#contents
*** ハードウエア [#s2015e58]
- Mini PC Intel NUC Kit NUC5CPYH
-- Celeron N3050 (64bit)
-- bios062 (20170813) --- &ref(PY0062.bio);
*** ソフトウエアベース [#ad0dd999]
- Ubuntu Server 14.04-LTS (サーバー版を利用)
*** 証明書 [#ec5ec835]
- &ref(ORDER#15187565.eml);
*** 固定 IP 化 [#b0c45369]
- /etc/network/interface
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#auto p2p1
#iface p2p1 inet dhcp
auto p2p1
iface p2p1 inet static
address 192.168.1.25
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.25
- /etc/hostname
mail-admin@mail:~$ cat /etc/hostname
mail.hmuna.com
- /etc/resolve.conf
mail-admin@mail:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.25
*** bind9 [#m65a489c]
- &ref(bindset.tgz);
*** メールサーバー(postfix, dovecot, mysql) [#m8bbff17]
- postfix の virtual mailbox モード
- https://www.exratione.com/2014/05/a-mailserver-on-ubuntu-1404-postfix-dovecot-mysql/
*** ntp [#g60a1eec]
- /etc/ntp.conf でタイムソースを変更
# Specify one or more NTP servers.$
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board$
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for$
# more information.$
#server 0.ubuntu.pool.ntp.org$
#server 1.ubuntu.pool.ntp.org$
#server 2.ubuntu.pool.ntp.org$
#server 3.ubuntu.pool.ntp.org$
server ntp1.jst.mfeed.ad.jp iburst$
server ntp2.jst.mfeed.ad.jp iburst$
server ntp3.jst.mfeed.ad.jp iburst$
*** VPN Server(Softether) [#d32d973b]
*** サーバー証明書更新(2016-12-31) [#vdf9a6cc]
- namecheap から Symantec (Symantec, GeoTrust, and Thawte) との契約を解消し Comodo と契約したとの連絡があり、推奨された 下記の証明書を新規に購入(3年間)した。
- 購入詳細履歴は ------- &ref(Namecheap.com Order Summary.eml);
-- Order Date: Dec 30, 2016 09:16:09 PM
-- Order Number: 24331097
-- Transaction ID: 29079556
-- User Name: wikihmuna
- CSR (Certificate Signing Request=署名要求) を以下の内容で作成(証明書名は mail.hmuna2017 としている)
mail-admin@mail:/etc/ssl$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout mail.hmuna2017.key -out mail.hmuna2017.csr
Generating a 2048 bit RSA private key
.............+++
.+++
writing new private key to 'mail.hmuna2017.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Kanagawa
Locality Name (eg, city) []:Yokohama
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NA
Organizational Unit Name (eg, section) []:NA
Common Name (e.g. server FQDN or YOUR name) []:mail.hmuna.com
Email Address []:mail-admin@hmuna.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
- 生成されたCSR(署名要求)の中味
mail-admin@mail:/etc/ssl$ ls -l
total 48
drwxr-xr-x 2 root root 20480 Jul 22 00:58 certs
-rw-r--r-- 1 root root 1054 Dec 31 12:06 mail.hmuna2017.csr
-rw-r--r-- 1 root root 1704 Dec 31 12:06 mail.hmuna2017.key
-rw-r--r-- 1 root root 1903 Jul 20 14:57 mail_hmuna_com.crt
-rw-r--r-- 1 root root 10835 Dec 4 2015 openssl.cnf
drwx--x--- 2 root ssl-cert 4096 Jul 22 00:36 private
- サーバー証明書の中味
mail-admin@mail:/etc/ssl$ cat mail.hmuna2017.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAkpQMREwDwYDVQQIDAhLYW5hZ2F3YTER
MA8GA1UEBwwIWW9rb2hhbWExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEXMBUG
A1UEAwwObWFpbC5obXVuYS5jb20xIzAhBgkqhkiG9w0BCQEWFG1haWwtYWRtaW5A
aG11bmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr23a2xnH
N7N+1SakfLHSizPe04epbETWIDaBomg2PYNaQimMM9W5Et4j9DO8+v9UoVHQXI3T
ujesNElGG1zAC+C/Y+ak9KrXsjX8ylyK5FIAZWX7Pe4Tr99faiX9rwJV+P06nUhD
Wsm6Qxsw6N14bM7Rzc1rx6xEygrIVFMSL2yc2xsHNfvClUIlwRf2wGy27vHy+Yeo
swJ+OsakgxIDVeOWoEvdN/yXKLZzOL++WFICx3HJoP3pra3KC5TzC5biEVClATIg
/SxBqOKSJp9/NcMTlNtnsWSFHbnDhwg7nF8arfN8dPP9g/IpQotL2n/p+sPPaWRh
2wAC/JjIc/O0TwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAA/6A0ARldMDkqeQ
tpQb5c+xODu+8x3XtV+E3xo95aQW/5vpgXy81rD0fxZH0HqyD3blNhEwd1rbfJoS
/Wasmpsa7gSa1vUm5h8i3i4SMHdnY2J4xWyfLRIzUgwqZ5msNW++zDMw8ZiTkbO+
LMiM4SdxTrI0y729hKjkaHeC+Ctc5PgfyL/PcTkxLBsg3ZuGhHLGSvK6x+8t8vUQ
IEJeEI1r6X0Lre9TELtWBIBlPZy/EyRJU6rINaYozpLfpn1qgosyKYICkk/TSw8a
/7jsq6be9F6RwXpdgk3fPJyXxzzRdhyKUFUtgWTG9flpt9/RAjEpiPHgi0AM0Iwk
+oimXjA=
-----END CERTIFICATE REQUEST-----
- 発行された証明書 (&ref(mail_hmuna_com.zip);)と [[ロゴ:http://www.trustlogo.com/install/index7.html]]
- &color(red){証明書をインストールしようとして気付いたが、上にリンクがある別の契約書が既に有効で期限も2019年7月とほぼ同じタイミングであることが判明。 今回の購入は無駄だった。 こちらは発行はされたがインストールしないままとする。 次回更新時にこれを延長しないように注意が必要!};
&ref(SSL_confused.JPG);
![[PukiWiki]](image/taikyoku.gif "[PukiWiki]")
