  S RedHat Apache T[o̍\z@
  Richard Sigle, Richard.sigle@equifax.com
  0.1, 2001-02-06
  KURASHIKI Satoru (ouka@fx.sakura.ne.jp)
  0.1J, 2002-02-22

  ̃KCh́APKI  SSL ꏏɓ@悤ɈӐ}
  ܂BSȃT[o\z邽߂ɂ́ASSL vgRǂ@\Ă
  邩𗝉Kv܂B
  ______________________________________________________________________

  ڎ

  1. ̃KCh̖ړI/͈
     1.1 Secure Sockets Layer (SSL) ɂ
     1.2 tB[hobN
     1.3 쌠ƏW
     1.4 ӎ

  2. Secure Sockets Layer/Private Key Infrastructure ւ̏
     2.1 SSL/PKI ̐M
     2.2 SSL ͂ǂ@\̂
        2.2.1 SSL nhVFCNvgR
        2.2.2 ZbV (Ώ̌)
        2.2.3 J/閧̃yA(Ώ̃R[h)
     2.3 PKI ̎dg
     2.4 ؖ(x509 W)
     2.5 fW^ؖ̔閧
     2.6 fW^ؖ̌J
     2.7 ؖv(CSR)

  3. ؖɂ
     3.1 閧̍쐬
     3.2 ؖv̍쐬
     3.3 ؖ̍쐬
     3.4 EFuT[oւ̏ؖ̃CXg[

  4. Apache Server ̐ݒ
     4.1 ZLAȃ@[`zXg̒`
        4.1.1 SSL Engine
        4.1.2 SSLCertificateFile
        4.1.3 SSLCertificateKeyFile
        4.1.4 SSLCACertificateFile
     4.2 ̗ؖ
        4.2.1 T[oؖt@C
        4.2.2 ؖt@C̓e
        4.2.3 閧t@C
        4.2.4 閧t@C̓e
     4.3 Web T[o̍ċN

  5. guV[eBO
     5.1 T[o͋N悤Ɍ邪AZLATCgɃANZXłȂ
     5.2 NCAg̃uEU Certificate Name Check Warning o
     5.3 NCAg̃uEUAؖMĂȂؖs@ւɂďĂAƂx𔭂
     5.4 SSLEngine on is an un-recognized command (Apache ̋N)
     5.5 "PEM pXt[Y" YĂ܂AǂĂĐݒ肷邩m肽B

  6. pW

  ______________________________________________________________________

  1.  ̃KCh̖ړI/͈

  ̃KCh̖ړÍARedHat Linux ̃[U Apache EFuT[og
  ăT[o(SSL)ؖCXg[̂菕邱ƂłBڕẂA
  ԂƁȀꍇߖ񂵂Ă菇͂莦ƂłI

  ŏɁA SSL vgRƃfW^ؖɂĒmĂׂƂ
  ܂B̌oł́AModSSL  OpenSSL g Apache EFuT[o
  \ẑAłLvȃ\tgEFȂgݍ킹łBOpenSSL ͔ėp
  IȈÍCuŁASSL v2/v3  TLS v1 vgRT|[gĂ
  ܂B ModSSL ́AApache API W[ŁAApache  OpenSSL Ԃ̃C
  ^[tFCXƂē삷悤ɍĂ܂Bő̗v́A 3
  ̃pbP[Wt[ł邱ƂłB

   4 ͂́A̐ƁAModSSL  OpenSSL g݂ŃRpC
  ꂽ RedHat-Apache T[oւ̏ؖ̃CXg[ǂČ
  ܂B 4 ͂̎菇́AApache ƖڂɊ֌WĂ Stronghold 
  Raven Ƃp SSL T[õpbP[WɂKpłł傤B

  xF́AEquifax Secure Inc. Ƃؖs@ւ̃eNjJT|[
  gZp҂łBłA Equifax Secure ̏ؖg܂A
  Equifax Secure ̏ؖCXg[ɓK`ɂȂĂ܂BƂ
  A͑̏ؖs@ւɂؖɂg͂łB̕
  悵ďƂĂAEquifax Secure Inc. ́A
  菇gƂɂĐ鉽@Ȃ錋ʂɂĂA`ӔC
  B

  ǎ҂ɑ΂鎄̃RǵÃX^C()łB.

  ͕ʂ̃X^CŎ܂B.

  xȃRgAhoCX́ASGML \[X̃RgƂďĂ
  ܂B

  1.1.  Secure Sockets Layer (SSL) ɂ

  SSL ́ATCP ƃAvP[VẘԂɂAv[e[Vw̃T[
  rXłB̓vbgtH[AvP[Vɂ͈ˑ܂B
  SSL ̓NCAgƃT[oԂ̃ZLAȒʐM`lǗڂ
  Ă܂B SSL ̓NCAgƃT[oԂœ]f[^Í
  A͂ȋ@\񋟂܂B

  1.2.  tB[hobN

  ̃KChɂẴRǵA (richard.sigle@equifax.com) ɂ
  Ăɂ肢܂B

  1.3.  쌠ƏW

  Copyright (c) 2001 by Richard L. Sigle

  Please freely copy and distribute this document in any format. It's
  requested that corrections and/or comments be forwarded to the
  document maintainer. You may create a derivative work and distribute
  it provided that you:

  o  Send your derivative work (in the most suitable format such as
     sgml) to the LDP <http://www.LinuxDoc.org/> (Linux Documentation
     Project) or the like for posting on the Internet. If not the LDP,
     then let the LDP know where it is available.

  o  License the derivative work with this same license or use GPL.
     Include a copyright notice and at least a pointer to the license
     used.

  o  Give due credit to previous authors and major contributors.

  If you're considering making a derived work other than a translation,
  it's requested that you discuss your plans with the current
  maintainer.

  1.4.  ӎ

  ނƂȂ̃htgǂŁAAhoCXꂽ Tony Villasenor
  ɊӂB Tony Ȃ΁A̕͏グ邱ƂłȂ
  傤B

  2.  Secure Sockets Layer/Private Key Infrastructure ւ̏

  PKI ́AJ (NCAgɑ܂) Ɣ閧 (T[oɑ݂
  ) ȂAΏ̂̌VXełBPKI ́ANCAgƃT[o̗
  Í/ɓgAΏ̂̌VXeƂ͈قȂ܂B

  2.1.  SSL/PKI ̐M

  NWbgJ[hËL^A@Ae-commerce AvP[V
  ƂAł@ɒӂȂ΂ȂȂ̒ʐMɂp\ł
  悤ɁAƂv𖞂߂ SSL ͐݌v܂BeAvP[
  V́A@⏈̉lɂāAȉ̓̂ǂ (
  邢ׂ͂Ă) gIł܂B

     vCoV[
        Ⴆ΁AA  B ֓`B邽߂ɁAbZ[WƂ
        ܂BA  B ̌JgăbZ[WÍ܂B
        ƁAB ͎̔閧gẴbZ[W𕜍ēǂނƂ
        łB̐lƂȂ܂BAA ̂Ăʂ̐l
        邩͒肩ł͂܂B

     F
        A ̂Ăʂ̐lł邱Ƃm߂邽߂ɂ́Aۏ؂
        F؂KvłBɂ͏΂蕡GȈÍ̉ߒKv
        B̏ꍇAA  B ւ̃bZ[ẂAŏ A ̔閧ŁA
         B ̌JňÍ܂BB ͂܂̔閧ŁA A
        ̌JŕȂ΂Ȃ܂BŁAB  A ̂
        ʂ̐lƊmMł܂B̐l͒N A ̔閧ňÍ
        bZ[W邱Ƃ͂łȂ̂łB SSL ͂A
         (PKI) gƂŒBĂ܂Bؖ́A| ؖs@
         (CA)̂悤 | ̃T[hp[eB甭sAؖꂽ
        ̌JɉāAfW^^CX^v܂ł
        B SSL c[gΒNłfW^ؖ쐬
        ł܂Aؖł́AʂɌhӂ𕥂Ă钆̃T
        [hp[eBsAy̏d݂Ɍ܂B

     T
        SSL ɂẮAMAC (Message Authentication Code: bZ[WF
        R[h) K{̃nbVe[u֐ƂƂɎgƂŖT
        ؂Ă܂BbZ[W̐ɁAnbV֐gƂ
        MAC ǍʂbZ[Wɒǉ܂BbZ[W
        MƁAbZ[Wɖ߂܂ꂽ MAC 󂯂ƂbZ[W
        vZV MACƔr邱ƂŁAÓ؂܂B
        ŁAO҂ɂĕύXꂽbZ[W͂ɖ炩ɂȂ
        B

     ۔Fh~
        ۔Fh~́AIĈƂ̊ԁA̒ʐM҂݂
        삵܂B́Aǂ炩Â̈ꕔ𑗂Ȃ
        Aƌ̂h܂B۔Fh~́Aǂ瑤ɂĂAɂȂ
        ꂽƂ̓eς邱Ƃ܂BfW^۔Fh~
        `IȊoł΁A_񏑂ɃTĈƓłB

  2.2.  SSL ͂ǂ@\̂

  SSL vgŔA2 ̃TuvgR܂݂܂ | SSL R[hvg
  R SSL nhVFCNvgRłBSSL R[hvgR̓f[
  ^̓`ɎgtH[}bg`܂BSSL nhVFCNvgR
  ́A SSL R[hvgR̗p܂܂Ă܂B SSL ꂽ
  T[oƃNCAgŏ SSL ڑmƂɂƂ肷A
  ̃bZ[Wɗp܂B̃bZ[ẂAȉ̋@\e
  ɂׂ݌vĂ܂B

  o  T[oNCAgւ̔F؁BT[oؖ́Aؖs@ւ
     ďĂAؖĂ炸AM̍Ă
     Ƃۏ؂܂B

  o  NCAgƃT[oAoƂɃT|[gĂÍAS
     YA܂TCt@[(cipher)Iׂ悤ɂ܂B

  o  CӂŁAT[oɑ΂ăNCAgF؁B

  o  L̔閧𐶐̂ɁAJÍZpg܂B

  o  Íꂽ SSL ڑm܂B

  2.2.1.  SSL nhVFCNvgR

  nhVFCNvgŔANCAgƃT[ȍԂ𒲐̂Ɏg
  ܂BnhVFCN̊ԁAȉ̃Cxg܂ |

  o  NCAgƃT[o̊Ԃŏؖ܂ (Ώ̂̌)BT[o
     ͌JNCAgɑ܂BT[oؖgăNCA
     g̔F؂s悤ݒ肳ĂȂANCAg͌JT[o
     ɑ܂B̗ؖLmFAMꂽؖs@ւ
     fW^`FbN܂BLfW^ԈĂ
     ΁AuEU̓[UɌxo܂B[U͂ꂩؖ̕
     ҂M邱Ƃł܂B

  o  ɃNCAg̓_Ȍ (Ώ̌) 𐶐܂B͈Í
      MAC ̌vZɎg܂B̌́AT[ǒJňÍA
     T[oɑ܂B̐VΏ̌́AT[ô݂ł
     BVΏ̌́ANCAgƃT[oԂőf[^̈Í
     Ɏg܂B

     F T[o - uEUԔF؂̌ɑΏ̌gƂŁǍ̏
     ptH[}X啝ɉP܂B

  o  bZ[ẄÍASYƁAT̂߂̃nbV֐Ƃ
      (negotiate) ܂B̒ߒ́ANCAgT|[g
     ASŸꗗT[oɎAɃT[ooŗp\
     łÍIԁAƂ悤Ɏs܂BIꂽÍA
     SYƃnbV֐̎ʎq́Ã݂Xe[^ẌÍ@Xyb
     NtB[hɕۑAR[hvgR痘p܂B

  o  ȉ̃tB[h͑SāAnhVFCN̊ԂɃZbg܂ |vg
     R̃o[WAZbV IDAÍ̑gAk@Aꂩ 2 
     ̃_l ClientHello.random  ServerHello.randomB

  F IP AhX́Ae SSL ڑɕKvɂȂ܂BOx[X̃@[
  `zXg̓AvP[Vwŉ܂B SSL AvP[V
  w̉ɑ݂Ă邱Ƃvo܂傤B

  2.2.2.  ZbV (Ώ̌)

  o  40 rbǵAƂƗAop̂̂ł

  o  56 rbg DES ŗpĂ܂

  o  64 rbg | CAST ŗpĂA56 rbg 256 {͂ł

  o  80 rbg | CAST ŗpĂA56 rbg 16,000,000{
     ł (݂̋Zpł́Aj邱Ƃ͂ł܂)

  o  128 rbg | CAST  RC2 ŎgĂA݂A\ł関
     ɂĂAԗIɌǂ邱Ƃ͕s\ł

  2.2.3.  J/閧̃yA(Ώ̃R[h)

  o  512-bit

  o  768-bit

  o  1024-bit

  o  2048-bit

  2.3.  PKI ̎dg

  NCAgƃT[óAꂼJƔ閧܂ (NCAg
  ̏ؖĂAꂪT[oɗvȂANCA
  g̃uEU SSL ̃ZbVpɌ̃yA_ɐ܂)B

  M҂́A̔閧găbZ[WÍ܂BɂA
  bZ[W̃\[XF؂܂Bʂ̈Í́A󂯎̌Jł
  xÍ܂B́A󂯎݂̂Ag̔閧găbZ[W
  ŏɉǂ邱Ƃł悤ɂ邱ƂŁA@炵܂B
  M҂́AÍꂽbZ[Wɉǂ邽߁AM҂̌Jg
  ܂BM҂݂̂̔閧ɃANZXł̂ŁAM҂͈Í
  ꂽbZ[W̑M҂̂̂łƂƂۏ؂܂B

  bZ[W_CWFXǵA֌W҂O҂AbZ[Wɉ炩̉₂
  ύX{ĂȂƂmF̂ɗp܂BbZ[W_CWFX
  ǵAbZ[WɃnbV֐ (wƂĒmA閧̈ꕔ) g
  Ƃœ܂B_CWFXg (ƌĂ΂܂) ̓bZ[WɓYt
  邢͒ǉ܂B̒ (bZ[W̒Ɋւ炸) ŁA
  閧bZ[W_CWFXg̃^Cv (md5  128 rbgA sha1
  Ȃ 160 rbgAȂ) ɂ܂BbZ[W 1 rbgύX
  ł͕̒ω̂ŁAbZ[WύXꂽƂؖ
  ܂B

  2.4.  ؖ(x509 W)

  fW^ؖ̓C^[lbg݂̑Mł悤ɂ܂BfW^
  ́ȂO҂łؖs@ւɂė؂ꂽA[U
  ۏ؏܂݂܂B

  wIȃASYƒl () f[^ǂ߂Ȃ`ɈÍ邽߂Ɏg
  ܂Bf[^̕ɂ 2 ߂̌pA͑IȃAS
  Yƒlg܂B 2 ̌͊֘AÂꂽlĂȂ΂
  炸ÃyA ƌĂ΂܂B

  FITU-T ̊ X.509 [CCI88c]  X.509 ؖ̋L@݂̂Ȃ炸A
  X.500 fBNgւ̔F؃T[rX̎dl߂Ă܂Bؖ́AΏ
  ([U)Oƃ[ǓJƂ̂ȂF؂邽߂ɁAs҂
  ď܂BSSLv3  1994 Nɍ̑܂Bo[W 2 
  3 ̎ȈႢ́AgtB[hǉꂽƂłB̃tB[hɂ
  APȂ錮ƖÔȂ肾łȂAǉ̏`B邱Ƃł
  悤ɂȂA_ɂȂ܂BWIȊgł́AΏۂƔs҂̋A
  AF؃|V[A̗pȂǂ܂܂܂B

  X.509 ؖ́ÃtB[hō\܂ |

  o  o[W

  o  VAԍ

  o  ASY ID

  o  sҖ

  o  L

  o  Ώۂ([U)O

  o  Ώۂ̌J

  o  sҌŗL̎ʎq(o[W 2  3 ̂)

  o  ΏیŗL̎ʎq(o[W 2  3 ̂)

  o  g(o[W 3 ̂)

  o  LtB[hɂĂ̏

  2.5.  fW^ؖ̔閧

  閧́AfW^ؖɖ߂܂Ă͂܂B閧͂ǂȃT[o
  ܂B閧͈̂ÍƎwłB͎̃VX
  eŃ[JɐASȊ̂܂܂łȂ΂Ȃ܂B閧
  댯ɂ炳΁AQ҂́A{Iɂ̃ZLeBVXẽR
  [hɂƂɂȂ܂BNCAgƃT[oԂ̑ḾAT
  Aǂ꓾܂B_Atriple DES ZpgĈÍ
  ꂽ閧邱ƂĂ闝RłBƃt@C͈Í
  ApX[hŕی삳܂BɂAmȃpXt[YȂɎg
  ƂقƂǕs\ɂȂ܂B

  gUNṼZLeB́A̔閧Ɉˑ܂B̌
  lɂ킽ANłȒPɂ̍āAZLeBj邽
  ߂Ɏgpł܂B낤́AT[oւ̃bZ[W@ȃnbJ[
  ĖT󂳂A삳鎖Ԃ˂܂BSɃZLAȃVXe
  ł́ÂmłA̕WQ悤ɂȂĂȂ΂Ȃ
  B

  2.6.  fW^ؖ̌J

  J̓fW^ؖɖ߂܂ĂAZLAȐڑvꂽ
  ɁAT[oNCAg֑܂B̉ߒɂAؖg
  T[o̐gmF܂BJ͊SAMߐ؂A閧̃f[
  ^]邽߂Ƀf[^Í̂ɂg܂B

  2.7.  ؖv(CSR)

  CSR ͏ؖs@ւؖ쐬̂ɕKvƂȂ܂ނ̂
  B CSR ́A閧ɑ΂đIȃASYAT[o̐gؖ
  ܂B̏ɂ́AABAgDAʖ(hC)AA
  Ƃ񂪊܂܂܂A肳킯ł͂܂B

  3.  ؖɂ

  ȍ~̐߂ł́A閧t@C̍쐬AؖvAꂩ玩
  ܂ގ菇܂Bؖs@ւɂďꂽؖ
  肷ȂAؖv (CSR) 쐬Kv܂B
  ́Aؖ쐬邱Ƃł܂B

  3.1.  閧̍쐬

  閧ɂ́AOpenSSL c[LbgCXg[ĂāA
  Apache pɐݒ肳ĂKv܂B̗ł́AftHg
   /usr/local/ssl/bin fBNgɂ OpenSSL ̃R}hCc[
  g܂Bł́AOpenSSL ̃R}hCc[fBNg
   $PATH ɒǉĂ邱Ƃz肵Ă܂B

  gv DES ÍW () gĔ閧ɂ́ÃR}h
  g܂ |

       openssl genrsa -des3 -out filename.key 1024

  pXt[Y͂A܂ē͂悤ɋ߂܂Bgv DES
  gƂɂȂASSL T[oR[hX^[gŋNxɃpX
  [h߂܂B(ċNR}hgꍇ́ApX[h͕
  ܂B) ɃVXex݂̊ԂɋN˂΂ȂȂꍇÃpX[
  h͂Ǝv܂B܂AVXe͊ɏ\ɌS
  ƊmMĂ邩܂BłApX[h͂Ȃ悤ɑI
   (]ăgv DES Íg킸) ȂAȉ̃R}h
  sĂBtɁAP 512 bit ̌肽ȂAR}h̍Ō
  ɂ 1024 ĂB OpenSSL ̓ftHg 512 bit 
  ܂BȌgƁA΂葁Ȃ܂ASቺ
  ܂B

  閧gv DES ÍȂō쐬ɂ́ÃR}hg܂
  |

       openssl genrsa -out filename.key 1024

  ̔閧ɃpX[hǉɂ́ÃR}hg܂ |

       openssl -in filename.key -des3 -out newfilename.key

  ̔閧pX[h폜ɂ́ÃR}hg܂ |

       openssl -in filename.key -out newfilename.key

  ӁFʓrw肵Ȃ΁A閧̓JgfBNgɍ쐬܂B
  舵ɂ 3 ̊ȒPȕ@܂BOpenSSL pXɓ
  ΁At@Cۑ邽߂ɑI񂾃fBNgs邱Ƃ
  ł܂ (Apache ̃CXg[ RPM gꍇ̃ftHg
  /etc/httpd/conf/ssl.key ŁA\[Xt@CCXg[̂Ȃ
  /usr/local/apache/conf/ssl.key ł)Bʉ́A쐬ꂽfBNg
  AfBNgւƃt@CRs[邱ƂłBɁA
  ȂƂY܂AR}h̎sɃpXw肷邱Ƃł
  ܂ (eg.  openssl genrsa -out /etc/httpd/conf/ssl.key/filename.key
  1024)BɐiޑOɍƂIĂ΁A@͂ǂł\܂B

  OpenSSL c[LbgɂĂ̂ڂ́AĂ |
  OpenSSL Website <http://www.openssl.org/>

  3.2.  ؖv̍쐬

  ؖs@ւɂďꂽؖ肷ɂ́Aؖv
  (CSR) 쐬Kv܂BړÍA閧ۂƑA
  댯ɂ炵肷邱ƂȂAؖ쐬ɑ
  ؖs@ւɑ邱ƂłBCSR ́AႦ΃hCnƂ
  AؖɊ܂܂Ă܂B

  o  CSR Ƃ̔閧mF܂B̃R}h͂Ă
     |

       openssl req -new -key filename.key -out filename.csr

  o  nAʖ (hC)AgDȂǂ̓͂߂܂BK
     vƂ鍀ڂƁAsK؂ȃGg̏A̗p悤ƂĂ CA
     ɖ₢킹ĂB

  o  CSR  CA ̎wɏ]đ܂B

  o  Vؖ҂A邢͎ؖ쐬ĂB
     ؖ͏ؖs@ւؖ󂯂Ƃ܂Ŏgp邱Ƃł
     B

  ӁF閧Ɨv(:CSR)𓯎ɍ쐬ɂ́ÃR}hg
  B

       openssl genrsa -des3 -out filename.key 1024

  3.3.  ؖ̍쐬

  CA ̏ؖ肵悤ƂĂȂAؖKv
  ܂BƂ͂Aؖ̍쐬͂ւȒPłBKvȂ̂́A
  閧ƃZLAɂT[o̖O (SChC) łBn
  ⋤ʖ (hC)AgDȂǂu˂܂BOpenSSL ł́A
  łȂ̎R܂Bؖɋ@\邽߂ɗBKvȏ
  ́Aʖ (hC) łBꂪȂA肵Ă
  ƁACertificate Name Check xuEU󂯂邱ƂɂȂ܂B

  ؖ쐬ɂ |

       openssl req -new -key filename.key -x509 -out filename.crt

  3.4.  EFuT[oւ̏ؖ̃CXg[

  ̎wɏ]ĂA܂ł̂ƂA܂łł͓ɖ͋N
  ĂȂ͂łBCSR ؖs@ւɑāA܂ؖ󂯂Ƃ
  ȂȂAƈx݂܂傤I ؖgĂ邩Aؖ
  󂯂Ƃ肸݂ȂAɐił\܂B

  o  閧t@CAgƌ߂ꏊɂ邱ƂmFĂB
      RedHat RPM ɂCXg[̃ftHg
     lA/etc/httpd/conf/ssl.key ɊĂ܂B

  o  CA A邢͎̏ؖw肳ꂽfBNgɂ邱
     ƂmFĂBJԂ܂A RPM ̃ftHgł
     /etc/httpd/conf/ssl.crt g܂B܂ɂȂ΁Aɔzu
     ĂB

  o  ACXg[钆ԏؖ (܂̓[gؖ) ȂA
      /etc/httpd/conf/ssl.crt fBNgɃRs[ĂB

  o  ́Ahttpd.conf t@CҏWKv܂B̃Xeb
     vA``Apache Server ̐ݒ'' ɐiޑOɁÃt@C̃obNAbv
     ĂB

  4.  Apache Server ̐ݒ

  SSL T|[g邽߂ɂ́AApache ͒ǉ API W[g悤
  ݒ肳Kv܂B SSL \tgEFApbP[Wpł
  ܂B̗ł́AModSSL  OpenSSL pɐݒ肳ꂽ Apache ɂĂ
  ܂B̃v_NgT|[g鐔؂Ȃ炢̃[O
  Xgj[XO[v܂B Apache EFuT[oɂĂ邢
  ̏p SSL pbP[WɂA̎LpƎv
  ܂B

  ɓĂׂƂ܂ | T[oɕ̃@[
  `zXgĂ邱Ƃł܂B IP AhXŁAOx[X
  @[`zXg𑽐Ă邱Ƃł܂B IP AhXŁAO
  x[X̃@[`zXg𑽐ƁAZLAȃ@[`zXg 1
  Ă邱Ƃł܂B |  IP AhXŁÃZLA
  @[`zXgĂ邱Ƃ͂ł܂B̐lu˂ł
   | ́H ƁB͂ł | SSL ̓AvP[Vw̉ŋ@\
  ܂BOx[X̃zXǵAAvP[Vw܂ł͒`Ă܂
  B

  ɁA SOCKET (IP AhX + |[g) ɂāÃZLA
  @[`zXgĂ邱Ƃ͂ł܂BftHgł́AZLA
  zXg̓|[g 443 g܂B@[`zXg IP AhX
  قȂ|[gԍgƂŁAʂ̃\Pbg쐬悤ɐݒύX
  邱Ƃ͂ł܂B̕@ɂ͐̕ss܂BԖmȕss
  ́AftHg|[ggĂȂꍇAZLATCgւ̃ANZX
  āAURL Ƀ|[gԍ܂߂ȂĂ͂ȂȂƂłB

  Ⴆ΁F

  o  ftHg|[ggTCgAwww.something.com
     ́Ahttps://www.something.com ŃANZXł܂

  o  |[g 8888 gTCgł́Ahttps://www.something.com:8888 ŃAN
     ZXł܂B

  ̕sśÃ|[ggƁA|[gk܂nbJ
  [ɂ@^邱ƂɂȂAƂƂłBŌɁAI񂾃|[g
  ŎgĂƁAՓ˖肪邱ƂɂȂ܂B

  4.1.  ZLAȃ@[`zXg̒`

  @[`zXg̐ݒúASȒPłBZLAȃ@[`zXg
  ݒ肷{AĂ܂B

  ̗ɂāA.crt  .key t@Cgqg܂B́Al
  Xȃt@CƂ̍AlIȕ@łBApache gȂAD
  Ȋgqg܂A邢͊gqȂɂł܂B

  ZLAȃ@[`zXg͑SāAʏ httpd.conf t@C̖
  zuA<IfDefine SSL>  </IfDefine SSL> ɕ܂Kv
  B

  ZLAȃ@[`zXg̗ł |

       <VirtualHost 172.18.116.42:443>
       DocumentRoot /etc/httpd/htdocs
       ServerName www.somewhere.com
       ServerAdmin someone@somewhere.com
       ErrorLog /etc/httpd/logs/error_log
       TransferLog /etc/httpd/logs/access_log
       SSLEngine on
       SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
       SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
       SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
       <Files ~ "\.(cgi|shtml)$">
             SSLOptions +StdEnvVars
       </Files>
       <Directory "/etc/httpd/cgi-bin">
             SSLOptions +StdEnvVars
       </Directory>
       SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
       CustomLog /etc/httpd/logs/ssl_request_log \
                 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
       </VirtualHost>

  SSL ɂčłdvȃfBNeBúASSLEngine on,
  SSLCertificateFile, SSLCertificateKeyFile, ꂩ瑽̏ꍇ
  SSLCACertificateFile łB

  4.1.1.  SSL Engine

  "SSLEngine on"| ́ASSL Jn邽߂ ModSSL R}hłB

  4.1.2.  SSLCertificateFile

  SSLCertificateFile ́AApache ɏؖt@C̍ݏƁAꂪȂƂ
  OȂ̂w܂B̗ł́A"server.crt" ؖt@C
  ƂĎĂ܂B́AApache ƈꏏ ModSSL ݒ肵ɒ
  ftHgłBlIɂ́AftHg̖OgƂ͂
  ܂Bʓ|Ȃ̂炦āAؖɃT[o.crt (hC.crt) 
  tĂB悤ɁAftHg /etc/httpd/conf/ssl.crt 
  /usr/local/apache/conf/ssl.crt Ƃ͕ʂ̃fBNggƂł
  B

  4.1.3.  SSLCertificateKeyFile

  SSLCertificateKeyFile ́AApache ɔ閧̖OƂ̍ݏw
  BŎw肳ꂽfBNg root ݂̂ǂ/Ă
  Kv܂Bɂ͒ÑfBNgɃANZXׂł͂
  ܂B

  4.1.4.  SSLCACertificateFile

  SSLCACertificateFile fBNeBúAApache ɒԏؖ̏ꏊw
  ܂B̃fBNeBúAgpĂ CA ɂĕKvsK
  v肵܂B̏ؖ{IɐM̗ւƂȂ܂B

  ԏؖ | ؖs@ւ́AȂƂقƂǓ@ŏؖ𓾂
  B́AԏؖƂĒmĂ܂B́A{Iɂ͒ԏؖ
  ̏҂ÂłBEFuuEÚAe[XƂɍXV
  A"Mł" ؖs@ւ̃XgĂ܂Bؖs@ւ
  SVȂA̒ԏؖ́AuEU̐Mł CA Xgɂ
  ĂȂł傤BقƂǂ̐l̃uEUpɂɃAbvf
  [g肵ȂƂƍ킹ƁAȂ܂ | CA 
  IɐMł̂ƂĔFɂ́AN܂B́A
  SSLCACertificateFile fBNeBugāAT[oɒԏؖC
  Xg[邱ƂłBĂA"Mꂽ" CA ͒ԏؖ𔭍s
  ܂BłȂ΁ASSLCertificateChainFile fBNeBug
  ˂΂ȂȂm܂񂪁A͂܂ȂƂłB

  4.2.  ̗ؖ

  4.2.1.  T[oؖt@C

       -----BEGIN CERTIFICATE-----
       MIIC8DCCAlmgAwIBAgIBEDANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
       FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
       VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
       biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
       MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTkwNTI1
       MDMwMDAwWhcNMDIwNjEwMDMwMDAwWjBTMQswCQYDVQQGEwJVUzEbMBkGA1UEChMS
       RXF1aWZheCBTZWN1cmUgSW5jMScwJQYDVQQDEx5FcXVpZmF4IFNlY3VyZSBFLUJ1
       c2luZXNzIENBLTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYna8GjS9mG
       q4Cb8L0VwDBMZ+ztPI05urQb8F0t1Dp4I3gOFUs2WZJJv9Y1zCFwQbQbfJuBuXmZ
       QKIZJOw3jwPbfcvoTyqQhM0Yyb1YzgM2ghuv8Zz/+LYrjBo2yrmf86zvMhDVOD7z
       dhDzyTxCh5F6+K6Mcmmar+ncFMmIum2bAgMBAAGjYjBgMBIGA1UdEwEB/wQIMAYB
       Af8CAQAwSgYDVR0lBEMwQQYIKwYBBQUHAwEGCCsGAQUFBwMDBgorBgEEAYI3CgMD
       BglghkgBhvhCBAEGCCsGAQUFBwMIBgorBgEEAYI3CgMCMA0GCSqGSIb3DQEBBAUA
       A4GBALIfbC0RQ9g4Zxf/Y8IA2jWm8Tt+jvFWPt5wT3n5k0orRAvbmTROVPHGSLw7
       oMNeapH1eRG5yn+erwqYazcoFXJ6AsIC5WUjAnClsSrHBCAnEn6rDU080F38xIQ3
       j1FBvwMOxAq/JR5eZZcBHlSpJad88Twfd7E+0fQcqgk+nnjH
       -----END CERTIFICATE-----

  4.2.2.  ؖt@C̓e

  Certificate:
     Data:
       Version: 3 (0x2)
       Serial Number: 1516 (0x5ec)
       Signature Algorithm: md5WithRSAEncryption
       Issuer: C=US, O=Equifax Secure Inc, CN=Equifax Secure E-Business CA
       Validity
         Not Before: Jul 12 15:21:01 2000 GMT
         Not After : Jun  2 22:42:34 2001 GMT
       Subject: C=us, ST=ga, L=atlanta, O=Equifax, OU=Rick, CN=172.18.116.44/Email=richard.sigle@equifax.com
       Subject Public Key Info:
         Public Key Algorithm: rsaEncryption
         RSA Public Key: (1024 bit)
             Modulus (1024 bit):
               00:c8:eb:93:26:97:ca:00:ce:4c:e4:f3:fd:43:31:
               cd:53:ed:b4:8a:ad:93:84:dc:7a:48:39:b5:28:57:
               03:7f:a9:ac:3e:58:6a:7a:e3:52:3e:1e:52:58:a2:
               6f:23:ad:bb:84:d8:88:ed:6d:a5:da:08:6b:c8:6c:
               a5:4c:34:67:d8:46:1c:ca:20:50:b0:e8:54:7f:ca:
               5e:ef:09:ff:6e:8d:a6:2b:02:f5:54:0f:c2:d0:45:
               12:ad:66:e7:8b:dd:68:be:64:a4:9b:69:bd:a4:1a:
               5e:ef:09:ff:6e:8d:a6:2b:02:f5:54:0f:c2:d0:45:
               12:ad:66:e7:8b:dd:68:be:64:a4:9b:69:bd:a4:1a:
               5a:2f:3b:6e:73:84:d8:d6:17:bd:12:39:34:fa:3d:
               d8:a9:e8:59:3c:c2:61:c5:b3
             Exponent: 65537 (0x10001)
       X509v3 extensions:
         X509v3 Key Usage: critical
            Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
         Netscape Cert Type:
            SSL Server
         X509v3 Authority Key Identifier:
            keyid:5B:E0:A8:75:1C:78:02:47:71:AB:CE:27:32:E7:24:88:42:28:48:56
     Signature Algorithm: md5WithRSAEncryption
       87:53:74:e9:e1:a6:10:56:8c:fa:63:0e:7b:72:ff:76:4b:79:
       0e:49:2a:58:ed:71:7a:bf:77:61:fa:e8:74:04:37:8c:d3:6a:
       9a:3d:80:76:7a:c3:64:30:e7:1b:40:25:4e:2a:81:8b:e5:ac:
       76:a4:38:67:cc:3f:93:43:e1:1d:c3:8d:ba:ed:cc:d7:aa:a4:
       ab:d3:84:77:7c:8f:26:f6:dd:ba:3b:6a:99:81:e1:9e:7e:0f:
       ca:a6:ff:c0:c3:59:6e:dc:a6:03:23:bf:8f:24:ff:15:ad:ac:
       0d:85:fc:38:bf:d1:24:2d:1a:d3:72:55:12:95:5f:65:f0:60:
       df:b1

  4.2.3.  閧t@C

  -----BEGIN RSA PRIVATE KEY-----
  Proc-Type: 4,ENCRYPTED
  DEK-Info: DES-EDE3-CBC,124F61450D85A480

  ELz64SV+tFSRybsHjY9NH7CP7yDHXP6xcd9FY6MVgQykTkq2h0n7j+tmpfUPbStT
  6jCgm/dTYM9mpkQ3jYZBALiVD5JNJ9t1dWisxQXY/nsak8LSTN7LhUtZSfk5xSmV
  Zsl4gwQS20UdBzFiJ+4qDajP/pzocSdSuQvxIHq7UzNwJsW8UYxR3I1qrDgyNXKS
  db41BWH4QdNtE0p+pi9VndDzXktqZGHEvtrQTV+39DV/dwOdnGBpYBETljMO5X6t
  D42xcVs0Doa1vZ6PiMCkwFNPXsPlKHZtHwEL4I3CQdiH4E0oYh3klBzlXBY4YldN
  A+s4xU44FpXp5xwt9nnVPUKHPo+NpdaRK7dAcRNO3GN3+ek1ggzvEjjuWKes3RQh
  PlHPuF7VWo4KeaTfTIwJWfGxz4nvwlVByPJ6Z73Mn0VcDXCkVm6+h3PLlYL0FMqM
  baUyQPpw6bhfW71FO/IIQxz3R1EqkxW7OHv74uuYl8kjHXf3S6qRZEGUG/zOGLGr
  mI5s2qnU69HlBObFkc6WQq0QxMq4PiUi7HhCLMkH8+wBsNNMnb75+7lQKkEhdOeE
  iUMKe5kgQqfd9w8jsBH5nu+J/nCfvPdp0isQW+P3/Rrh6YMwdKnlVfNZWdGiTzpQ
  ngThAGq5lit4uf4zdTIYYrs+T9I5ltjj0KgCUD4VL5/7OfnR3gcphpbHXQf0E2cz
  Qwq7q7ppKwCf/x92pHi8oVevlV5Dx9NQbGhEOA5pooqD6S2xZBbPLzkUKWDEO2il
  oBZ5L1jClR5jjdF2U61w7aRrL0t6luDU/aRv/fcoYes=
  -----END RSA PRIVATE KEY-----

  4.2.4.  閧t@C̓e

  read RSA key
  Enter PEM pass phrase:
  Private-Key: (1024 bit)
  modulus:
      00:c8:eb:93:26:97:ca:00:ce:4c:e4:f3:fd:43:31:
      cd:53:ed:b4:8a:ad:93:84:dc:7a:48:39:b5:28:57:
      03:7f:a9:ac:3e:58:6a:7a:e3:52:3e:1e:52:58:a2:
      6f:23:ad:bb:84:d8:88:ed:6d:a5:da:08:6b:c8:6c:
      a5:4c:34:67:d8:46:1c:ca:20:50:b0:e8:54:7f:ca:
      5e:ef:09:ff:6e:8d:a6:2b:02:f5:54:0f:c2:d0:45:
      12:ad:66:e7:8b:dd:68:be:64:a4:9b:69:bd:a4:1a:
      5a:2f:3b:6e:73:84:d8:d6:17:bd:12:39:34:fa:3d:
      d8:a9:e8:59:3c:c2:61:c5:b3
  publicExponent: 65537 (0x10001)
  privateExponent:
      00:b6:57:7d:3b:58:24:1e:a9:1b:85:e9:9c:9e:5f:
      d3:3d:69:0c:21:93:37:bf:2b:2c:da:e1:6c:74:48:
      cb:c7:0f:60:5f:50:74:8a:44:45:be:54:5c:5d:4e:
      45:58:f6:f1:a8:b5:af:46:f2:ec:c2:bc:43:bd:28:
      44:b7:ad:13:d3:ca:de:59:24:e8:fa:f8:e5:5f:45:
      38:2c:a0:a3:de:98:13:d8:80:38:e1:47:53:4c:ea:
      e4:66:c3:82:93:89:c3:90:83:44:e1:13:4f:74:76:
      e2:c0:89:97:77:5f:33:d8:7d:27:21:52:55:c2:d7:
      dc:01:f9:bc:21:8d:a3:f5:c1
  prime1:
      00:e3:2d:6b:5e:05:6b:e1:46:e6:ab:ae:f3:8b:d0:
      5f:94:5c:6f:f5:47:46:1d:4e:66:d3:7e:98:18:e0:
      2c:0d:08:ca:b7:29:72:af:53:62:30:ec:be:26:1f:
      cc:5a:ed:65:62:65:70:1e:18:19:61:e3:77:00:a7:
      3a:9e:4e:12:93
  prime2:
      00:e2:69:56:78:e8:39:ff:17:db:cc:39:d7:7f:70:
      41:dc:c5:59:43:16:c1:84:4c:ae:e7:5d:8a:c5:4b:
      da:88:8e:03:99:7c:88:f2:8a:13:31:57:44:e0:b5:
      c8:0a:60:b0:05:de:f6:9e:f2:00:ec:37:21:8d:3b:
      dc:8e:c9:d4:61
  exponent1:
      1a:ad:6a:be:4f:c4:ab:5f:b8:16:d1:24:a8:76:7f:
      c2:dc:58:09:65:a5:46:2b:be:c7:77:46:45:25:8e:
      06:b9:d1:94:50:b9:b6:fd:03:ba:db:12:39:47:e2:
      a7:8a:d9:2d:04:dc:75:ac:3e:ce:cf:f7:59:8c:49:
      c5:ed:45:21
  exponent2:
      2d:4e:fd:32:06:ef:0c:40:7f:08:d8:8e:6a:7f:51:
      7e:d7:b3:6c:3c:92:8f:62:35:22:31:d3:02:76:92:
      8d:ff:35:73:32:bb:c9:25:9e:7f:a2:42:33:61:cd:
      5d:5e:49:fb:72:ca:11:b6:c6:3e:7f:2d:e4:b0:95:
      0b:b2:12:21
  coefficient:
      50:52:09:22:cb:fb:b2:b8:58:85:ab:1d:82:b9:6e:
      d0:f6:dc:e8:ce:a6:5d:a1:ff:c8:4d:3b:2b:1c:19:
      64:f0:c4:4a:bc:b2:1d:2b:2d:09:59:83:a3:9a:89:
      f8:db:2c:2c:8a:bd:fd:a3:16:51:76:aa:ce:ea:85:
      6b:1c:9f:f7

  4.3.  Web T[o̍ċN

  EFuT[oċNXNvǵA炭
  /usr/local/sbinA/usr/sbin (httpd ƂXNvg)A邢
  /usr/local/apache/bin (apachectl ƂXNvg) ɂł
  B SSL LɂăT[oNĂȂȂAT[o~āAN
  Kv܂BJnAċNA~̂߂ɁAp̃JX^}C
  YXNvgĂ\܂BSSL GWNA
  ͂܂B

  R}h |

       httpd stop
       httpd startssl
       httpd restart

  邢

       apachectl stop
       apachectl startssl
       apachectl restart

  5.  guV[eBO

  A肪ȖĂ܂B

  5.1.  T[o͋N悤Ɍ邪AZLATCgɃANZXłȂ

  error_log t@C`FbNĂB@[`zXgG[
  O悤ɐݒ肵ĂȂȂAlm܂B
   SSL @[`zXǵAG[Ot@Cɏo͂܂B
  A2, 3 ̌xƁAO̍ŌɃG[A{Iɂ͔閧ؖ
  ƈvȂAƂeł傤B

  F

       [Tue Nov 21 09:09:02 2000] [notice] Apache/1.3.14 (Unix) mod_ssl/2.7.1
       OpenSSL/0.9.6 configured -- resuming normal operations
       [Tue Nov 21 09:09:16 2000] [notice] caught SIGTERM, shutting down
       [Tue Nov 21 14:39:54 2000] [notice] Apache/1.3.14 (Unix) mod_ssl/2.7.1
       OpenSSL/0.9.6 configured -- resuming normal operations
       [Tue Nov 21 14:40:31 2000] [notice] caught SIGTERM, shutting down
       [Tue Nov 21 14:43:53 2000] [error] mod_ssl: Init: (esi.fin.equifax.com:443)
       Unable to configure RSA server private key (OpenSSL library error follows)
       [Tue Nov 21 14:43:53 2000] [error] OpenSSL: error:0B080074:x509 certificate
       routines:X509_check_private_key:key values mismatch

  L̃G[bZ[W𓾂ȂA͌ƏؖvȂƂ
  BftHg server.keyt@CgĂȂƂmFĂ
  B܂Ahttpd.conf t@C`FbNāAfBNeBu
  ƏؖwĂ邩̊mFׂłB

  mF̂߁A閧Əؖ̏mŁA݂ɑ΂ȂĂ邱Ƃ
  ׂ邱Ƃł܂B̂߂ɂ́ÃR}hgĔ閧^[~
  iEBhEɕAʂ̃EBhEŏؖ𕜍ĂB
  r̂́Aꂼ̃W[Ǝ̂łB̃W[Ǝ̂
  ؖ̂ƈvȂ΁Ȁؖƌ΂ɂȂĂƂ
  ܂B

  SĎsȂACSR ؖ̐V閧쐬܂Bs
  OɁACA ̍Ĕs|V[mFĂBĔsɉۋ邱
  ܂B

  ؖ̓e@ |

       openssl x509 -noout -text -in filename.crt

  閧̓e@ |

       openssl rsa -noout -text -in filename.key

  5.2.  NCAg̃uEU Certificate Name Check Warning o

  ̈Ԃ̌́ACSR 쐬鎞ɃhC̎n߂ "www" Y
  Ă邱ƂłBzzXgɑ΂ "ServerName" fBNeBuŒ`
  ꂽÓAؖɎꂽhCƐmɈvȂ΂Ȃ܂
  BłȂƁAuEU͂NCAgɒm点悤Ƃ܂B
  O̓ChJ[hؖłBChJ[hؖ̃hCtB[
  h *.somedomain.com ̂悤ɂȂĂ܂BɂāA1 ̏ؖ
   somedomain.com ̃TuhC𕡐悤ɂȂ܂ (Ⴆ
  host1.somedomain.com  host2.somedomain.com Ȃ)B

  5.3.  NCAg̃uEUAؖMĂȂؖs@
  ɂďĂAƂx𔭂

  ؖgĂƁǍxo܂BNCAǵAȂ̏
  Mp邩ȂIł̂łB CA ɏꂽؖ
  Ă̂Ɍxôł΁A炭̒ԏؖ (܂
  [gؖ) CXg[Kv܂B

  5.4.  SSLEngine on is an un-recognized command (Apache ̋N)

  ̃G[bZ[ẂAApache ƈꏏ ModSSL RpCȂ
  ꍇɔ܂B@[`zXg SSL ĝɁAʂ̃fBN
  eBug SSL pbP[W܂Bʂ̃fBNeBugpbP
  [WgĂꍇ̃G[bZ[W܂邱ƂɂȂ܂B

  5.5.  "PEM pXt[Y" YĂ܂AǂĂĐݒ肷邩
  m肽B

  ̃pXt[YĐݒ肷@͂܂Bɂ́ApXt[
  YĂAV閧쐬邵܂BƁAV
  ؖ擾邩AVؖ쐬KvłĂł
  B

  6.  pW

     F
        T[oNCAgA[UƂlbg[N݂̑Am
        ɓłƏؖ邱ƁBSSL ̕ł́AF؂̓T[oƃNC
        Agɂؖ̏ƍߒ܂B

     ANZX
        lbg[N̈ւ̃ANZX𐧌邱ƁBʏ Apache ̕
        ́A URL ւ̃ANZX𐧌邱ƁB

     ASY
        ꂽ萔Ŗ邽߂̖Ȓ莮A邢͋K̑gB
        Í̂߂̃ASÝAʏ cipher ƌĂ΂܂B(󒍁F
        {ł́Acipher ÍAȂǂƖ󂵂Ă܂B)

     ؖ
        T[oNCAgƂlbg[NGeBeBF؂
        ɎgAf[^R[hBؖ́ȀL (subject ƌĂ
        ܂) Əؖs@ (issuer ƌĂ΂܂) Ɋւ
         X.509 ̏fЁAďL҂̔閧 CA ɂč쐬
        ܂݂܂Blbg[NGeBeB͂̏؂
        ̂ɁA CA ̏ؖg܂B

     F؋@ (CA)
        MĂOҋ@ւŁAlbg[NGeBeBSȎi
        ŔF؂邽߂ɁȀؖɏ̂ړIłB̃lbg
        [NGeBeB͏`FbNāA CA ؖ̉^юƂ
        ĔF؂Ă邱ƂmF邱Ƃł܂B

     ؖv (CSR)
        F؋@ւɒo鏐ĂȂؖŁA CA ؖ̔
        ŏ܂BCSR ͏邱ƂŐ^̏ؖƂȂ܂B

     TCt@
        f[^̈Í̂߂ɎgASYVXeBႦ΁ADES,
        IDEA, RC4 ȂǂłB(󒍁F̃~XƑz肵ĖɎĂ
        ܂)

     Í
        vCeLXgɈÍ@{ʁB

     ݒfBNeBu
        vŐɂāA1 ȏ̑ʂ𑀍삷ݒ薽
        ߁BApache ̕ł́Aݒt@C̍ŏ̃Jɂ閽
        ܂B

     Í | Ώ
        NCAgƃT[oAf[^̈Íƕɓp
        B

     Í | Ώ
        ̃yA (JƔ閧) ō\܂BPKI ͔Ώ̈ÍłB

     fW^
        ÍꂽbZ[WƂƂɑMf[^ŁA쐬҂̏ؖ
        A₂ĂȂƂmF܂B

     HTTPS
        (S)nCp[eLXg]vgRŁAWorld Wide Web ɂ
        ẄÍꂽʐMJjYłB́Aۂɂ͒PȂ
        HTTP over SSL łB

     bZ[W_CWFXg
        bZ[W̃nbVŁAbZ[W̓e]ɕύXĂ
        ƂmF邽߂ɗp܂B

     ۔Fh~
        (Cӂ̑Oҋ@ւCӂ̎ɊmF\) Us\Ȋ֌WƁA
        {ł邱ƂmxŒfłF؂Ƃ̑oɂāAf[^
        ̖TƋNƂؖĂT[rXB

        ͈Í@ɂĒBꂽŁAl邢͎̂ɁAf
        [^Ɋւ̍sȂ悤ɂ (ႦΔ۔F֎~F
        (o)̋@\A`EӎuEϔCȂǂ̏ؖA邢͏L̏ؖ
        Ȃ)B

     OpenSSL
        I[v\[X SSL/TLS c[LbgłB
        http://www.openssl.org/ <http://www.openssl.org/> QƁB

     pXt[Y
        閧t@Cی삷PZBF؂Ȃ[UA
        ÍɎĝh܂BẮATCt@[ɑ΂Ďg
        AÍ/̔閧̌ƂȂ܂B

     
        ÍĂȂeLXgB

     閧
        JÍVXeɂ閧̌ŁA͂bZ[W̕
        ƁAoĂbZ[Wւ̏Ɏg܂B

     J
        JÍVXeɂāANłpł錮ŁȀL҈
        ăbZ[ẄÍƁȀL҂ɂ鏐̕Ɏg
        B

     JÍ
        錮ÍAʂ̌𕜍ɎgAΏ̂ȈÍVXě
        AvP[VBΉ邱̌̑gyA\
        BΏ̈ÍƂĂ΂܂B

     Secure Sockets Layer (SSL)
        ʓIȒʐMF؂ TCP/IP lbg[Nz̈Í̂߂ɁAlb
        gXP[vR~jP[VYЂɂč쐬ꂽvgRB
        Lȗp@ HTTPSAȂ킿 HTTP over SSL łB

     ZbV
        SSL ʐMɂReLXgB

     SSLeay
        Eric A. Young <eay@aus.rsa.com> JAŏ SSL/TLS 
        CuBhttp://www.ssleay.org/
        <http://www.ssleay.org/> QƁB

     Ώ̈Í@
        Íƕ̗ɁAP̔閧gAAvP[V
        B

     gX|[gwZLeB (TLS)
        SSL ̌pvgRŁAʓIȒʐMF؂ TCP/IP lbg[Nz
        ̈Í̂߂ɁAC^[lbgZp]c (IETF) ɂč쐬
        ܂B TLS ̃o[W 1 ́ASSL ̃o[W 3 ƂقƂ
        ǓłB

     jtH[\[XP[^ (URL)
        World Wide Web ̗lXȃ\[ẌʒuAK̎ʎqB
        ƂL URL ̃XL[́A http łBSSL  https Ƃ
        XL[p܂B

     X.509
        ےʐMA (ITU-T) F؏ؖ̃XL[ŁA SSL/TLS 
        F؂ɗp܂B

     ITU-T
        X.509 [CCI88c] ́AX.509 ̏ؖL@łȂ X.500 fBN
        g̔F؃T[rX`܂BX.509 ̃fBNgF؂́A閧
        łJł\ŁA҂͌JؖɊÂ̂łB
        Wł́ÄÍASY͎w肳Ă܂񂪁AW
        Qlł́A RSA ASYɂĐȂĂ
        ܂B

