プログラミングを完全に理解したエンジニアのメモ

チラ裏レベルのことしか書いてないインターネットの藻屑

トップ > bitnami > bitnamiをssl化する

bitnamiをssl化する

bitnami wordpress

csrの作成

秘密鍵を作成

$ sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048

秘密鍵からCSRを作成

$ sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr

作成のための質問項目に回答する

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:Minato-ku
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hogehoge, inc.
Organizational Unit Name (eg, section) []:development
Common Name (e.g. server FQDN or YOUR name) []:hogehoge.com
Email Address []:info@hogehoge.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$ mv cert.csr server.csr

ファイル認証

$ sudo vi /opt/bitnami/apache2/conf/bitnami/bitnami.conf
<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  RewriteEngine on←追加
  RewriteCond %{REQUEST_URI} !=/.well-known/pki-validation/fileauth.txt←追加

/home/bitnami/apps/wordpress/htdocs/.well-known/pki-validation にfileauth.txtを作成

各種ファイル作成

crtとcaを作成する。

$ sudo vi /opt/bitnami/apache2/conf/server.crt
$ sudo vi /opt/bitnami/apache2/conf/server-ca.crt

権限変更

$ sudo chown root:root /opt/bitnami/apache2/conf/server*
$ sudo chmod 600 /opt/bitnami/apache2/conf/server*

conf file編集

$ sudo vi /opt/bitnami/apache2/conf/bitnami/bitnami.conf
<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  RewriteEngine On←追加
  RewriteCond %{HTTPS} !=on←追加
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]←追加
<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
  SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt" ←追加
$ sudo /opt/bitnami/ctlscript.sh restart apache

(注)

SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"

ApacheのバージョンでSSLCACertificateFileかSSLCertificateChainFile変わる

Doc

Bitnami Application Stacks

Bitnami Application Stacks