ApacheでSSL(SNI)設定

httpd.conf 等の編集

LoadModule ssl_module path_to/mod_ssl.so

Listen 443 
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/path_to/ssl_scache(512000)"
SSLSessionCacheTimeout  300 
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256 
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

NameVirtualHost *:443

# SNIに未対応のブラウザ用にoffにしておく
SSLStrictSNIVHostCheck off 

<VirtualHost *:443>

    DocumentRoot "/var/www/hoge.com"
    ServerName hoge.com

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /path_to_certs/hoge.crt
    SSLCertificateKeyFile /path_to_certs/hoge.key

        .
        .

</VirtualHost>

<VirtualHost *:443>

    DocumentRoot "/var/www/fuga.com"
    ServerName fuga.com

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /path_to_certs/fuga.crt
    SSLCertificateKeyFile /path_to_certs/fuga.key

        .
        .

</VirtualHost>

うまく動かない時は apachectl configtest で誤りがないかチェック

apachectl configtest

トップ   差分 バックアップ リロード   一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2014-06-22 (日) 01:00:15 (1919d)