ubuntuでssl

俺様サーバー

ubuntuでssl

インストールしてみた。
でも動いているのかあやしい…。

今はルーターのポートをあけられないので
確認できないがとりあえずはメモ。

(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
のエラーがでてapacheが起動できなくなかったのだが、
いろいろいじってたら突然出なくなって起動できた。
特に設定とかいじっていないはずなのだが…。
何をして解決できたのかわからない…。

[参考]
http://d.hatena.ne.jp/rudeboyjet/20070124/p1
証明書の作り方

http://kunik.no-ip.com/2007/10/20/0146/ubuntu-gutsy-apache2-ssl-setting.html
http://www.key-p.com/blog/ohnishi/article.php?id=87

http://hiruandon.net/article.php?story=20070108191759906
古い??

———————————————-

~$ sudo a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
~$ sudo vi /etc/ssl/openssl.cnf
~$ cd /usr/lib/ssl/misc/
/usr/lib/ssl/misc$ sudo ./CA.sh -newca
CA certificate filename (or enter to create)

Making CA certificate …
Generating a 1024 bit RSA private key
..++++++
…………………++++++
writing new private key to ‘./demoCA/private/./cakey.pem’
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Test
Locality Name (eg, city) []:Test
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:test
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 0 (0x0)
Validity
Not Before: Mar 23 15:21:56 2009 GMT
Not After : Mar 22 15:21:56 2012 GMT
Subject:
countryName = JP
stateOrProvinceName = Test
organizationName = Internet Widgits Pty Ltd
commonName = test
X509v3 extensions:
X509v3 Subject Key Identifier:
73:D7:F1:C3:76:13:2A:C5:FE:E0:EF:51:9F:0E:40:8F:7E:8E:F3:B6
X509v3 Authority Key Identifier:
keyid:73:D7:F1:C3:76:13:2A:C5:FE:E0:EF:51:9F:0E:40:8F:7E:8E:F3:B6
DirName:/C=JP/ST=Test/O=Internet Widgits Pty Ltd/CN=test
serial:00

X509v3 Basic Constraints:
CA:TRUE
Netscape Cert Type:
SSL CA, S/MIME CA
Certificate is to be certified until Mar 22 15:21:56 2012 GMT (1095 days)

Write out database with 1 new entries
Data Base Updated
/usr/lib/ssl/misc$ sudo openssl rsa -in ./demoCA/private/cakey.pem -out ./demoCA/private/cakey.pem
Enter pass phrase for ./demoCA/private/cakey.pem:
writing RSA key
/usr/lib/ssl/misc$ sudo openssl x509 -in ./demoCA/cacert.pem -out ./demoCA/cacert.crt
/usr/lib/ssl/misc$ sudo openssl x509 -inform pem -in ./demoCA/cacert.pem -outform der -out ./demoCA/ca.der
/usr/lib/ssl/misc$ sudo zcat /usr/share/doc/apache2.2-common/examples/apache2/extra/httpd-ssl.conf.gz > ~/httpd-ssl.conf /usr/lib/ssl/misc$ ls -la ~
/usr/lib/ssl/misc$ sudo mv /home/markvb/httpd-ssl.conf /etc/apache2/sites-available/
/usr/lib/ssl/misc$ sudo vi /etc/apache2/sites-available/httpd-ssl.conf
/etc/apache2/sites-available$ sudo a2ensite httpd-ssl.conf
Site httpd-ssl.conf installed; run /etc/init.d/apache2 reload to enable.
/etc/apache2/sites-available$ sudo /etc/init.d/apache2 reload
Warning: DocumentRoot [/var/www/verryberry/android/www/] does not exist
Syntax error on line 99 of /etc/apache2/sites-enabled/httpd-ssl.conf:
SSLCertificateFile: file ‘/etc/apache2/server.crt’ does not exist or is empty
…fail!
/etc/apache2/sites-available$ sudo vi /etc/apache2/sites-enabled/httpd-ssl.conf
/etc/apache2/sites-available$ sudo /etc/init.d/apache2 reload
* Reloading web server config apache2
[ OK ]
/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
* Restarting web server apache2
httpd (pid 16504?) not running
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
[fail]
/etc/apache2/sites-available$ sudo /etc/init.d/apache2 start
* Starting web server apache2 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
[fail]
/etc/apache2/sites-available$ sudo /etc/init.d/apache2 start
* Starting web server apache2 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
[fail]
/etc/apache2/sites-available$ sudo /etc/init.d/apache2 start
* Starting web server apache2 apache2: Syntax error on line 298 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/sites-enabled/httpd-ssl.conf: No such file or directory
[fail]
/etc/apache2/sites-available$ sudo mv ~/httpd-ssl.conf_20090323 ../sites-enabled/httpd-ssl.conf
/etc/apache2/sites-available$ sudo /etc/init.d/apache2 start
* Starting web server apache2 [ OK ]