HomeServer15 の編集

#contents();

*** 証明書の購入 [#x7eb2e10]
- [[namecheap:https://www.namecheap.com/]] から引き続き購入 (2018-07-06)
-- user = wikihmuna
-- pass = frex7785
- 今回から最長で2年分の購入となった
- 購入履歴 ----> &ref(Order_36311561.eml);
 Order Date: 	 	Jul 5, 2018 09:16:07 PM 
 Order Number: 	 	36311561
 Transaction ID: 	42200323 
 User Name: 	 	wikihmuna 
 Final Cost: 	 	$15.76

- &color(red){Certificate ID = 4412847};

*** 証明書発行に必要な CSR (=Certificate Signing Request) の作成 [#u38d0269]
- /etc/ssl/official4 を作成
- private key の作成
-- 生成コマンド = sudo openssl genrsa -des3 -out wiki.hmuna.com.privatekey 2048
-- パスフレーズ = &color(red){nanamochahiko};
 munakata@mythen:/etc/ssl/official4 (master *)$ sudo openssl genrsa -des3 -out wiki.hmuna.com.privatekey 2048
 Generating RSA private key, 2048 bit long modulus
 ......+++
 ...+++
 e is 65537 (0x10001)
 Enter pass phrase for wiki.hmuna.com.privatekey:
 Verifying - Enter pass phrase for wiki.hmuna.com.privatekey:
 
 munakata@mythen:/etc/ssl/official4 (master *)$ ls -l
 合計 4
 -rw-r--r-- 1 root root 1743  7月 16 03:35 wiki.hmuna.com.privatekey

-- &ref(wiki.hmuna.com.privatekey);

- CSR の作成
-- 生成コマンド = sudo openssl req -new -key wiki.hmuna.com.privatekey -out wikihmunaCSR.csr
-- 入力パラメータ
 munakata@mythen:/etc/ssl/official4 (master *)$ sudo openssl req -new -key wiki.hmuna.com.privatekey -out wikihmunaCSR.csr
 Enter pass phrase for wiki.hmuna.com.privatekey:
 You are about to be asked to enter information that will be incorporated into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:JP
 State or Province Name (full name) [Some-State]:Kanagawa
 Locality Name (eg, city) []:Yokohama
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT admin
 Organizational Unit Name (eg, section) []:IT
 Common Name (e.g. server FQDN or YOUR name) []:kgb.hmuna.com
 Email Address []:
 
 Please enter the following 'extra' attributes to be sent with your certificate request
 A challenge password []:
 An optional company name []:

-- &ref(wikihmunaCSR.csr);
//- &ref(CSR_requested.jpg);

*** SSL 証明書の有効化 [#zb62bd42]
- postmaster@hmuna.com あてに確認メッセージが送られる
- %%postmaster@hmuna.com は server_admin@hmuna.com に転送される%%
- &color(red){正しくは postmaster@hmuna.com は mail-admin@hmuna.com に転送される};

- 証明書発行メール => &ref(ORDER #156842933 - Your PositiveSSL Certificate for kgb.hmuna.com.eml);
- ロゴ　発行メール => &ref(ORDER #156842933 - Your COMODO SSL TrustLogo is ready!.eml);

- 証明書 (Jul 15, 2018 - &color(red){Jul 28, 2020};) => &ref(kgb_hmuna_com.zip);

*** メール転送の確認 [#wd1822f0]
- https://mail.hmuna.com/postfixadmin/ にアクセス（vmailbox の管理ツール、AWS 上で稼働）
-- user = mail-admin
-- pass = admin7785

*** サーバー(kgb.hmuna.com を実行する apache2) へのインストール [#e39e6b37]
- 上記の zip ファイルを /etc.ssl/official4 以下にコピーして展開したところ
 munakata@mythen:/etc/ssl/official4 (master *)$ ls -l
 合計 28
 -rw-rw-rw- 1 root root 4103  2月 12  2014 kgb_hmuna_com.ca-bundle
 -rw-rw-rw- 1 root root 2419  7月 15 00:00 kgb_hmuna_com.crt
 -rw------- 1 root root 6776  7月 16 05:56 kgb_hmuna_com.zip
 -rw-r--r-- 1 root root 1743  7月 16 03:35 wiki.hmuna.com.privatekey
 -rw-r--r-- 1 root root 1009  7月 16 03:43 wikihmunaCSR.csr

- /etc/apache2/site-available/kgb.hmuna.com を編集
 108 >---#   Server Certificate:↲
 109 >---#SSLCertificateFile      /etc/ssl/official/wikihmunaSSLCertificateFile.pem↲
 110 >---#SSLCertificateFile      /etc/ssl/official2/wikihmunaSSLCertificateFile2.pem↲
 111 >---#SSLCertificateFile      /etc/ssl/official2/kgb_hmuna_com.crt↲
 112 >---#SSLCertificateFile      /etc/ssl/official3/kgb_hmuna_com.crt↲
 113 >---SSLCertificateFile       /etc/ssl/official4/kgb_hmuna_com.crt↲
 114 >---#   Server Private Key:↲
 115 >---#SSLCertificateKeyFile   /etc/ssl/official/wikihmunaPrivateKey.key↲
 116 >---#SSLCertificateKeyFile   /etc/ssl/official2/wiki.hmuna.com.privatekey↲
 117 >---#SSLCertificateKeyFile   /etc/ssl/official2/kgb.hmuna.com.privatekey↲
 118 >---#SSLCertificateKeyFile   /etc/ssl/official3/kgb201707.key↲
 119 >---SSLCertificateKeyFile    /etc/ssl/official4/wiki.hmuna.com.privatekey↲
 120 >---#   Server Certificate Chain:↲
 121 >---#SSLCertificateChainFile /etc/ssl/official/RapidSSL_CA_bundle.pem↲
 122 >---#SSLCertificateChainFile /etc/ssl/official2/GeoTrust_intermediate_Certificate.pem↲
 123 >---#SSLCertificateChainFile /etc/ssl/official2/COMODORSAAddTrustCA.crt↲
 124 >---#SSLCertificateChainFile /etc/ssl/official2/COMODORSADomainValidationSecureServerCA.crt↲
 125 >---#SSLCertificateChainFile /etc/ssl/official3/kgb_hmuna_com.ca-bundle↲
 126 >---SSLCertificateChainFile  /etc/ssl/official4/kgb_hmuna_com.ca-bundle↲

*** パスフレーズを Apache2 起動するたびに毎回聞かれないように key ファイルを更新 [#i2abf576]
- key ファイル（wiki.hmuna.com.privatekey）をバックアップ
- パスフレーズを取り除いたキーを作成
 sudo openssl rsa -in wiki.hmuna.com.privatekey -out wiki.hmuna.com.privatekey
 Enter pass phrase for wiki.hmuna.com.privatekey: <--- ここでパスフレーズを入力する
 writing RSA key