------------------------------------------
|By default, all supplied modules are enabled, except mod_jserv and
|mod_webapp (see below). This may not be an optimal configuration, as
|you may not want or need many of the modules. In particular,
|mod_perl is a memory hog (if you don't need it).
(2) OpenSSL ¤Î¥¤¥ó¥¹¥È¡Ý¥ë¤È¥³¥ó¥Ñ¥¤¥ë `02/10
* Apache + OpenSSL + Apache-SSL
£¹£¶Ç¯Åö»þ Apache ¤Ë SSLeay ¤È¤¤¤¦ SSL Íѥ⥸¥å¡Ý¥ë¤òÄɲ䷤ơ¢ °Å¹æ²½£×£×£×¥µ¡Ý
¥Ð¤Î¥Æ¥¹¥È¤ò¤·¤¿¡£¤Û¤È¤ó¤ÉÆüËܸì¤Ç¤Î»²¹Í»ñÎÁ¤¬¤Ê¤¯¡¢ Netscape ¼Ò¤Î±Ñʸ¥É¥¥å¥á¥ó
¥È¤òÆɤó¤Ç²¿¤È¤«ÀßÄꤷ¤¿¤â¤Î¤À¤Ã¤¿¡£º£Æü¡¢¥¤¥ó¥¿¡Ý¥Í¥Ã¥È¾å¤Ç¤Á¤ç¤Ã¤Èõ¤·¤¿¤À¤±¤Ç
¤â¡¢¥¤¥ó¥¹¥È¡Ý¥ëÎã¤ä¥Ç¥¸¥¿¥ë£É£Äȯ¹Ô¤Î¤ä¤êÊý¤Ê¤É¸«¤Ä¤±¤ë¤³¤È¤¬¤Ç¤¤ë¡£·îÆü¤â·Ð¤Á¡¢
¿ÊÊ⤷¤¿¤È¤³¤í¤â¤¢¤ë¤«¤È»×¤¦¤Î¤Ç¡¢ ²þ¤á¤Æ SSL °Å¹æ²½¤Ë¤Ä¤¤¤ÆÄ´¤Ù¤Æ¤ß¤ë¤³¤È¤Ë¤·¤¿¡£
·ë²Ì¡¢¸½ºß Apache ¤ò SSL Âбþ¤¹¤ë¤Ë¤Ï¡¢£³¤Ä¤ÎÊýË¡¤¬¤¢¤ë¤³¤È¤¬¤ï¤«¤Ã¤¿¡£ ¤½¤ÎÃæ¤Ç
¤â SSLeay ¤ËÂå¤ï¤ë OpenSSL ¥â¥¸¥å¡Ý¥ë¤òÆþ¤ì¤¿¤Î¤¬¡¢¤É¤¦¤â¤¤¤¤¤è¤¦¤Ç¤¢¤Ã¤¿¡£
1. OpenSSL + Apache-SSL( Apache ÍÑ SSL Âбþ¥Ñ¥Ã¥Á )
2. OpenSSL + mod_ssl( Apache Íѥ⥸¥å¡Ý¥ë )
3. SSLeay + Apache-SSL
Apache-SSL ¤Ï Apache ¤Î¥Ñ¥Ã¥Á¤È¤¤¤¦·Á¤Ë¤Ê¤Ã¤Æ¤¤¤ë¡£ mod_ssl ¤Ï Apache ¤Î¥â¥¸¥å¡Ý
¥ë¤È¤¤¤¦·Á¤Ë¤Ê¤Ã¤Æ¤¤¤ë¡£Apache-SSL ¥µ¥¤¥È¤¤¤ï¤¯¡¢ mod_ssl ¤è¤ê°ÂÄêÀ¤¬¹â¤¤¤È¤¤¤¦
¤³¤È¤Ç¤¢¤ë¡£OpenSSL ¤È SSLeay ¤Î°ã¤¤¤Ï¡©¡£OpenSSL ¤Ï SSLeay ¤ò¥Ù¡Ý¥¹¤Ë³«È¯¤µ¤ì¤Æ
¤¤¤ë¡£SSLeay ¤â¤Þ¤À³«È¯¤¬Â³¤±¤é¤ì¤Æ¤Ï¤¤¤ë¡£ ξ¼Ô¤Î¥³¥Þ¥ó¥ÉÂηϤÏÁ´¤¯Æ±¤¸¤È¸À¤Ã¤Æ
¤¤¤¤¡£OpenSSL ¤Ï SSL Ver.2.0/3.0 ¤½¤ì¤Ë TLS 1.0 ¤ò¥µ¥Ý¡Ý¥È¤¹¤ë¡£ TLS ¤Ï SSL ¤ò´ð
¤Ëɸ½à²½¤·¤¿»ÅÍͤǡ¢¤Û¤È¤ó¤ÉƱ¤¸¤À¤¬¸ß´¹À¤Ï¤Ê¤¤¡£¤Þ¤¿¡¢¼ÂÁõ¤µ¤ì¤¿¥½¥Õ¥È¤Ï¤Û¤È¤ó
¤É¤Ê¤¯¡¢¼Â¼ÁŪ¤Ë¤Ï SSL V.3.0 ¤¬»È¤ï¤ì¤Æ¤¤¤ë¡£
Apache-SSL ¤Ï http://www.apache-ssl.org/ ¤¬ËܲȤǤ¢¤ë¡£ ¤½¤ÎÃé¼Â¤ÊÆüËܸìÌõ¤Î¥µ¥¤
¥È¤¬ http://japache.infoscience.co.jp/Apache-SSL/Apache-SSL.html ¤Ç¤¢¤ë¡£ ¸½»þÅÀ
¤Ç¤ÎºÇ¿·¤Ï 2000/03/06 ¥ê¥ê¡Ý¥¹¤Î apache_1.3.12+ssl_1.39 ¤Ç¤¢¤ë¡£
OpenSSL ¤ÎËÜ²È¤Ï http://www.openssl.org/ ¤Ç¡¢ openssl ¥³¥Þ¥ó¥É¤Î¾Ü¤·¤¤ÀâÌÀ¤¬¤¢¤ë¡£
ÆüËܸ쥵¥¤¥È¤Ï http://japache.infoscience.co.jp/technical/openssl/ ¤Ç¤¢¤ë¡£ ÆüËÜ
¸ì¥µ¥¤¥È¤Ç¤ÎºÇ¿·¤Ï '99/08/09 ¤Î openssl-0.9.4 ¤À¤¬¡¢ËÜ²È¤Ç¤Ï openssl-0.9.6¤Ç¤¢¤ë¡£
* OpenSSL ¤Î¥¤¥ó¥¹¥È¡Ý¥ë¤È¥³¥ó¥Ñ¥¤¥ë ( INDY IRIX 5.3 ¤Ç¼Â»Ü )
% cd /usr/local/source
% ftp ftp.openssl.org
> get openssl-0.9.4.tar.gz
% zcat openssl-0.9.4.tar.gz | tar xvf -
% cd openssl-0.9.4
% ./config
Operating system: mips2-sgi-irix
Configuring for irix-gcc
IsWindows=0 ¤Ç¤¤¿ Makefile ¤Î¤³¤³¤ò 02 ¤Ë¤¹¤ë¤³¤È¡£
CC =gcc ¢
CFLAG =-mips2 -O3 -DTERMIOS -DB_ENDIAN
% make << £±£°Ê¬¤°¤é¤¤¤«¤«¤Ã¤¿¡£
% make test << £µÊ¬¤°¤é¤¤¤«¤«¤Ã¤¿¡£
% make install
* Apache ¤Ë SSL ÍѥѥåÁ¤òÅö¤Æ¤ë
% cd /usr/local/source/apache_1.3.9
% zcat apache_1.3.9+ssl_1.37.tar.gz | tar xvf -
% ./FixPatch
% ./configure
% make; make install
* ¥Æ¥¹¥ÈÍѥǥ¸¥¿¥ë£É£Ä¤òºî¤ë
% cd /usr/local/source/apache_1.3.9/src
% make certificate
/usr/local/ssl/bin/openssl req -config ../SSLconf/conf/ssleay.cnf \
-new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \
-keyout ../SSLconf/conf/httpsd.pem; \
ln -sf httpsd.pem ../SSLconf/conf/`/usr/local/ssl/bin/openssl \
x509 -noout -hash < ../SSLconf/conf/httpsd.pem`.0
Using configuration from ../SSLconf/conf/ssleay.cnf
unable to load 'random state'
What this means is that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in.
Generating a 1024 bit RSA private key
...+++++
.+++++
writing new private key to '../SSLconf/conf/httpsd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:JP
State or Province Name (full name) [Some-State]:Aichi
Locality Name (eg, city) []:Nagoya
Organization Name (eg, company; recommended) []:NIX Ltd
Organizational Unit Name (eg, section) []:CAD
server name (eg. ssl.domain.tld; required!!!) []:web.nix.co.jj
Email Address []:katou@nix.co.jj
% cd /usr/local/source/apache_1.3.9/SSLconf ¤Ç¤¤¿¥Ç¥¸¥¿¥ë£É£Ä
% ls -al conf ¢
lrwxr-xr-x .. 10 10·î 20Æü 13»þ41ʬ 4c46adae.0 -> httpsd.pem
-rw------- .. 7385 7·î 25Æü 1999ǯ httpd.conf
-rw-r--r-- .. 1860 10·î 20Æü 13»þ41ʬ httpsd.pem
lrwxr-xr-x .. 21 10·î 20Æü 13»þ03ʬ mime.types -> ../../conf/mime.types
-rw------- .. 1019 6·î 21Æü 1998ǯ ssleay.cnf
httpsd.pem
-----------------------------------------------------------------
|-----BEGIN RSA PRIVATE KEY----- ¤³¤³¤«¤é£×£×£×¥µ¡Ý¥Ð¤ÎÈëÌ©¸°
|MIICXQIBAAKBgQDMEKNQoSlTb5rCWhUysyapzekbZny4IgplSx+pp8Dn9xnhpYlI
| |
|EO6wYQuQmc7UdUFAu36ZZUDagRT2AKbRUC/pnKrZ1ic+
|-----END RSA PRIVATE KEY-----
|-----BEGIN CERTIFICATE----- ¤³¤³¤«¤é£×£×£×¥µ¡Ý¥Ð¤Î¥Ç¥¸¥¿¥ë£É£Ä
|MIICojCCAgugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCSlAx
| |
|Yiw9R/Ne
|-----END CERTIFICATE-----
°ÊÁ°¤Ï¤³¤ó¤ÊÊØÍø¤Ê¥³¥Þ¥ó¥É¤Ï¤Ê¤«¤Ã¤¿¡£% make certificate ¤À¤±¤Ç¡¢ ¼«¸Ê¾ÚÌÀ¤·¤¿¥Ç
¥¸¥¿¥ë£É£Ä¤¬¤Ç¤¤ë¡£¤³¤ì¤Ç¤È¤â¤«¤¯°Å¹æ²½£×£×£×¤Î¥Æ¥¹¥È¤¬¤Ç¤¤ë¡£ httpsd.pem ¤Ë¤Ï
£×£×£×¥µ¡Ý¥Ð¤Î¥Ç¥¸¥¿¥ë£É£Ä¡¢¤½¤ì¤ËÈëÌ©¸°¤â´Þ¤Þ¤ì¤Æ¤¤¤ë¤³¤È¤ËÃí°Õ¤·¤¿¤¤¡£
% cd /usr/local/apache/conf;ls
access.conf magic srm.conf
access.conf.default magic.default srm.conf.default
httpsd.conf mime.types
httpsd.conf.default mime.types.default ¢¨¤³¤³¤Î httpsd.conf ¤Ï°Å¹æ²½Âбþ¤Ç¤Ê¤¤¡£
% mv httpsd.conf httpsd.conf.org << °ì±þ¤È¤Ã¤Æ¤ª¤¯¡£
% cp /usr/local/source/apache_1.3.9/SSLconf/conf/httpd.conf httpsd.conf
¢¬
°Å¹æ²½Âбþ¤ÎÀ©¸æ¥Õ¥¡¥¤¥ë
/usr/local/apache/conf/httpsd.conf
---------------------------------------------- << ¤È¤ê¤¢¤¨¤º¤³¤ì¤À¤±¤ÎÀ©¸æ¥Õ¥¡
|User www ¥¤¥ë¤Ç Apache ¤Ï²ÔƯ¤¹¤ë¡£
|Group user
|LogLevel debug
|
|#SSLRandomFile /dev/urandom 1024 << ¤³¤ì¤é°ìÂβ¿¡£¥³¥á¥ó¥È
|#SSLRandomFilePerConnection /dev/urandom 1024 << ¤Ë¤·¤Æ¤âÌäÂê¤Ê¤¤¤è¤¦¤À¡£
|
|ServerType standalone
|Port 443
|DocumentRoot /usr/local/apache/htdocs
|
|
| SSLRequireSSL
|
|
|SSLEnable
|SSLCacheServerPath /usr/local/apache/bin/gcache
|SSLCacheServerPort logs/gcache_port
|SSLCacheServerRunDir /tmp
|SSLSessionCacheTimeout 15
|
|#SSLCACertificatePath
|#SSLCACertificateFile
|SSLCertificateFile /usr/local/source/apache_1.3.9/SSLconf/conf/httpsd.pem
|#SSLCertificateKeyFile
|
|SSLVerifyClient 0
|SSLVerifyDepth 10
|
|SSLFakeBasicAuth
|SSLRequireCipher
|SSLBanCipher NULL-MD5:NULL-SHA
|
|CustomLog logs/ssl_log "%t %{version}c %{cipher}c %{clientcert}c"
|ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
Ãí. SSLCACertificateFile ¤Ï£Ã£Á¤Î¥Ç¥¸¥¿¥ë£É£Ä¤ò»ØÄꤹ¤ë¤³¤È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¡£ ¤·¤«¤·
¥¯¥é¥¤¥¢¥ó¥Èǧ¾Ú¤·¤Ê¤¤¾ì¹ç¤Ï¡¢¤³¤ì¤Ï»È¤ï¤Ê¤¤Êý¤¬¤¤¤¤¤«¤âÃΤì¤Ê¤¤¡£¥Ö¥é¥¦¥¶¤ò
Netscape 4.78 ¤Ç»ØÄꤷ¤¿¤È¤³¤í¡¢¥Õ¥©¡Ý¥Þ¥Ã¥È¤¬¤ª¤«¤·¤¤¤È¥¢¥¯¥»¥¹¤Ç¤¤Ê¤«¤«¤Ã
¤¿¡£IE ¤Ç¤ÏÆäËÌäÂê¤Ê¤¯¥¢¥¯¥»¥¹¤Ç¤¤¿¤¬¡£
* ¤½¤ì¤Ç¤Ï¥Æ¥¹¥È¤·¤è¤¦
% cat /etc/hosts
192.168.1.1 indy1 web.nix.co.jj
% httpsdctl start
Reading key for server web.nix.co.jj:443
Enter PEM pass phrase:12345567 << ¥Ñ¥¹¥Õ¥ì¡Ý¥º¤òÆþ¤ì¤ë¡£ÆþÎϤÎɽ¼¨
Launching... /usr/local/apache/bin/gcache ¤Ï¤µ¤ì¤Ê¤¤¡£
pid=18180
httpsdctl start: httpd started
% netscape https://web.nix.co.jj/ << °Å¹æ²½£×£×£×¥µ¡Ý¥Ð¤Ë¥¢¥¯¥»¥¹¤¹¤ë¡£
£É£Ð¥¢¥É¥ì¥¹¤òÆþ¤ì¤Æ¤â¤Ç¤¤ë¡£
[/usr/local/ssl]----[bin]--- c_rehash, openssl
|-[misc]-- CA.pl, CA.sh, c_hash, c_info,
| c_issuer, c_name, der_chop
|-[private] ºÇ½é¤Ï¥«¥é
|-[certs] ºÇ½é¤Ï¥«¥é
|-[include]--[openssl]-- e_os.h ..
|-[lib]-- libcrypto.a, libssl.a
|- openssl.cnf
% cd /usr/local/source/openssl-0.9.4;ls -F
CHANGES Makefile.ssl demos/ libssl.a shlib/
CHANGES.SSLeay NEWS dep/ makevms.com* ssl/
Configure* README doc/ ms/ test/
INSTALL VMS/ e_os.h mt/ times/
INSTALL.VMS apps/ e_os2.h openssl.doxy tmp/
INSTALL.W32 bugs/ include/ out/ tools/
LICENSE certs/ install.com perl/ util/
Makefile@ config* libRSAglue.a rsaref/
Makefile.org crypto/ libcrypto.a sf/
% ls demos/apps
CA.com CA.pl* CA.sh openssl.cnf demoCA/ ...
* Apache ¤Î¥³¥Þ¥ó¥É
% cd /usr/local/apache/bin;ls
ab dbmmanage htdigest httpsd logresolve
apxs gcache htpasswd httpsdctl rotatelogs
% httpsdctl
usage: httpsdctl (start|stop|restart|fullstatus|status|graceful|configtest|help)
start - start httpd
stop - stop httpd
restart - restart httpd if running by sending a SIGHUP or start if not running
fullstatus - dump a full status screen; requires lynx and mod_status enabled
status - dump a short status screen; requires lynx and mod_status enabled
graceful - do a graceful restart by sending a SIGUSR1 or start if not running
configtest - do a configuration syntax test
help - this screen
* openssl ¤Î¥³¥Þ¥ó¥É
% cd /usr/local/ssl/bin
% openssl genrsa -rand rand.dat -des 1024 > key.pem
% openssl genrsa -des 1024 > key.pem
% openssl rsa -text -in key.pem << key.pem ¤Î¾ðÊó¤òÁ´Éôɽ¼¨¡£
% openssl req -new -key key.pem -out csr.pem
% openssl req -text -in csr.pem << -text¤Ï¾ðÊó¤òÁ´Éôɽ¼¨¤¹¤ë¡£
% openssl x509 -text -in verisign.pem
% openssl x509 -in httpsd.pem -fingerprint -noout << Finger Print ¤À¤±É½¼¨¤¹¤ë¡£
% openssl
OpenSSL> rsa ? << »È¤¨¤ë¥ª¥×¥·¥ç¥ó¤òɽ¼¨¤¹¤ë¡£
OpenSSL> rsa -text -in key.pem << ÂÐÏÃ¥â¡Ý¥É¡£
(3) VeriSign ¤Î¥Æ¥¹¥ÈÍѥǥ¸¥¿¥ë£É£Ä `02/10
* ¤³¤ì¤Ç»î¤·¤Æ¤ß¤ë¤³¤È¤¬¤Ç¤¤ë
ÆüËܤΠVeriSign ¤Î¥µ¥¤¥È¤ò¸«¤Æ¤ß¤è¤¦ http://www.verisign.co.jp/¡£ ÀΤȤϤ¦¤Ã¤ÆÊÑ
¤ï¤Ã¤Æ¤À¤¤¤ÖÆâÍÆŪ¤Ë½¼¼Â¤·¤Æ¤¤¿¡£°Å¹æ²½¤ÎÊÙ¶¯¤â¤Ç¤¤ë¡£¤½¤·¤Æ¤¤¤Ä¤«¤é¤«ÃΤé¤ó¤¬¡¢
£×£×£×¥µ¡Ý¥Ð¤Î¥Æ¥¹¥ÈÍѥǥ¸¥¿¥ë£É£Ä¤òȯ¹Ô¤¹¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¡£¤³¤ì¤ÏÍÆñ¤¤¡££±£´
Æü´Ö͸ú¤Ê "¥Æ¥¹¥ÈÍÑ¥»¥¥å¥¢¡¦¥µ¡Ý¥Ð£É£Ä"¡¢40 bit DES ÈǤǤ¢¤ë¡£¤³¤Î¥Ç¥¸¥¿¥ë£É£Ä
¤Ï VeriSign ¤ÎÀµµ¬¤Ê½ð̾¤Ï¤Ê¤µ¤ì¤Æ¤¤¤Ê¤¤¡£¤Ä¤Þ¤ê Netscape ¤Î¥Ö¥é¥¦¥¶¤Ê¤É¤ËºÇ½é¤«
¤éÆþ¤Ã¤Æ¤¤¤ë¥Ç¥¸¥¿¥ë£É£Ä¤Ç¤Ïǧ¾Ú¤µ¤ì¤Ê¤¤¡£¤½¤Î¤¿¤á "¥Æ¥¹¥ÈÍÑ¥ë¡Ý¥È¾ÚÌÀ½ñ" ¤ò¥Ö¥é
¥¦¥¶¤ËÆþ¤ì¤ëɬÍפ¬¤¢¤ë¡£¤³¤Î¥Õ¥¡¥¤¥ë¤Ï VeriSign ¤Î¥µ¥¤¥È¤ËÃÖ¤«¤ì¤Æ¤¤¤ë¡£¤³¤ì¤Ï¥Æ
¥¹¥È£É£Ä¼èÆÀ¤Î²èÌ̤ˤ½¤Ã¤Æ½ç¤Ë¤ä¤Ã¤Æ¤¤¤¯¤È¡¢¥Ö¥é¥¦¥¶¤ËÆþ¤ì¤ë°ÆÆ⤬½Ð¤ë¤Î¤Ç¡¢¤½¤ì
¤Ë½¾¤¨¤Ð¤¤¤¤¡£
¤½¤ÎÁ°¤Ë¡¢À褺£×£×£×¥µ¡Ý¥Ð¤Î¸ø³«¸°¤ÈÈëÌ©¸°¤òºî¤ë¡£key.pem ¤È¸À¤¦¥Õ¥¡¥¤¥ë¤Ëξ¼Ô¤¬
Æþ¤ë¡£-rand rand.dat ¤È¤¤¤¦¤Î¤Ï¡¢¤³¤ì¤é¤Î¸°¤òºî¤ë¤¿¤á¤ÎÍð¿ô¤Ç¤¢¤ë¡£rand.dat ¤È¤¤
¤¦¤Î¤Ï̾Á°¤Ê¤É²¿¤Ç¤â¤è¤¯¡¢¤É¤ó¤Ê¥Õ¥¡¥¤¥ë¤Ç¤â¹½¤ï¤Ê¤¤¡£¤³¤Î¼«Ê¬¤Î¥á¥â½ñ¤¤Ç¤â¤¤¤¤¡£
¼¡¤Ë CSR( Certificate Signing Request ) ¤È¤¤¤¦¥Õ¥¡¥¤¥ë¤òºîÀ®¤¹¤ë¡££Ã£Á¤Ë¾ÚÌÀ¤·¤Æ
¤â¤é¤¦¤¿¤á¤Î¥Õ¥©¡Ý¥Þ¥Ã¥È¤Ç¤¢¤ë¡£¾ÚÌÀ¤È¤¤¤¦¤Î¤ÏÀµ³Î¤Ç¤Ê¤¤¤«¤â¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò¤·¤Æ
¤â¤é¤¦¤¿¤á¤Î¥Õ¥©¡Ý¥Þ¥Ã¥È¤È¤¤¤Ã¤¿Êý¤¬¤¤¤¤¤«¡£ ²¼µ¤Ç¤Ï csr.pem ¤È¸À¤¦¥Õ¥¡¥¤¥ë¤òºî
¤Ã¤Æ¤¤¤ë¡£¤³¤Î¥Õ¥¡¥¤¥ë¤Ë¤Ï¡¢²ñ¼Ò̾¤ä£×£×£×¥µ¡Ý¥Ð¤Î FQDN ¤Ê¤É¡¢ ¤½¤ì¤Ë key.pem ¤Î
Ãæ¤Î¸ø³«¸°¤¬Æþ¤ë¡£ ¤³¤Î csr.pem ¥Õ¥¡¥¤¥ë¤ò²èÌ̤ˤ½¤Ã¤Æ VeriSign ¤ËÁ÷¤ë¤ï¤±¤Ç¤¢¤ë¡£
¾®À¸¤¬¤ä¤Ã¤Æ¤ß¤¿¤È¤³¤í¡¢"¥Æ¥¹¥ÈÍÑ¥»¥¥å¥¢¡¦¥µ¡Ý¥Ð£É£Ä" ¤¬¤¹¤°¤Ë¥á¡Ý¥ë¤ÇÍ褿¡£
% openssl genrsa -rand rand.dat -des 1024 > key.pem
% openssl req -new -key key.pem -out csr.pem
key.pem csr.pem
------------------------------------ ------------------------------------
|-----BEGIN RSA PRIVATE KEY----- |-----BEGIN CERTIFICATE REQUEST-----
|Proc-Type: 4,ENCRYPTED | |
|DEK-Info: DES-CBC,A0E3E986F3B6298D |-----END CERTIFICATE REQUEST-----
|
| |
|-----END RSA PRIVATE KEY-----
¥Ç¥¸¥¿¥ë£É£Ä¤¬¥á¡Ý¥ë Subject: VeriSign Trial Server ID ¤ÇÍè¤ë
-----------------------------------------------------------------------------
|Dear VeriSign Customer,
|
|Congratulations -- your Test Server ID (certificate), issued to
|WEB.NIX.CO.JJ, is included at the end of this message.
|VeriSign has digitally signed your Certificate, providing assurance that your
|certificate has not been damaged or changed without detection.
|
|For instructions on how to install your Test Server ID and the Test CA root,
|please visit:
|http://digitalid.verisign.co.jp/trialserver/trialStep4.htm
|http://digitalid.verisign.co.jp/trialserver/trialStep5.htm
|
|After testing your Trial Server ID, we encourage you to check out VeriSign's
|full line of Secure Site Services at:
|http://digitalid.verisign.co.jp/secureserver/index.html
|
|VeriSign Digital ID Services
|
|-----BEGIN CERTIFICATE----- ¡À ¤³¤ÎÉôʬ¤¬ VeriSign ¤¬¥Æ¥¹¥È¤Çȯ¹Ô¤·¤Æ¤¯¤ì¤¿
| | ¡Ã ¿½ÀÁ£×£×£×¥µ¡Ý¥ÐÍѤΥǥ¸¥¿¥ë£É£Ä¡£¤³¤ì¤À¤±ÀÚ
|-----END CERTIFICATE----- ¡¿ ¤ê¼è¤Ã¤ÆŬÅö¤Ê¥Õ¥¡¥¤¥ë̾¤Ë¤¹¤ë¡£verisign.pem
¤È¤¤¤¦¥Õ¥¡¥¤¥ë¤Ë¤³¤³¤Ç¤Ï¤·¤Æ¤ß¤¿¡£
% cd /usr/local/ssl/bin; ls -F
c_rehash* httpsd.pem openssl* verisign.pem
csr.pem key.pem rand.dat
/usr/local/apache/conf/httpsd.conf Êѹ¹¤¹¤ë²Õ½ê¤À¤±¼¨¤¹
---------------------------------------------------------------------------
|#SSLCertificateFile /usr/local/source/apache_1.3.9/SSLconf/conf/httpsd.pem
|
|SSLCertificateFile /usr/local/ssl/bin/verisign.pem << ¤³¤ì¤éÆþ¤ì¤ë¥Ç¥£¥ì¥¯¥È¥ê
|SSLCertificateKeyFile /usr/local/ssl/bin/key.pem << ¤Ï¤É¤³¤Ç¤â¹½¤ï¤Ê¤¤¡£
* VeriSign ¥Æ¥¹¥ÈÍÑ¥ë¡Ý¥È¾ÚÌÀ½ñ¤ò¤È¤ë
http://digitalid.verisign.co.jp/trialserver/trialStep4.htm ¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢"¥Æ¥¹
¥ÈÍÑ¥ë¡Ý¥È¾ÚÌÀ½ñ" ¤Î¤È¤³¤ò¥¯¥ê¥Ã¥¯¤¹¤ë¤È¡¢¼«Æ°Åª¤Ë¥Ö¥é¥¦¥¶¤ËÆþ¤Ã¤Æ¤¯¤ë¡£¤¤¤í¤¤¤í
ʹ¤¤¤ÆÍè¤ë¤¬¡¢Ì¾Á°¤òÉÕ¤±¤è¤È½Ð¤¿¤È¤³¤í¤Ç "TEST CA" ¤È¤«Æþ¤ì¤ë¤È¡¢ ¥Ö¥é¥¦¥¶¤ËÅÐÏ¿
¤µ¤ì¤ë¡£Ì¾Á°¤òÉÕ¤±¤Ê¤¤¤È¡¢¤½¤Î»þ¤À¤±¤Î¥ë¡Ý¥È¥Ç¥¸¥¿¥ë£É£Ä¤È¤Ê¤ë¡£ Windows 98 ¤Ç¤É
¤³¤Ë¡¢¤³¤Î¥Ç¥¸¥¿¥ë£É£Ä¤¬Æþ¤Ã¤¿¤Î¤«Ä´¤Ù¤Æ¤ß¤¿¡£²¿¤È¥Ð¥¤¥Ê¥ê¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤Æ¤¤
¤¿¡£²¼µ¤Î¥Õ¥¡¥¤¥ë¤ò¥À¥ó¥×¤¹¤ë¤È¡¢Netscape Communicator ¤Î¥»¥¥å¥ê¥Æ¥£¾ðÊó¤Ç³Îǧ
¤Ç¤¤ë¥ë¡Ý¥È¾ÚÌÀ½ñ¤¬¤º¤é¤º¤é½Ð¤Æ¤¤¿¡£
C:\Program Files\Netscape\Users\katou\cert7.db
* VeriSign ËÜÈÖÍѥǥ¸¥¿¥ë£É£Ä¤ò¼èÆÀ¤¹¤ë
¾åµ¤Ç¥Æ¥¹¥ÈÍѤò¼èÆÀ¤Ç¤¤¿¤Ê¤é¡¢¤½¤ì¤Çµ»½ÑŪ¤Ë¤Ï¥¯¥ê¥¢¤·¤¿¤³¤È¤Ë¤Ê¤ë¡£¸å¤Ï¼ê³¤
Ū¤Ê¤³¤È¤Ç¤¢¤ë¡£¿½ÀÁ¤¹¤ë£×£×£×¥µ¡Ý¥Ð¤¬ËÜÅö¤Ë¼Âºß¤·¤Æ¤¤¤ë¤«¡¢¤¤¤í¤¤¤í½ñÎà¤ò·¤¨¤Æ
VeriSign ¤Ë¿³ºº¤·¤Æ¤â¤é¤¦¤³¤È¤Ë¤Ê¤ë¡£Ãí°Õ¤·¤¿¤¤¤Î¤Ï VeriSign ¤¬¤ä¤ë¤Î¤Ï¡¢ £×£×£×
¥µ¡Ý¥Ð¤¬¼Âºß¤·¤Æ¤¤¤ë¤«¤É¤¦¤«¤ò¾ÚÌÀ¤¹¤ë¤Î¤Ç¤¢¤Ã¤Æ¡¢¿®ÍѤ¬¤ª¤±¤ë¤«¤É¤¦¤«¤ò¾ÚÌÀ¤¹¤ë
¤â¤Î¤Ç¤Ï¤Ê¤¤¤È¤¤¤¦¤³¤È¡£½ñÎà¤Ï "°õ´ÕÅÐÏ¿¾ÚÌÀ½ñ" ¤È "¾¦¶ÈÅеÊíÆ¥ËÜ" ¤Ê¤É¤¬É¬ÍפÇ
¤¢¤ë¡£¤³¤ÎÆó¤Ä¤Î½ñÎà¤Ï¡¢Äë¹ñ¥Ç¡Ý¥¿¥Ð¥ó¥¯¤Î´ë¶È¥³¡Ý¥É¤È¾å¾ì´ë¶È¤Î¾Ú·ô¥³¡Ý¥É¤¬¤¢¤ì
¤Ð¡¢½Ð¤µ¤Ê¤¯¤Æ¤â¤¤¤¤¤È VeriSign ¤Î¥Û¡Ý¥à¥Ú¡Ý¥¸¤Ë¤Ï½ñ¤¤¤Æ¤¢¤Ã¤¿¡£ÎÁ¶â¤Ï 40 bit °Å
¹æ²½Âбþ¤Î¤¬Ìó£¸Ëü±ß¡¿Ç¯¡¢128 bit ¤Î¤¬£±£²Ëü±ß¡¿Ç¯¤À¤Ã¤¿¤«¡£
http://www.verisign.co.jp/
> ¥°¥í¡Ý¥Ð¥ë¡¦¥µ¡Ý¥Ð£É£ÄÂбþ¥×¥é¥Ã¥È¡Ý¥à¡¿128 bit ÍÑ¡£
Apache ¥Ø¤ÎÂбþ¡§Apache_1.3.12+ssl_1.39, openssl-0.9.5a¡£
http://www.jp.thawte.com/
> '99/10 VeriSign ¤ËµÛ¼ý¤µ¤ì¤Æ¤¤¤¿¡£½éǯÅÙ $125, ¼¡Ç¯ÅÙ°Ê¹ß¤Ï $100¡£
(4) Apache £×£×£×¥µ¡Ý¥Ð¤Î´°À®·Á `02/10
* PHP3¡¢XML¡¢PostgreSQL ¤Ï¤É¤¦¤Ê¤Ã¤¿
"5-4. ¥Ç¡Ý¥¿¥Ù¡Ý¥¹¤È¤ÎÏ¢·È (1) PostgreSQL ¤ò»î¤·¤Æ¤ß¤ë" ¤«¤é¤Î³¤¤È¤¤¤¦¤³¤È¤Ë¤Ê
¤ë¡£¤½¤³¤Þ¤Ç¤Ç PHP3¡¢XML¡¢PostgreSQL ¤ò Apache ¤ÈÏ¢·È¤Ç¤¤ë¤è¤¦¤Ë¤·¤¿¡£¤½¤ì¤ËSSL
¤ò²Ã¤¨¤Æ¤ÎÏäˤʤ롣
apache_1.3.9 : Apache ¤ÎËÜÂΡ£1.3.12 ¤¬ºÇ¿·¡£
apache_1.3.9+ssl_1.37 : Apache ÍÑ SSL Âбþ¥Ñ¥Ã¥Á¡£
openssl-0.9.4 : SSL ¤ÎËÜÂΡ£0.9.6 ¤¬ºÇ¿·¡£
postgresql-6.5.3 : ¥æ¡Ý¥¶ katou ¤Ç¥Ç¡Ý¥¿¥Ù¡Ý¥¹ºîÀ®¡£
php-3.0.12jp-beta4 : ºÇ¿·¤Ï PHP4¡¢½èÍý¤¬Â®¤¯¤Ê¤Ã¤Æ¤¤¤ë¡£
XML ¥Ñ¡Ý¥µ¤Î expat : PostgreSQL ¤È Apache ¤ËÆþ¤Ã¤Æ¤¤¤ë¡£
% cd /usr/local/source/apache_1.3.9
% ./configure --enbale-module=so << DSO ¥¿¥¤¥×¤Î apache ¤òºî¤ë¡£¤³¤ì¤Ç PHP3¤Î
¥â¥¸¥å¡Ý¥ë¤ÏưŪ¤ËÆɤ߹þ¤à¡£PostgreSQL ¤Ï
% make
% make install ÊÌ¥×¥í¥»¥¹¤À¤«¤é´Ø·¸¤Ê¤·¡£
% postmaster -S -i << ¥æ¡Ý¥¶ katou ¤Ç¼Â¹Ô¤¹¤ë¤³¤È¡£
Î٤Υѥ½¥³¥ó¤Î Netscape Navigator ¤«¤é https://192.168.1.1:443/postg.php3 ¤È¥¢¥¯
¥»¥¹¤·¤Æ³Îǧ¤¹¤ë¡£PHP3 ¤Î¥É¥¥å¥á¥ó¥È¤Ê¤É¤¬¡¢PHP3 ¤ò¥¤¥ó¥¹¡Ý¥ë¤¹¤ë¤È docs ¥Ç¥£¥ì
¥¯¥È¥ê¤ËÆþ¤Ã¤ÆÍè¤ë¡£Á°¤Î¥Ç¥£¥ì¥¯¥È¥ê apache ¤Ï̾Á°¤ò¤«¤¨¤Æ¡¢ ËܾϤǿ·µ¬¤Ë apache
¤òºî¤êľ¤·¤¿¤Î¤Ç¡¢PHP3 ¤Î¥É¥¥å¥á¥ó¥È¤Ê¤É¤Ï¤Ê¤¤¡£ ɬÍפʤéÁ°¤Î apache ¤Î¥Ç¥£¥ì¥¯
¥È¥ê¤ò¸«¤Æ¡¢¼êºî¶È¤ÇÆþ¤ì¤ë¤³¤È¡£ PHP3 ¤Î¥â¥¸¥å¡Ý¥ë libphp3.so ¤Ï¥³¥Ô¡Ý¤·¤Æ¤ª¤¯¤³
¤È¡£ ¤½¤ì¤Ë cgi-bin ¤Ëºî¤Ã¤¿¥Æ¥¹¥ÈÍÑ¤Î¥×¥í¥°¥é¥à¤Ê¤É¤âɬÍפʤ饳¥Ô¡Ý¤·¤Æ¤¯¤ë¤³¤È¡£
/usr/local/apache/htdocs/postg.php3
-----------------------------------------------------------
|
|
* Apache ¤ÎÀ©¸æ¥Õ¥¡¥¤¥ë
/usr/local/apache/conf/httpsd.conf
-----------------------------------------------------------
|ServerType standalone << SSL Âбþ¤Ïɬ¤º standalone ¤Ë¤¹¤ë¤³¤È¡£
|ServerRoot "/usr/local/apache"
|PidFile /usr/local/apache/logs/httpd.pid
|ScoreBoardFile /usr/local/apache/logs/httpd.scoreboard
|Timeout 300
|KeepAlive On
|MaxKeepAliveRequests 100
|KeepAliveTimeout 15
|MinSpareServers 5
|MaxSpareServers 10
|StartServers 5 << ²ÔƯ¤¹¤ë¤È httpsd ¥Ç¡Ý¥â¥ó¤¬£µ¸Ä¤Ç¤¤ë¡£
|MaxClients 150
|MaxRequestsPerChild 0
|
|LoadFile /usr/local/pgsql/lib/libpq.so << PostgreSQL ¥â¥¸¥å¡Ý¥ë¡£
|LoadModule php3_module libexec/libphp3.so << PHP3 ¥â¥¸¥å¡Ý¥ë¡£
|
|Port 443 << SSL Âбþ¤Î¥Ý¡Ý¥ÈÈÖ¹æ¤Ï 443¡£°Å¹æ²½£×£×£×
|User www ¥µ¡Ý¥Ð¤Î¤ß²ÔƯ¤¹¤ë¡£
|Group user
|ServerAdmin katou@nix.co.jj
|ServerName web.nix.co.jj << ¤³¤³¥³¥á¥ó¥È¤Ç¤â²ÔƯ¤Ï¤¹¤ë¤¾¡£
|DocumentRoot "/usr/local/apache/htdocs"
|
| << ¤³¤³¥Æ¥¹¥È¤Î»þ¤Ï¥³¥á¥ó¥È¤Ë¤·¤¿Êý¤¬¤¤¤¤¤«
| Options FollowSymLinks ¤â¡£¥Ç¥£¥ì¥¯¥È¥ê¤ò¥ê¥¹¥Æ¥£¥ó¥°¤¹¤ë¤«¤É¤¦
| AllowOverride None ¤«¤È¤¤¤¦¤³¤È¤Ç¡£
|
|DirectoryIndex index.html << ¥Æ¥¹¥È¤Î»þ¤Ï¥³¥á¥ó¥È³°¤·¤¿Êý¤¬¤¤¤¤¤«¤â¡£
|
|
| Options Indexes FollowSymLinks
| AllowOverride None
| Order allow,deny
| Allow from all
|
|AccessFileName .htaccess
|
| Order allow,deny
| Deny from all
|
|UseCanonicalName On
|TypesConfig /usr/local/apache/conf/mime.types
|DefaultType text/plain << ¥Õ¥¡¥¤¥ë¤Î³ÈÄ¥»Ò¤«¤é¼ïÎà¤ò³ÎÄê¤Ç¤¤Ê¤¤¤Î
| ¤Ï¡¢¤¿¤À¤Î¥Æ¥¥¹¥È¤È¤ß¤Ê¤¹¡£
|HostnameLookups Off
|ErrorLog /usr/local/apache/logs/error_log
|LogLevel warn << debug ¤È¤¤¤¦¤Î¤â¤¢¤ë¡£¥³¥á¥ó¥È¤Ç¤â¤¤¤¤¡£
|LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|LogFormat "%h %l %u %t \"%r\" %>s %b" common
|LogFormat "%{Referer}i -> %U" referer
|LogFormat "%{User-agent}i" agent
|#CustomLog /usr/local/apache/logs/access_log common
|ServerSignature On
|Alias /icons/ "/usr/local/apache/icons/"
|
| Options Indexes MultiViews
| AllowOverride None
| Order allow,deny
| Allow from all
|
|ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
|
| AllowOverride None
| Options None
| Order allow,deny
| Allow from all
|
|IndexOptions FancyIndexing
| | << ÅÓÃæά¡£
|
|AddType application/x-httpd-php3 .php3 << PHP3 ¤Î³ÈÄ¥»Ò¤ÎÀë¸À¡£
|AddType application/x-httpd-php3-source .phps << PHP3 ¤Î³ÈÄ¥»Ò¤ÎÀë¸À¡£
|
|AddType application/x-tar .tgz
|#AddHandler cgi-script .cgi << cgi-bin ¥Ç¥£¥ì¥¯¥È¥ê°Ê³°¤Ç¤â
| ³ÈÄ¥»Ò¤¬ .cgi ¤Ê¤é¼Â¹Ô¤¹¤ë¡£
|BrowserMatch "Mozilla/2" nokeepalive
| | << ÅÓÃæά¡£
|
| << ¤³¤ì¤è¤ê SSL ¤ÎÀßÄê¡£
| SSLRequireSSL << ¤³¤³¥³¥á¥ó¥È¤Ç¤â SSLEnable ¤¬
| µ½Ò¤µ¤ì¤Æ¤¤¤ì¤Ð°Å¹æ²½¤Ë¤Ê¤ë¡£
|
|TransferLog logs/transfer_log
|SSLEnable << SSLDisable ¤Ë¤¹¤ë¤È°Å¹æ²½¤·¤Ê
|SSLCacheServerPath /usr/local/apache/bin/gcache ¤¯¤Ê¤ë¡£
|SSLCacheServerPort logs/gcache_port
|SSLCacheServerRunDir /tmp
|SSLSessionCacheTimeout 15 VeriSign ¤¬½ð̾¤·¤¿£×£×£×¥µ¡Ý¥Ð¤Î¥Ç¥¸¥¿¥ë£É£Ä
| ¢
|SSLCertificateFile /usr/local/ssl/bin/verisign.pem
|SSLCertificateKeyFile /usr/local/ssl/bin/key.pem ¢« ¤³¤Î£×£×£×¥µ¡Ý¥Ð¤ÎÈëÌ©¸°
|SSLVerifyClient 0 ¢« £×£×£×¥¯¥é¥¤¥¢¥ó¥È¤Î¥Ç¥¸¥¿¥ë£É£Ä¤Ï¥Á¥§¥Ã¥¯¤·¤Ê¤¤¡£
|SSLVerifyDepth 10
|
|SSLFakeBasicAuth
|SSLRequireCipher
|SSLBanCipher NULL-MD5:NULL-SHA
|CustomLog logs/ssl_log "%t %{version}c %{cipher}c %{clientcert}c"
(5) OpenSSL ¤Î demoCA ¤Ë¤è¤ë¼«Á°£Ã£Á `02/10
* OpenSSL ¤Î demoCA
CA.sh ¥·¥§¥ë¥¹¥¯¥ê¥×¥È¤ò¸«¤ë¤È¡¢£¹£¶Ç¯¤ÎÍúÎò¤Þ¤Ç¤Ç¡¢¤½¤ì°Ê¸å¤ÎÍúÎò¤Ï¤Ê¤¤¡£¤É¤¦¤â
°ÊÁ° SSLeay ¤ò»î¤·¤¿»þ¤ÈÆâÍƤÏÊѤï¤Ã¤Æ¤Ê¤¤¤ß¤¿¤¤¤Ç¤¢¤ë¡£OpenSSL ¤òŸ³«¤·¤¿¤Þ¤Þ¤Î
demoCA ¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤Ï¡¢¥Ç¥âÍѤΣãÁ¥Ç¥¸¥¿¥ë£É£Ä¤È£Ã£ÁÈëÌ©¸°¤¬¤¢¤ë¡£ °Ê²¼¤Ï¤³¤ì
¤ò¤½¤Î¤Þ¤Þ»È¤Ã¤Æ£×£×£×ÍѤΥǥ¸¥¿¥ë£É£Ä¤òºîÀ®¤·¤¿¡£¿·µ¬¤Ë£Ã£Á¤âºîÀ®¤·¤¿¤¤¤Î¤Ê¤é¾
¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ç CA.sh ¤ò¼Â¹Ô¤¹¤ë¡£ ¤½¤³¤Ë demoCA ¤È¤¤¤¦¥Ç¥£¥ì¥¯¥È¥ê¤¬¤Ç¤¤ë¤Î¤Ç
cacert.pem¡¢cakey.pem ¤Ê¤É¤òºîÀ®¤·¤Æ¤¤¤¯¡£CA.sh ¤Ï /usr/local/ssl/openssl.cnf ¤È
¤¤¤¦À©¸æ¥Õ¥¡¥¤¥ë¤ò»²¾È¤·¤Æ¥Ç¥¸¥¿¥ë£É£ÄÅù¤òÅǤ½Ð¤¹¡£ºîÀ®¤µ¤ì¤¿¥Ç¥¸¥¿¥ë£É£Ä¤Î͸ú
´ü´Ö¤Ï£±Ç¯¤È¤«¤Ê¤Ã¤Æ¤¤¤ë¤¬¡¢ ¤³¤ì¤Ï openssl.cnf ¥Õ¥¡¥¤¥ë¤Ë default_days = 365 ¤È
½ñ¤«¤ì¤Æ¤¤¤ë¤«¤é¤Ç¤¢¤ë¡£²¿¤À¤Ã¤¿¤é¼«Ê¬ÍѤ˽ñ¤´¹¤¨¤Æ¤â¤è¤¤¡£
[/usr/local/source/openssl-0.9.4/apps]
|
[demoCA]--- cacert.pem << ¥Ç¥âÍѤΣãÁ¤Î¥Ç¥¸¥¿¥ë£É£Ä¡£
|- [private]-- cakey.pem << ¥Ç¥âÍѤΣãÁ¤ÎÈëÌ©¸°¡£
|- [crl] << ǧ¾Ú¥µ¥¤¥È¼º¸ú¥ê¥¹¥È¡£
|- [newcerts]
|- [certs]
|- serial << ȯ¹Ô¥Ç¥¸¥¿¥ë£É£Ä¤Î´ÉÍýÈÖ¹æ¥Õ¥¡¥¤¥ë¡£
|- index.txt << ȯ¹Ô¥Ç¥¸¥¿¥ë£É£Ä¤Î¥Ç¡Ý¥¿¥Ù¡Ý¥¹¡£
cacert.pem << % opnessl x509 -text -in cacert.pem ¤ÇÃæ¿È¤ò¸«¤ì¤ë¡£
---------------------------------------------------------------------
|subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
|issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
|-----BEGIN X509 CERTIFICATE-----
|
|MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
|BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
|MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
|RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
|BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
|LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
|/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
|DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
|IMs6ZOZB
|-----END X509 CERTIFICATE-----
% cd /usr/local/source/openssl-0.9.4/apps
% CA.sh -newreq << newreq.pem ¤¬¤Ç¤¤ë¡£¿½ÀÁÍѥꥯ¥¨¥¹¥È¤Î¥Õ¥¡¥¤¥ë¡£
Using configuration from /usr/local/ssl/openssl.cnf
|
Enter PEM pass phrase: 1234567 << ÈëÌ©¸°ÍѤΥѥ¹¥Õ¥ì¡Ý¥º¤òÆþ¤ì¤ë¡£
|
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Aichi
Locality Name (eg, city) []:Nagoya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NIX LTD
Organizational Unit Name (eg, section) []:CAD
Common Name (eg, YOUR name) []:web.nix.co.jj
Email Address []:katou@nix.co.jj
|
% CA.sh -sign << newcert.pem ¤¬¤Ç¤¤ë¡£¿½ÀÁ£×£×£×¤Î¥Ç¥¸¥¿¥ë£É£Ä¡£
Using configuration from /usr/local/ssl/openssl.cnf
|
¢¨newreq.pem ¤Ë¤Ï¿½ÀÁ£×£×£×¤ÎÈëÌ©¸°¤âÆþ¤Ã¤Æ¤¤¤ë¤³¤È¤ËÃí°Õ¡£ % CA.sh -newreq ¤ÎºÇ
¸å¤Ç "Request (and private key) is in newreq.pem" ¤È½Ð¤ÆÍè¤ë¡£
% cd demoCA ¥Ç¥âÍѤΣãÁ¤Î¥Ç¥¸¥¿¥ë£É£Ä¤ò DER ·Á¼°¤Ë¤¹¤ë¡£
% openssl x509 -in cacert.pem -outform der -out ccc.der
% ls -F demoCA
cacert.pem certs/ index.txt newcerts/ serial
ccc.der crl/ index.txt.old private/ serial.old
* £×£×£×¥µ¡Ý¥Ð¤Ë£Ã£Á¤Î¥Ç¥¸¥¿¥ë£É£Ä¤òÍÑ°Õ¤¹¤ë
% cp ccc.der /usr/local/apache/htdocs
/usr/local/apache/htdocs/index.html ËèÅÙ¤ª¤Ê¤¸¤ß¤Î Apache ¤Î¥¦¥§¥ë¥«¥à¥Ú¡Ý¥¸
----------------------------------- ¤ËÍÑ°Õ¤·¤Æ¤ß¤¿¡£¤³¤³¥Ö¥é¥¦¥¶¤«¤é¥¯¥ê¥Ã¥¯
| ¤¹¤ë¤È¡¢¤¤¤í¤¤¤íʹ¤¤¤Æ¤¤Æ Netscape ¤Ê¤é
| | [¥»¥¥å¥ê¥Æ¥£¾ðÊó]-->[½ð̾¼Ô] ¤Î½ê¤Ë¤³¤Î
|
¥Õ¥¡¥¤¥ë¤¬Æþ¤Ã¤Æ¤¤¤¯¡£ [½ð̾¼Ô] ¤ÎÍó¤Ë¤Ï
|TEST CA ¥Ç¥Õ¥©¥ë¥È¤Ç VeriSign ¤Ê¤É´ö¤Ä¤«¤Î¥ë¡Ý¥È
|
£Ã£Á¤Î¥Ç¥¸¥¿¥ë£É£Ä¤¬Æþ¤Ã¤Æ¤¤¤ë¡£ ccc.der
| | ¤â¡¢¤½¤ÎÃç´ÖÆþ¤ê¤ò¤·¤¿¤ï¤±¤À¡£
/usr/local/apache/conf/mime.types ¤³¤ìÄɲ䷤Ƥª¤¯¤³¤È¡£¤ä¤é¤Ê¤¤¤È¥Ö¥é¥¦¥¶
--------------------------------- ¤«¤é ccc.der ¤ò¥¯¥ê¥Ã¥¯¤·¤¿ºÝ¡¢ ¥Ç¥¸¥¿¥ë
|application/x-x509-ca-cert der £É£Ä¤Èǧ¼±¤»¤º¡¢¥Õ¥¡¥¤¥ë¤ò¤¿¤À¥À¥¦¥ó¥í¡Ý
| | ¥É¤¹¤ë²èÌ̤¬½Ð¤Æ¤·¤Þ¤¦¡£
* £×£×£×¥Ö¥é¥¦¥¶¤Î°Å¹æ²½¾ðÊó
Netscape Communicator 4.5 ¤Ç³Îǧ¤·¤¿¤³¤È¤À¤¬¡¢²èÌ̺¸²¼¤Î¸°¥Þ¡Ý¥¯¤ò¥¯¥ê¥Ã¥¯¤¹¤ë¤È
[¥»¥¥å¥ê¥Æ¥£¾ðÊó] ¤¬½Ð¤ÆÍè¤ë¡£¾å¤Î ccc.der ¤òÆɤ߹þ¤Þ¤º¤Ë¡¢Ä¾Àܤ³¤Î£×£×£×¥µ¡Ý¥Ð
¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤È¡¢¤¤¤í¤¤¤íʹ¤¤¤Æ¤¤Æ¡¢ ²¼µ¤Î [Web¥µ¥¤¥È] ¤Ë¥Ç¥¸¥¿¥ë£É£Ä¤¬Æþ¤ë¤³
¤È¤Ë¤Ê¤ë¡£¤³¤³¥¯¥ê¥Ã¥¯¤¹¤ë¤È "¼õ¤±ÉÕ¤±¤¿Web¥µ¥¤¥È¤Î¾ÚÌÀ½ñ" ¤Î²èÌ̤¬½Ð¤Æ¡¢ ¥Ç¥¸¥¿
¥ë£É£Ä web.nix.co.jj ¤È¤¤¤¦¤Î¤¬¸«¤¨¤ë¤Ï¤º¤Ç¤¢¤ë¡£°ìÊý ccc.der ¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¡¢¤ä
¤Ã¤Æ¤¤¤¯¤È [½ð̾¼Ô] ¤ÎÊý¤Ë¥Ç¥¸¥¿¥ë£É£Ä¤¬Æþ¤Ã¤Æ¤¤¤¯¡£
--------------------------
| Netscape
|-------------------------
| ¥»¥¥å¥ê¥Æ¥£¾ðÊó
| ¥Ñ¥¹¥ï¡Ý¥É ¢¨[ËÜ¿Í][¾¿Í][Web¥µ¥¤¥È] ºÇ½é¤Ï¶õ¤Ç²¿¤âÆþ¤Ã¤Æ¤¤¤Ê¤¤¡£
| Navigator
| Messenger
| ¾ÚÌÀ½ñ
| ËÜ¿Í << ¼«Ê¬ÍѤΥǥ¸¥¿¥ë£É£Ä¡£ºÇ½é¤Ï²¿¤âÆþ¤Ã¤Æ¤¤¤Ê¤¤¡£
| ¾¿Í << ¾¤Î¿Í¤Î¥Ç¥¸¥¿¥ë£É£Ä¡£¥á¡Ý¥ë¤Î S/MIME ¤Ç»È¤¦¡£
| Web¥µ¥¤¥È << £×£×£×¥µ¡Ý¥Ð¤Î¥Ç¥¸¥¿¥ë£É£Ä¡£
| ½ð̾¼Ô << VeriSign ¤Ê¤É´ö¤Ä¤«¤Î¥ë¡Ý¥È£Ã£Á¥Ç¥¸¥¿¥ë£É£Ä¤¬¤¢¤ë¡£
| °Å¹æ²½¥â¥¸¥å¡Ý¥ë
|
* FQDN ¤È£É£Ð¥¢¥É¥ì¥¹¤Ç¤Î¥¢¥¯¥»¥¹¤Î°ã¤¤
Netscape Communicator 4.75 ¤ä 4.78 ¤Ç³Îǧ¡£[ËÜ¿Í][Web¥µ¥¤¥È][½ð̾¼Ô]¤Ë¤Ï²¿¤â¤Ê¤·¡£
¤³¤ì¤Ç Apache ¤Î°Å¹æ²½¥µ¡Ý¥Ð¤Ë¥¢¥¯¥»¥¹¤¹¤ë¡£¥µ¡Ý¥Ð¤Î¥Û¥¹¥È̾¤Ï INDY ¤Ç¤¢¤ë¡£
a) https://indy/ ¤È¤ä¤ë¡£"¿·¤·¤¤¥µ¥¤¥È¾ÚÌÀ½ñ" ¤È¤¤¤¦²èÌ̤¬¼¡¡¹¤È£µ¤Ä½Ð¤Æ¤¯¤ë¡£¤½
¤³¤Ç "¡ü¾ÚÌÀ½ñ¤ò¼õ¤±ÉÕ¤±¤ë(͸ú´ü¸Â¤Þ¤Ç)" ¤òÁªÂò¡£[Web¥µ¥¤¥È]¤Ë¤Ï£×£×£×¥µ¡Ý¥Ð
¤Î¥Ç¥¸¥¿¥ë£É£Ä¤¬Æþ¤Ã¤¿¡£[½ð̾¼Ô] ¤Ë¤Ï²¿¤âÆþ¤é¤Ê¤«¤Ã¤¿¡£¤³¤Î¸å https://indy/¤È
¤ä¤Ã¤Æ¤â¡¢²¿¤â²èÌ̤ϽФÆÍè¤Ê¤«¤Ã¤¿¡£
b) https://192.9.10.2/ ¤È¤ä¤ë¡£"¿·¤·¤¤¥µ¥¤¥È¾ÚÌÀ½ñ" ¤È¤¤¤¦²èÌ̤¬¼¡¡¹¤È£µ¤Ä½Ð¤Æ¤¯
¤ë¡£ºÇ¸å¤Ë¼¡¤Î²èÌ̤¬²Ã¤¨¤Æ½Ð¤Æ¤¤¿¡£¤³¤Î²èÌ̤À¤±¤Ï¡¢¤³¤Î¸å¤âËè²ó½Ð¤Æ¤¯¤ë¡£
-----------------------------------------------------------------
| ¾ÚÌÀ½ñ¤Î³Îǧ
|
| ¥µ¥¤¥È '192.9.10.2' ¤«¤éÄó½Ð¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ë¤Ï¡¢Àµ¤·¤¤¥µ¥¤¥È̾¤¬
| ´Þ¤Þ¤ì¤Æ¤¤¤Þ¤»¤ó¡£Âè»°¼Ô¤¬¤³¤Î¥µ¥¤¥È¤È¤ÎÄÌ¿®¤ò˵¼õ¤·¤è¤¦¤È¤·¤Æ
| ¤¤¤ë²ÄǽÀ¤¬¤ï¤º¤«¤Ç¤¹¤¬¤¢¤ê¤Þ¤¹¡£¤â¤·¤â¡¢²¼¤Ëɽ¼¨¤µ¤ì¤ë¾ÚÌÀ½ñ
| ¤¬ÀܳÀè¤Î¤â¤Î¤Ç¤Ê¤¤¤È¤¤¤¦µ¿¤¤¤¬¤¢¤ë¾ì¹ç¤Ï¡¢Àܳ¤ò¥¥ã¥ó¥»¥ë¤·
| ¤Æ¡¢¥µ¥¤¥È´ÉÍý¼Ô¤ËÏ¢Íí¤·¤Æ²¼¤µ¤¤¡£
|
| °Ê²¼¤¬¡¢Äó½Ð¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ç¤¹:
|----------------------------------------------------------------
| ¾ÚÌÀ½ñ: NIX
| ½ð̾¼Ô: NIX
| °Å¹æ²½: Highest ¥°¥ì¡Ý¥É(RC4,128¥Ó¥Ã¥ÈÈëÌ©¸°) [¾ÜºÙ]
|----------------------------------------------------------------
| [¥¥ã¥ó¥»¥ë] [³¤±¤ë]
-----------------------------------------------------------------
¢¨Netscape ¤Î¥Ö¥é¥¦¥¶¤Ç¤Ï¡¢°Å¹æ²½£×£×£×¥¢¥¯¥»¥¹¤ËÅö¤¿¤ê¡¢ Netscape¤Ë¤Ï£×£×£×¤Î¥Ç
¥¸¥¿¥ë£É£Ä¤ò½ð̾¤·¤¿£Ã£Á¤Î¥Ç¥¸¥¿¥ë£É£Ä¤¬ËÜÍèÆþ¤Ã¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¤Î¤À¤¬¡¢¤Ê¤¯¤Æ
¤â»ÃÄêŪ¤Ë¼õ¤±ÉÕ¤±¤ë¤È¤¤¤¦Æ°¤¤ò¤¹¤ë¤è¤¦¤Ç¤¢¤ë¡£