[usr_cer]セクションに「nsCertType = server」があるのを確認(コメントアウトする)。
[v3_ca]セクションに「nsCertType = sslCA, emailCA」があるのを確認(コメントアウトする)。
$ cd /usr/lib/ssl/misc/ $ sudo ./CA.sh -newca CA certificate filename (or enter to create) //Enter Enter PEM pass phrase: //適当に Verifying - Enter PEM pass phrase: //確認 Country Name (2 letter code) [AU]: //JP State or Province Name (full name) [Some-State]: //YOUR-STATE Locality Name (eg, city) []: //YOUR-CITY Organization Name (eg, company) [Internet Widgits Pty Ltd]: //YOUR-ORGANIZATION-NAME Organizational Unit Name (eg, section) []: //YOUR-UNIT-NAME Common Name (eg, YOUR name) []: //YOUR-NAME Email Address []: //YOUR-EMAIL-ADDRESS A challenge password []: //ブランク An optional company name []: //ブランク Enter pass phrase for ./demoCA/private/./cakey.pem: //一番最初のパスフレーズを入れる #(パスフレーズが鬱陶しいので消す) $ sudo openssl rsa -in ./demoCA/private/cakey.pem -out ./demoCA/private/cakey.pem Enter pass phrase for cakey.pem: //一番最初のパスフレーズを入れる #(証明書の作成) $ sudo openssl x509 -in ./demoCA/cacert.pem -out ./demoCA/cacert.crt #(ブラウザにインポートするderファイル作成) $ sudo openssl x509 -inform pem -in ./demoCA/cacert.pem -outform der -out ./demoCA/ca.der #(apache2ディレクトリへコピー) $ sudo mkdir /etc/apache2/ssl $ sudo mkdir /etc/apache2/ssl/private $ sudo cp ./demoCA/private/cakey.pem /etc/apache2/ssl/private $ sudo cp ./demoCA/cacert.* /etc/apache2/ssl $ sudo chmod 640 /etc/apache2/ssl/private/cakey.pem
$ sudo a2enmod ssl
SSLEngine on SSLCertificateFile /etc/apache2/ssl/cacert.crt SSLCertificateKeyFile /etc/apache2/ssl/private/cakey.pem <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /var/www/inet/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SSLCARevocationFile /etc/apache2/ssl/crl/cacert.crl SSLCARevocationPath /etc/apache2/ssl/crlSSL(サーバ認証)を参照