UbuntuでApache用の自己署名SSL証明書を作成する

UbuntuでApache用の自己署名SSL証明書を作成する

私のサーバーとクライアント間の通信を暗号化するために自己署名証明書を作成したいと思います。

OpenSSLを使用して、単一のコマンドで自己署名キーと証明書のペアを生成しています。

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

ただし、ログには次のものが表示されます。

[Mon Sep 27 13:42:01.478245 2021] [ssl:error] [pid 1344:tid 139789990751552] AH02604: Unable to configure certificate 176.57.122.225:443:0 for stapling
[Mon Sep 27 13:42:01.485956 2021] [ssl:warn] [pid 1345:tid 139789990751552] AH01906: 176.57.122.225:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Sep 27 13:42:01.486039 2021] [ssl:error] [pid 1345:tid 139789990751552] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=176.57.122.225,OU=discoter,O=discoter,L=Brux
elles,ST=Bruxelles,C=BE / issuer: CN=176.57.122.225,OU=discoter,O=discoter,L=Bruxelles,ST=Bruxelles,C=BE / serial: 2AD0C83CF40FCE881CCF862D5D1372957C7C3DF6 / notbefore: Sep 27 13:41:36 2021 GMT / notaft
er: Sep 27 13:41:36 2022 GMT]
[Mon Sep 27 13:42:01.486045 2021] [ssl:error] [pid 1345:tid 139789990751552] AH02604: Unable to configure certificate 176.57.122.225:443:0 for stapling

そして

more /etc/apache2/sites-available/default-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName 176.58.122.XXX
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile  /etc/ssl/certs/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

    </VirtualHost>
</IfModule>

関連情報