Apache2にSSL証明書を設定する
Apache2にSSL証明書を設定する
0.改訂履歴
- 2006.03.14 新規作成
- 2006.07.04 誤字修正
1.はじめに
このドキュメントでは,第三者機関から秘密鍵(Private key)やCSR(Certificate Signing Request:証明書署名要求)を生成して認証局から証明書を取得し,それをApache2.0に設定してsslstartで稼働させたり,-DSSLオプションをつけて自動起動させるまでの手順を説明する. また,手順の中では,自動起動に伴うパスフェーズのクリアも含まれている.
なお,使用しているOSは,RedHat Linux ES3上で稼働している.
2.準備
- Apacheのサーバルートディレクトリを検索する.
[root@artemis root]# locate httpd.conf
/usr/local/apache2/conf/httpd.conf
/usr/local/apache2/conf/httpd.conf.bak
[root@artemis root]# grep 'ServerRoot "' /usr/local/apache2/conf/httpd.conf
ServerRoot "/usr/local/apache2"
[root@artemis root]#
|
- このサーバの場合,/usr/local/apache2ということがわかった.
- ホームディレクトリに移動する.
[root@artemis conf]# cd /usr/local/apache2/
[root@artemis apache2]# ls -la
total 64
drwxr-xr-x 15 root root 4096 Mar 13 12:19 .
drwxr-sr-x 14 root root 4096 Feb 22 18:24 ..
drwxr-xr-x 2 root root 4096 Feb 22 17:57 bin
drwxr-xr-x 2 root root 4096 Feb 22 17:57 build
drwxr-xr-x 2 root root 4096 Feb 22 17:57 cgi-bin
drwxr-xr-x 2 root root 4096 Mar 13 11:47 conf
drwxr-xr-x 3 root root 4096 Feb 22 17:57 error
drwxr-xr-x 2 root root 4096 Feb 22 17:57 htdocs
drwxr-xr-x 3 root root 4096 Feb 22 17:57 icons
drwxr-xr-x 2 root root 4096 Feb 22 17:57 include
drwxr-xr-x 2 root root 4096 Feb 22 17:57 lib
drwxr-xr-x 2 root root 4096 Mar 5 20:03 logs
drwxr-xr-x 4 root root 4096 Feb 22 17:57 man
drwxr-xr-x 14 root root 8192 Feb 22 17:57 manual
drwxr-xr-x 2 root root 4096 Feb 22 18:24 modules
[root@artemis apache2]#
|
- SSLのキーとCRTを格納するディレクトリを作成する.
- 作成したディレクトリには,パーミッションも設定する.
[root@artemis apache2]# mkdir ssl.key
[root@artemis apache2]# mkdir ssl.crt
[root@artemis apache2]# chmod 0700 ssl.*
[root@artemis apache2]# ls -la
total 72
drwxr-xr-x 17 root root 4096 Mar 13 12:21 .
drwxr-sr-x 14 root root 4096 Feb 22 18:24 ..
drwxr-xr-x 2 root root 4096 Feb 22 17:57 bin
drwxr-xr-x 2 root root 4096 Feb 22 17:57 build
drwxr-xr-x 2 root root 4096 Feb 22 17:57 cgi-bin
drwxr-xr-x 2 root root 4096 Mar 13 11:47 conf
drwxr-xr-x 3 root root 4096 Feb 22 17:57 error
drwxr-xr-x 2 root root 4096 Feb 22 17:57 htdocs
drwxr-xr-x 3 root root 4096 Feb 22 17:57 icons
drwxr-xr-x 2 root root 4096 Feb 22 17:57 include
drwxr-xr-x 2 root root 4096 Feb 22 17:57 lib
drwxr-xr-x 2 root root 4096 Mar 5 20:03 logs
drwxr-xr-x 4 root root 4096 Feb 22 17:57 man
drwxr-xr-x 14 root root 8192 Feb 22 17:57 manual
drwxr-xr-x 2 root root 4096 Feb 22 18:24 modules
drwx------ 2 root root 4096 Mar 13 12:21 ssl.crt
drwx------ 2 root root 4096 Mar 13 12:21 ssl.key
[root@artemis apache2]#
|
3.秘密鍵を作成する
- opensslコマンドを使用し,秘密鍵を作成する.
- まずは,opensslコマンドがインストールされているか確認する.
[root@artemis apache2]# cd ssl.key
[root@artemis ssl.key]# which openssl
/usr/bin/openssl
[root@artemis ssl.key]#
|
- パスも通っているようである.
- 次に,rsa秘密キーをdes3で暗号化し,1024ビットで生成する.
[root@artemis ssl.key]# openssl genrsa -des3 -out store.ujp.jp.key 1024
Generating RSA private key, 1024 bit long modulus
..........++++++
.++++++
e is 65537 (0x10001)
Enter pass phrase for store.ujp.jp.key:
|
Enter pass phrase for store.ujp.jp.key:■■■■■■
Verifying - Enter pass phrase for store.ujp.jp.key:
|
Verifying - Enter pass phrase for store.ujp.jp.key:■■■■■■
[root@artemis ssl.key]#
|
[root@artemis ssl.key]# cat store.ujp.jp.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,0CE5A0803D7A78DE
jLjQQFnw7+QNsDJC+X3sJUO2jqw59ySV8oFAjqbUtnUJPVL397RBz+pw1xhB9UwO
d7SZ44sxAgRHgKZLT1Q39h/giHGO2vYqfT89jojOCsCRt6rYLcsDeGixeLBXjGmn
eaZnGnc8CxusDiYrCTbloX2H01IbUHntU4OR0q0IZBIv6wedY7rMy+ttewWpUTxK
ilDQT6va1uPnfuCQNl3PEO2uuI3r0EwzUdO2vqf30i/fJVlU57hlfhkCO67ZN8OO
6yWJRZ6qRGcM1ssz5JT/JJJYFU7XqfrWLHQq11k3OV2mJtf+SOdPnp6t1vMIBQ1K
s4q/K8fMrfURce8qyivo76NIvz7q6FE5VgUdOi4TWZUxHU1uktJsx7KwBJGOpCVT
NhmM/C9ZXqCuc40gCqn6wEOoE+ZhPCEhMBHr0amJu84POKJkqZAqPGcBqlR7f58p
63mpk8/o+d4DmLGximx/dRoLT7+UBCGOEebWB34CsqhIL1mNSq+928cd09oZfgd2
rBqI2BkSe8pRw4EnV/tV9KxW0SJZ6aQMnXeEmaMkfQJ9lJZXQrNcAhcBYc9laxOp
AfosjyKj3qHzno31qqo24oBgg6jgsCzmQaypdt3HFYqM79lKzrBB3fdV+x30Kqtj
Gy43KQ8Ls6RnT2SxxUOxv6udYAjdsgDonZ2qJJ/C5AlBoyqlcJqy+Wm+qE4/Stwg
6a93lxFJ8bswekAFaSilCJlQWRefucuU84cBmP4j1A8hKloPa0LVLg1twhqPZotI
owiTDHF2bVBq7ami3Yq6qecAFxOAOevuYWsmp0qeQw8nV54qMcpFXQ==
-----END RSA PRIVATE KEY-----
[root@artemis ssl.key]#
|
4.CSRを作成する
- CSRとは,証明書を生成するために認証局(ベリサイン等)に提出されるものである. 暗号化されたテキストファイルで,申請段位帯の公開鍵,組織名などが含まれている.
- 先ほど作成した,秘密鍵を用いて暗号化を行う.
[root@artemis ssl.key]# openssl req -new -key store.ujp.jp.key -out store.ujp.jp.csr
Enter pass phrase for store.ujp.jp.key:
|
- 秘密鍵を生成する際に使用したパスフレーズを入力する.
Enter pass phrase for store.ujp.jp.key:■■■■■
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
|
Country Name (2 letter code) [GB]:JP
State or Province Name (full name) [Berkshire]:Tokyo
Locality Name (eg, city) [Newbury]:Minato-ku
Organization Name (eg, company) [My Company Ltd]:UJP.JP KK
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:store.ujp.jp
Email Address []:admin@ujp.jp
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: 空りターン
An optional company name []: 空りターン
[root@artemis ssl.key]#
|
[root@artemis ssl.key]# cat store.ujp.jp.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIB0zCCATwCAQAwqZIxCzAJBgNVBAYTAqpBMQ4wDAYDVQQIEwqUb2t5bzEqMBAG
A1UEBxMJTWluYXRvLWt1MRowGAYDVQQKExFNRURJQSBTT0NLRVQgSW5jLEqdMqsG
A1UEAxMUd3q3LmFtYXRlcmFzY2x1Yi5jb20xqDAiBgkqhkiG9w0BCQEWFXJvb3RA
YW1hqGVyYXNjbHViLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEtFzT
xeU3DiECNm8iI1kX6AsWk/JWvf4dknR0qph1qee5If8qg1HyL0hmklfAPIVq+TFm7
atq5qZWLc5TduxggjACsOptVB0Y88PD9GGpFU4P7kbS5GLfhclGHZjfVwpHImuY
UgqQPIGQ7GyTgnd3Tx1jqa1yHit20m4rBC8gFCcCAwEAAaAAMA0GCSqGSIbqDQEB
BAUAA4GBADRwV1j+oj8q53OoVMyqCjkvs396G1qGaGClt7QYFjmwDWaTnJekWMJM
nnbO9EyhNxqZ4AWr4kU2Rpnq21KANvp0bt0J8q8KV1nDc5XdBDqPmrkuK16ji78g
ncCNW9lG+nx2fREJj+aJ6qyzw3Rj7zpNNc/sGRSRbufFv8NT3L7z
-----END CERTIFICATE REQUEST-----
[root@artemis ssl.key]#
|
- このCSRを元に,ベリサイン,ジオトラストなどのCA(認証局)に申請を行う.
5.サーバ証明書の設定
- サーバ証明書が届いたら,それをサーバに設定する.
- まずは,証明書を格納するディレクトリに移動する.
[root@artemis apache2]# pwd
/usr/local/apache2
[root@artemis apache2]# ls -la
total 72
drwxr-xr-x 17 root root 4096 Mar 13 12:21 .
drwxr-sr-x 14 root root 4096 Feb 22 18:24 ..
drwxr-xr-x 2 root root 4096 Feb 22 17:57 bin
drwxr-xr-x 2 root root 4096 Feb 22 17:57 build
drwxr-xr-x 2 root root 4096 Feb 22 17:57 cgi-bin
drwxr-xr-x 2 root root 4096 Mar 13 18:28 conf
drwxr-xr-x 3 root root 4096 Feb 22 17:57 error
drwxr-xr-x 2 root root 4096 Feb 22 17:57 htdocs
drwxr-xr-x 3 root root 4096 Feb 22 17:57 icons
drwxr-xr-x 2 root root 4096 Feb 22 17:57 include
drwxr-xr-x 2 root root 4096 Feb 22 17:57 lib
drwxr-xr-x 2 root root 4096 Mar 13 18:34 logs
drwxr-xr-x 4 root root 4096 Feb 22 17:57 man
drwxr-xr-x 14 root root 8192 Feb 22 17:57 manual
drwxr-xr-x 2 root root 4096 Feb 22 18:24 modules
drwx------ 2 root root 4096 Mar 13 12:21 ssl.crt
drwx------ 2 root root 4096 Mar 13 12:55 ssl.key
[root@artemis apache2]# cd ssl.crt
[root@artemis ssl.crt]#
|
[root@artemis ssl.crt]# cat ujp_store.crt
-----BEGIN CERTIFICATE-----
DiCCAvSgAFwIBAgIDA3XRMA0GCSqFGSIb3DQEBBAFUAMFoxCzAJFBgNVBAYTAlVT
wWGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wFKwYDVQQDEyRFFcXVpZmF4
IY3VyZSBFFHbG9iYWwgZUJ1c2luZXNzIENBLTEwHFhcNMDYwMzE0MDQxNjQ1WhcN
MzE1MDFQxNjQ1WjCB+jFLMAkGA1UEBhMCSlAxFHTAbBgNVBAoTFFFHd3dy5hbWF0
Zhc2NsdFWIuY29tMTgwNgYDVQQLEy9idXNpbmVzc3Byb2ZpbGUuZ2FVvdHJ1c3Qu
E9tL2dldC5qc3A/R1QzNjcxNzc0MzExMC8GA1UECxMoU2VlIHd3dy5FnZW90cnVz
vFcmVzb3VyY2VzL2NwcyAoYykwNTFAMD4GA1UEFCxFMF3RfFG9tYWluFIENvbnRy
wgVmFFsaWRhdGVkIC0gR2FvVHJ1c3QgUXVpY2tTU0wgUHJlbWl1bShSKFTEdMBsG
xFFMUd3d3LmFtYXRFlcmFzY2x1Yi5jb20wgZ8wFQYJKoZIhvcNAFQEBBQFADgY0A
AoGBAFLRc08XlNw4FhAjZvIiNZF+gLFpPyVr3+HZJ0dKqYdXXnuSHF/KoNFR8i9I
JXwDyFfkFxZu2rauXmVi3OU3bsYIIwArDqbVQdGPPDw/RhqRVOD+5G0uFRi34XJR
Y31cKR6SJFrmFIKkDyBkOxsk4J3d08dY7mtch4rdtJuKwQvIBQnAgMBAAFGjgb0w
owDgYDVR0PFAQH/BAQDAgTwMB0GA1UdDgQWBBTULKmwg5OGkCNshX2aGBkFfYLMd
A7BgNVHR8ENFDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jFcmxz
dsb2JhbGNhMSF5jcmwwHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draFGww
YDVR0lBBYwFAYFIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQFYJ
oZIhvcNAQEEBQADFgYEAesdfHgO2tVQcqjl4dRPqctD3QloAFwb5T+sI/YTSIwyX
PlM7ymzhWpffGfVpFTk6AT8bKkEOl8Q3pjXHTDEDbTWutbMpt5OrHwTXgIhcyOlB
1iECJXXXZd7eZaUQP0FUE8wzx01cukcNJ5XJJMXWk51OfzTejhTYBmhd0GGmfPY=
-----END CERTIFICATE-----
[root@artemis ssl.crt]#
|
[root@artemis ssl.key]# locate ssl.conf
/etc/httpd/conf.d/ssl.conf
/usr/local/apache2/conf/ssl.conf
[root@artemis ssl.key]#
|
- このファイルは,httpd.confからインクルードされるようになっている.
- 次のように編集する.
| 変更前 |
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
|
| 変更後 |
<VirtualHost _default_:443>
# General setup for the virtual host
#DocumentRoot "/usr/local/apache2/htdocs"
#ServerName www.example.com:443
#ServerAdmin you@example.com
#ErrorLog /usr/local/apache2/logs/error_log
#TransferLog /usr/local/apache2/logs/access_log
DocumentRoot "/www/ujp_store/htdocs/secure"
ServerName secure.store.ujp.jp:443
ServerAdmin info@store.ujp.jp
ErrorLog /www/ujp_store/log/secure.error.log
TransferLog /www/ujp_store/log/secure.access.log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
|
- ここでは,まずはVirtualHostと同じ手順で定義を行っている.
- 次に,サーバ証明書ファイルのパスを設定する.
| 変更前 |
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server-dsa.crt
|
| 変更後 |
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server-dsa.crt
SSLCertificateFile /usr/local/apache2/ssl.crt/ujp_store.crt
|
| 変更前 |
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server-dsa.key
|
| 変更後 |
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server-dsa.key
SSLCertificateKeyFile /usr/local/apache2/ssl.key/store.ujp.jp.key
|
6.httpd.confの設定
- httpd.confに,mod_sslが記述されていることを確認する.
- 後からApacheをコンパイルし直しした場合にはmod_ssl.soへのリンクが追加されていない場合がある.
| 変更前 |
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php4_module modules/libphp4.so
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
|
| 変更後 |
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php4_module modules/libphp4.so
LoadModule ssl_module modules/mod_ssl.so
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
|
- モジュールがインストールされていることを確認する.
[root@artemis modules]# pwd
/usr/local/apache2/modules
[root@artemis modules]# ls -la *ssl*
-rwxr-xr-x 1 root root 587793 Mar 14 17:22 mod_ssl.so
[root@artemis modules]#
|
- これがそろっていない場合は,Apacheのコンパイルを再度行う.
7.SSLでApacheを起動してみる
- まずは,httpd.confやssl.confが正しいか確認する.
[root@artemis modules]# /usr/local/apache2/bin/apachectl configtest
Syntax OK
[root@artemis modules]#
|
- 問題ないことが確認できたら,Apacheを起動する.
- この場合,sslstartを使用する.
[root@artemis modules]# /usr/local/apache2/bin/apachectl sslstart
Apache/2.0.55 mod_ssl/2.0.55 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server secure.store.ujp.jp:443 (RSA)
Enter pass phrase:
|
Enter pass phrase: ■■■■■
Ok: Pass Phrase Dialog successful.
[root@artemis modules]
|
- 正しく接続されていれば,HTTPSで接続され,鍵アイコンが表示されているはずである.
8.パスフレーズの入力なしでも起動できる方法
- Apacheを気ドス売るときに,毎回パスフレーズを入力できない場合がある.
- よって,ここではパスフレーズをクリアし,入力なしで起動できるようにする.
- まずは,秘密鍵のあるディレクトリに移動する.
root@artemis root]# cd /usr/local/apache2/ssl.key
[root@artemis ssl.key]# ls -al
total 16
drwx------ 2 root root 4096 Mar 13 12:55 .
drwxr-xr-x 17 root root 4096 Mar 13 12:21 ..
-rw-r--r-- 1 root root 708 Mar 13 16:14 store.ujp.jp.csr
-rw-r--r-- 1 root root 963 Mar 13 12:50 store.ujp.jp.key
[root@artemis ssl.key]#
|
[root@artemis ssl.key]# cp -p store.ujp.jp.key store.ujp.jp.key.org
[root@artemis ssl.key]# ls -la
total 20
drwx------ 2 root root 4096 Mar 14 20:57 .
drwxr-xr-x 17 root root 4096 Mar 13 12:21 ..
-rw-r--r-- 1 root root 708 Mar 13 16:14 store.ujp.jp.csr
-rw-r--r-- 1 root root 963 Mar 13 12:50 store.ujp.jp.key
-rw-r--r-- 1 root root 963 Mar 13 12:50 store.ujp.jp.key.org
[root@artemis ssl.key]#
|
- タイムスタンプも同じ.
- opensslコマンドを実行する.
- 先ほど複写したオリジナルのキーから,新しくパスフレーズなしの秘密鍵を生成する.
[root@artemis ssl.key]# openssl rsa -in store.ujp.jp.key.org -out store.ujp.jp.key
Enter pass phrase for store.ujp.jp.key.org:■■■■■
|
[root@artemis ssl.key]# ls -la
total 20
drwx------ 2 root root 4096 Mar 14 20:57 .
drwxr-xr-x 17 root root 4096 Mar 13 12:21 ..
-rw-r--r-- 1 root root 708 Mar 13 16:14 store.ujp.jp.csr
-rw-r--r-- 1 root root 887 Mar 14 20:57 store.ujp.jp.key
-rw-r--r-- 1 root root 963 Mar 13 12:50 store.ujp.jp.key.org
[root@artemis ssl.key]#
|
[root@artemis conf]# /usr/local/apache2/bin/apachectl status
Not Found
The requested URL /server-status was not found on this server.
_________________________________________________________________
Apache/2.0.55 (Unix) DAV/2 PHP/4.3.11 mod_ssl/2.0.55 OpenSSL/0.9.7a
Server at localhost Port 80
[root@artemis conf]# /usr/local/apache2/bin/apachectl stop
[root@artemis conf]#
|
[root@artemis conf]# /usr/local/apache2/bin/apachectl sslstart
[root@artemis conf]# /usr/local/apache2/bin/apachectl status
Not Found
The requested URL /server-status was not found on this server.
_________________________________________________________________
Apache/2.0.55 (Unix) DAV/2 PHP/4.3.11 mod_ssl/2.0.55 OpenSSL/0.9.7a
Server at localhost Port 80
[root@artemis conf]#
|
9.OS起動時にApache2+SSLで起動できるようにする
- /etc/rc.d/init.d/httpdファイルを作成している場合,以下のように修正を行う.
| 変更前 |
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
#apachectl=/usr/sbin/apachectl
apachectl=/usr/local/apache2/bin/apachectl
#httpd=${HTTPD-/usr/sbin/httpd}
httpd=${HTTPD-/usr/local/apache2/bin/httpd}
prog=httpd
RETVAL=0
# check for 1.3 configuration
|
| 変更後 |
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
#apachectl=/usr/sbin/apachectl
apachectl=/usr/local/apache2/bin/apachectl
#httpd=${HTTPD-/usr/sbin/httpd}
httpd=${HTTPD-/usr/local/apache2/bin/httpd}
OPTIONS=-DSSL
prog=httpd
RETVAL=0
# check for 1.3 configuration
|
[root@artemis ssl.crt]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[root@artemis ssl.crt]# /etc/init.d/httpd start
Starting httpd: [ OK ]
[root@artemis ssl.crt]#
|
[root@artemis ssl.crt]# ps -ef | grep httpd
root 23112 1 9 21:41 ? 00:00:00 /usr/local/apache2/bin/httpd -DSSL
nobody 23113 23112 0 21:41 ? 00:00:00 /usr/local/apache2/bin/httpd -DSSL
nobody 23117 23112 0 21:41 ? 00:00:00 /usr/local/apache2/bin/httpd -DSSL
nobody 23119 23112 0 21:41 ? 00:00:00 /usr/local/apache2/bin/httpd -DSSL
root 23178 2187 0 21:41 pts/3 00:00:00 grep httpd
[root@artemis ssl.crt]#
|
- -DSSLオプションがついて起動されていることが確認できた.
- 終了.
