私のサーバーとクライアント間の通信を暗号化するために自己署名証明書を作成したいと思います。
OpenSSLを使用して、単一のコマンドで自己署名キーと証明書のペアを生成しています。
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
ただし、ログには次のものが表示されます。
[Mon Sep 27 13:42:01.478245 2021] [ssl:error] [pid 1344:tid 139789990751552] AH02604: Unable to configure certificate 176.57.122.225:443:0 for stapling
[Mon Sep 27 13:42:01.485956 2021] [ssl:warn] [pid 1345:tid 139789990751552] AH01906: 176.57.122.225:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Sep 27 13:42:01.486039 2021] [ssl:error] [pid 1345:tid 139789990751552] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=176.57.122.225,OU=discoter,O=discoter,L=Brux
elles,ST=Bruxelles,C=BE / issuer: CN=176.57.122.225,OU=discoter,O=discoter,L=Bruxelles,ST=Bruxelles,C=BE / serial: 2AD0C83CF40FCE881CCF862D5D1372957C7C3DF6 / notbefore: Sep 27 13:41:36 2021 GMT / notaft
er: Sep 27 13:41:36 2022 GMT]
[Mon Sep 27 13:42:01.486045 2021] [ssl:error] [pid 1345:tid 139789990751552] AH02604: Unable to configure certificate 176.57.122.225:443:0 for stapling
そして
more /etc/apache2/sites-available/default-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName 176.58.122.XXX
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>