bitnamiをssl化する
csrの作成
秘密鍵を作成
$ sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048
秘密鍵からCSRを作成
$ sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
作成のための質問項目に回答する
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Tokyo Locality Name (eg, city) []:Minato-ku Organization Name (eg, company) [Internet Widgits Pty Ltd]:hogehoge, inc. Organizational Unit Name (eg, section) []:development Common Name (e.g. server FQDN or YOUR name) []:hogehoge.com Email Address []:info@hogehoge.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
$ mv cert.csr server.csr
ファイル認証
$ sudo vi /opt/bitnami/apache2/conf/bitnami/bitnami.conf
<VirtualHost _default_:80> DocumentRoot "/opt/bitnami/apache2/htdocs" RewriteEngine on←追加 RewriteCond %{REQUEST_URI} !=/.well-known/pki-validation/fileauth.txt←追加
/home/bitnami/apps/wordpress/htdocs/.well-known/pki-validation
にfileauth.txtを作成
各種ファイル作成
crtとcaを作成する。
$ sudo vi /opt/bitnami/apache2/conf/server.crt $ sudo vi /opt/bitnami/apache2/conf/server-ca.crt
権限変更
$ sudo chown root:root /opt/bitnami/apache2/conf/server* $ sudo chmod 600 /opt/bitnami/apache2/conf/server*
conf file編集
$ sudo vi /opt/bitnami/apache2/conf/bitnami/bitnami.conf
<VirtualHost _default_:80> DocumentRoot "/opt/bitnami/apache2/htdocs" RewriteEngine On←追加 RewriteCond %{HTTPS} !=on←追加 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]←追加 <VirtualHost _default_:443> DocumentRoot "/opt/bitnami/apache2/htdocs" SSLEngine on SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt" SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key" SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt" ←追加
$ sudo /opt/bitnami/ctlscript.sh restart apache
(注)
SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"
はApacheのバージョンでSSLCACertificateFileかSSLCertificateChainFile変わる