[B! ssl] halohalolinã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

halohalolin id:halohalolin

sslã«é–¢ã™ã‚‹halohalolinã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (7)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

SSLã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸ã®ã‚¯ãƒã‚¹ãƒˆãƒ©ã‚¹ãƒˆ
é©æ£ä¾¡æ ¼ ä»Šã™ãã‚³ã‚¹ãƒˆå‰Šæ¸›ï¼ Â· ã‚¹ãƒ”ãƒ¼ãƒ‰ç™ºè¡Œ å¾…ã¦ãªã„ãŠå®¢æ§˜ã« Â· ãƒ–ãƒ©ã‚¦ã‚¶ãƒ»æºå¸¯å¯¾å¿œ å¹…åºƒã„å¯¾å¿œçŽ‡ Â· å®‰å¿ƒã‚µãƒãƒ¼ãƒˆ ã™ãã”ç›¸è«‡ãã ã•ã„ï¼
halohalolin 2016/05/23
IISã‹ã‚‰å–ã‚Šå‡ºã—ãŸpfxå½¢å¼ãƒ•ã‚¡ã‚¤ãƒ«ã‚ˆã‚Šç§˜å¯†éµã‚’å–ã‚Šå‡ºã—ãŸã‚Šã€ã•ãã‚‰ã®SSLã‹ã‚‰å±Šã„ãŸcerãƒ•ã‚¡ã‚¤ãƒ«ã«ç§˜å¯†éµã‚’çµ„ã¿è¾¼ã‚“ã§IISã§ã‚‚é©ç”¨å¯èƒ½ã«ã™ã‚‹opensslã‚³ãƒžãƒ³ãƒ‰

OpenSSL

SSL
ãƒªãƒ³ã‚¯
RapidSSLæ£è¦è²©å£²ãƒ‘ãƒ¼ãƒˆãƒŠãƒ¼ã€€Rapid-SSL.jp
SSL ã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸ æ ¼å®‰ãƒ»å¿«é€Ÿç™ºè¡Œ Rapid-SSL.jp æ¥•å††æ›²ç·šæš—å·ï¼ˆECCï¼‰å…¬é–‹éµæš—å·ã¸ã®å¯¾å¿œå§‹ã‚ã¾ã—ãŸã€‚ã€‚ã€‚ï¼³ï¼³ï¼¬ã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸ ã‚’å–å¾—ã™ã‚‹ãªã‚‰Rapid-SSL.jpã€‚ Rapid-SSL.jpã¯ã€Digicertç¤¾ãŒä¿æœ‰ãƒ»é‹å–¶ã™ã‚‹ä½Žä¾¡æ ¼ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ãƒ–ãƒ©ãƒ³ãƒ‰"RapidSSL.com"ã‚’å–ã‚Šæ‰±ã†æ—¥æœ¬ã«ãŠã‘ã‚‹æ£è¦è²©å£²ãƒ‘ãƒ¼ãƒˆãƒŠãƒ¼ã§ã™ã€‚ ä½Žä¾¡æ ¼ã¨ã¯ã„ãˆé«˜ã„ä¿¡é ¼æ€§ãƒ»2048bitRSA, ECC P-384ãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸å¯¾å¿œãƒ»Certificate Transparencyå¯¾å¿œãƒ»ä¸–ç•Œæ¨™æº–ã®256bitéµé•·SSLæš—å·ã¨å…¨ãéœè‰²ã®ç„¡ã„ã‚‚ã®ã§ã€ã¾ã•ã«SSLæ™®åŠã®ç‚ºã®å•†å“ã¨è¨€ãˆã‚‹ã§ã—ã‚‡ã†ã€‚ã€€æ³•çš„ãªæ›¸é¡žç¢ºèªãŒä¸å¯æ¬ ãªå•†å“ã‚’ã‚ãˆã¦æ‰±ã‚ãšã€ã‚ªãƒ³ãƒ©ã‚¤ãƒ³æœ¬äººç¢ºèªã‚·ã‚¹ãƒ†ãƒ ã‚’æŽ¡ç”¨ã€å…¨ã¦ã®æ‰‹ç¶šãã®ã‚ªãƒ³ãƒ©ã‚¤ãƒ³åŒ–ãƒ»å¾¹åº•ã—ãŸã‚³ã‚¹ãƒˆå‰Šæ¸›ã«ã‚ˆã‚ŠãŠæ±‚ã‚ã‚„ã™ããƒ»å¿«é€Ÿç™ºè¡Œï¼ˆæœ€çŸæ•°åˆ†ï¼‰*1ã‚’å®Ÿç¾ã—ã¾ã—ãŸã€‚RapidSSLã®è¨¼æ˜Ž
halohalolin 2014/12/25
å®‰ã„ã—ã€ç¢ºèªæ™‚ã«åŒãƒ‰ãƒ¡ã‚¤ãƒ³ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ãŒæ±‚ã‚ã‚‰ã‚Œãªã„ã—(ï¼ã“ã®ç‚ºã ã‘ã«ãƒ¡ãƒ¼ãƒ«ã‚µãƒ¼ãƒãƒ¼ã®æ§‹ç¯‰ã¯ä¸è¦)ã‚ã‚ŠãŒãŸãåˆ©ç”¨ã—ã¦ã„ã¾ã™ã€‚

SSLè¨¼æ˜Žæ›¸

ssl
ãƒªãƒ³ã‚¯
Secure Sockets Layer - Wikipedia
TLSã¯ç‰¹å®šã®ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å±¤ãƒ—ãƒãƒˆã‚³ãƒ«ã«ä¾å˜ã—ãªã„ãŸã‚ã€HTTPä»¥å¤–ã«ã‚‚å¤šãã®ãƒ—ãƒãƒˆã‚³ãƒ«ã«ãŠã„ã¦æŽ¡ç”¨ã•ã‚Œã€ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰æƒ…å ±ã‚„å€‹äººæƒ…å ±ã€ãã®ä»–ã®æ©Ÿå¯†æƒ…å ±ã‚’é€šä¿¡ã™ã‚‹éš›ã®æ‰‹æ®µã¨ã—ã¦æ´»ç”¨ã•ã‚Œã¦ã„ã‚‹ã€‚ æ—¢å˜ã®ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å±¤ãƒ—ãƒãƒˆã‚³ãƒ«ã§TLSã‚’åˆ©ç”¨ã™ã‚‹å ´åˆã€å¤§ãã2ã¤ã®é©ç”¨æ–¹å¼ãŒè€ƒãˆã‚‰ã‚Œã‚‹ã€‚ã¾ãšã²ã¨ã¤ã¯ã€ä¸‹ä½å±¤ï¼ˆé€šå¸¸ã¯TCPï¼‰ã®æŽ¥ç¶šã‚’ç¢ºç«‹ã—ãŸã‚‰ã™ãã«TLSã®ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã‚’é–‹å§‹ã—ã€TLSæŽ¥ç¶šãŒç¢ºç«‹ã—ã¦ã‹ã‚‰ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å±¤ãƒ—ãƒãƒˆã‚³ãƒ«ã®é€šä¿¡ã‚’é–‹å§‹ã™ã‚‹æ–¹å¼ã§ã‚ã‚‹ã€‚ã‚‚ã†ã²ã¨ã¤ã¯ã€ã¾ãšæ—¢å˜ã®ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å±¤ãƒ—ãƒãƒˆã‚³ãƒ«ã§é€šä¿¡ã‚’é–‹å§‹ã—ã€ãã®ä¸ã§TLSã¸ã®åˆ‡ã‚Šæ›¿ãˆã‚’æŒ‡ç¤ºã™ã‚‹æ–¹å¼ã§ã‚ã‚‹ã€‚åˆ‡ã‚Šæ›¿ãˆã‚³ãƒžãƒ³ãƒ‰ã¨ã—ã¦STARTTLSãŒåºƒã¾ã£ã¦ã„ã‚‹ãŸã‚ã€ã“ã®æ–¹å¼è‡ªä½“ã‚’STARTTLSã¨å‘¼ã¶ã“ã¨ã‚‚ã‚ã‚‹ã€‚ å‰è€…ã¯ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å±¤ã®ãƒ—ãƒãƒˆã‚³ãƒ«ã‚’ã¾ã£ãŸãå¤‰æ›´ã—ãªãã¦ã™ã‚€ã“ã¨ãŒåˆ©ç‚¹ã§ã‚ã‚‹ã€‚ãã®åé¢ã€å¹³æ–‡ã§æŽ¥ç¶šã‚’é–‹å§‹ã™ã‚‹
halohalolin 2014/12/15
è„†å¼±æ€§ãŒç¢ºèªã•ã‚ŒãŸèªè¨¼æ–¹å¼ã¯åˆ‡ã‚Šæ¨ã¦ã‚‹ã¹ãã ãŒã€ãã®å‰ã«ã‚µãƒ¼ãƒ“ã‚¹ã®ã‚¿ãƒ¼ã‚²ãƒƒãƒˆOSã¨ãƒ–ãƒ©ã‚¦ã‚¶ã‚’ç¢ºèªã—ã¦ã€å¿…è¦ãªã¨ã“ã‚ã¸äº‹å‰ã«é€£çµ¡ã—ãªã„ã¨åµŒã‚‹ã€‚

ssl

tls
ãƒªãƒ³ã‚¯
Colorkrew Blog
ã“ã‚“ã«ã¡ã¯ã€‚å°å®®ã§ã™ã€‚ OpenSSLã®é‡å¤§ãƒã‚°ãŒç™ºè¦‹ã•ã‚ŒãŸã¨ã„ã†è¨˜äº‹ã‚’ã†ã‘ã¾ã—ã¦ã€ ã•ã™ãŒã«å½±éŸ¿ãŒå¤§ãã„ã‚ˆã†ãªã®ã§é–¢é€£æƒ…å ±ã‚’è¨˜éŒ²ã—ã¦ãŠãã¾ã™ã€‚ OpenSSLã®é‡å¤§ãƒã‚°ãŒç™ºè¦šã€‚ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã®å¤§éƒ¨åˆ†ã«å½±éŸ¿ã®å¯èƒ½æ€§ | TechCrunch Japan JVNVU#94401838: OpenSSL ã® heartbeat æ‹¡å¼µã«æƒ…å ±æ¼ãˆã„ã®è„†å¼±æ€§ å½±éŸ¿ç¯„å›²ã¯openssl-1.0.1~1.0.1fã¨ã„ã†ã“ã¨ã§ã€ã¾ã˜ã‚ã«æœ€æ–°ã«ã—ã¦ã‚‹ã‚µã‚¤ãƒˆãŒå½±éŸ¿ã‚’å—ã‘ã‚‹ã¨ã„ã†çš®è‚‰ãªã“ã¨ã«ã€‚ ã§ã‚‚ã¾ã‚å½±éŸ¿ç¯„å›²ãŒé™å®šçš„ãªã®ã¯è‰¯ã‹ã£ãŸã¨æ€ã„ã¾ã™ã€‚ å¼Šç¤¾ã§ã¯CentOS6.5ã¨Amazon Linuxã®ç’°å¢ƒãŒå½±éŸ¿ã‚’å—ã‘ã¾ã—ãŸã€‚ ã¾ãšä»¥ä¸‹ã‚’ã”è¦§ãã ã•ã„ã€‚ å¯¾ç–æ–¹æ³•ã‚’è¨˜ã—ã¦ã„ã‚‹ã‚µã‚¤ãƒˆï¼š AWS - EC2ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®OpenSSLã®Hartbleed Bugå¯¾å¿œ - Qiita opensslã®TLS heartbea
halohalolin 2014/04/11
sslæ›´æ–°å¾Œã®ãƒ©ã‚¤ãƒ–ãƒ©ãƒªãŒä½¿ã‚ã‚Œã¦ã„ã‚‹ã‹ã©ã†ã‹ç¢ºèªã™ã‚‹ã‚³ãƒžãƒ³ãƒ‰ lsof -n | grep ssl â†’ ls -lh /usr/lib64/libssl*

linux

ssl
ãƒªãƒ³ã‚¯
ç„¡æ–™ã®SSLè¨¼æ˜Žæ›¸StartSSLã‚’æ´»ç”¨ã™ã‚‹ - Qiita
èƒŒæ™¯ è‡ªå‰ã®ã‚µãƒ¼ãƒ“ã‚¹ã§httpsé€šä¿¡ã‚’ã‚µãƒãƒ¼ãƒˆã™ã‚‹ã«ã¯ã€SSLè¨¼æ˜Žæ›¸ãŒå¿…è¦ã«ãªã‚Šã¾ã™ã€‚ è‡ªåˆ†ã§ä½¿ç”¨ã™ã‚‹ã ã‘ãªã‚‰ã€SSLè¨¼æ˜Žæ›¸ã‚‚è‡ªå‰ã§ä½œæˆã™ã‚‹ã„ã‚ã‚†ã‚‹ã‚ªãƒ¬ã‚ªãƒ¬è¨¼æ˜Žæ›¸ã‚’ç”¨ã„ã¦ã‚‚è‰¯ã„ã®ã§ã™ãŒã€å¤–éƒ¨ã«å…¬é–‹ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã®å ´åˆãã†ã¨ã‚‚è¡Œãã¾ã›ã‚“ã€‚ SSLè¨¼æ˜Žæ›¸ã¨ã„ã†ã¨å€¤æ®µãŒé«˜ã„å°è±¡ãŒã‚ã‚Šã¾ã—ãŸãŒã€StartSSLã¨ã„ã†ã‚µãƒ¼ãƒ“ã‚¹ã§ç„¡æ–™ã§SSLè¨¼æ˜Žæ›¸ã®ç™ºè¡Œã‚’å—ã‘ã‚‰ã‚Œã‚‹ã¨è¨€ã†ã“ã¨ã§è©¦ã—ã¦ã¿ã¾ã—ãŸã€‚ StartSSLã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ç™»éŒ²ã™ã‚‹ è¨¼æ˜Žæ›¸ã®ç™ºè¡Œã‚’è¡Œã†å‰ã«ã€StartSSLã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ç™»éŒ²ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ StartSSLã‹ã‚‰ã€"StartSSL Free (Class1)"ã‚’é¸æŠžã—ã¾ã™ã€‚ Certificate Control Panelã‚’é¸æŠžã€‚ Sign-upã«é€²ã¿ã¾ã™ã€‚ åå‰ã€ä½æ‰€ã€ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ãªã© å€‹äººæƒ…å ±ã®ç™»éŒ²ã‚’è¡Œã„ã¾ã™ã€‚ ç™»éŒ²ã—ãŸãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã«æœ¬äººç¢ºèªã®ãƒ¡ãƒ¼ãƒ«ãŒå±Šãã®ã§ã€å—ä¿¡ã—ãŸãƒ¡ãƒ¼ãƒ«ã®a
halohalolin 2013/10/30
ç„¡æ–™ã®SSLç™ºè¡Œã‚µãƒ¼ãƒ“ã‚¹ã€æ€ªã—ã„ãŒä»Šã™ãæ¬²ã—ã„æ™‚ã®å¥¥ã®æ‰‹ã¨ã—ã¦ä½¿ãˆãã†ï¼Ÿç™»éŒ²ã—ãŸãƒ‰ãƒ¡ã‚¤ãƒ³ã®postmaster, hostmaster, webmasterãªã©ã€ã„ãšã‚Œã‹ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’ç”¨æ„ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã€ã‚µãƒ–ãƒ‰ãƒ¡ã‚¤ãƒ³å¯¾å¿œ

ssl
ãƒªãƒ³ã‚¯
ãã®ä»–ã®æ‰‹é †
ã‚¸ã‚ªãƒˆãƒ©ã‚¹ãƒˆ
halohalolin 2012/03/22
RapidSSLãƒ»GeoTrustç™ºè¡Œã®SSLè¨¼æ˜Žæ›¸ã‚’Apacheã¸çµ„ã¿è¾¼ã‚€å ´åˆã€SSLCertificateChainFileã¸ã€Œä¸é–“CAè¨¼æ˜Žæ›¸ RapidSSL CAã€ã¨ã€Œã‚¯ãƒã‚¹ãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸ Geotrust Global CAã€ã‚’è¶³ã—ãŸãƒ•ã‚¡ã‚¤ãƒ«ã‚’æŒ‡å®šâ†’http://bit.ly/vJxYtl

Apache

ssl
ãƒªãƒ³ã‚¯
çŒ«å¥½ããªè§’æ°ã®ITæ—¥èªŒ Apache2.0.63ã«SSLã‚’å°Žå…¥ï¼ˆWindows XPï¼‰
[PR]ä¸Šè¨˜ã®åºƒå‘Šã¯3ãƒ¶æœˆä»¥ä¸Šæ–°è¦è¨˜äº‹æŠ•ç¨¿ã®ãªã„ãƒ–ãƒã‚°ã«è¡¨ç¤ºã•ã‚Œã¦ã„ã¾ã™ã€‚æ–°ã—ã„è¨˜äº‹ã‚’æ›¸ãäº‹ã§åºƒå‘ŠãŒæ¶ˆãˆã¾ã™ã€‚ ä»¥å‰ã€Linuxã«aptã§apache2.2ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã€SSLã‚’å°Žå…¥ã—ã¾ã—ãŸã€‚Apacheã«SSLã‚’å°Žå…¥ ä»Šå›žã¯ã€Apache2.0ç³»ã‚’Windowsã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã¦ã€SSLã‚’å°Žå…¥ã—ã¦ã¿ãŸã„ã¨æ€ã„ã¾ã™ã€‚ 2.0ç³»ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹ç†ç”±ã¯ã€mod_jkã‚’ä½¿ã£ãŸãƒãƒ¼ãƒ‰ãƒãƒ©ãƒ³ã‚¹ãŒ2.2ç³»ã§ä½¿ç”¨ã§ããªã„ã‹ã‚‰ã§ã™ã€‚ ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ©ã¯"apache_2.0.63-win32-x86-openssl-0.9.7m.msi"ã‚’ä½¿ç”¨ã—ã¾ã—ãŸã€‚ [Think IT] ç¬¬7å›žï¼šApache+SSLç’°å¢ƒã‚’æ§‹ç¯‰ã—ã‚ˆã†ï¼ã‚’å‚è€ƒã«ã—ãªãŒã‚‰ã€ä½œæ¥ã‚’é€²ã‚ã¾ã™ã€‚ ä»¥å‰å°Žå…¥ã—ãŸLinuxç‰ˆã¨ã»ã¨ã‚“ã©å¤‰ã‚ã‚Šã¾ã›ã‚“ã€‚ â€»ãªãŠä½œæ¥ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã¯ã€"C:\Apache2\bin"ã¨ã—ã¾ã™ã€‚ ã€httpd.confã®ç·¨é›†
halohalolin 2012/01/27
Windowsç”¨Apacheã§ã¯ãƒ‘ã‚¹ãƒ•ãƒ¬ãƒ¼ã‚ºå…¥ã‚Škeyã§SSLè¨å®šã‚’ã™ã‚‹ã¨SSLPassPhraseDialog builtin is not supported on Win32ã¨ã„ã†ã“ã¨ã§èµ·å‹•ã«å¤±æ•—ã™ã‚‹ã“ã¨ãŒã‚ã‚‹ã€ãã®å ´åˆopenssl rsa -in server.key -out server.keyã§ãƒ‘ã‚¹ãƒ•ãƒ¬ãƒ¼ã‚ºã‚’å‰Šé™¤ã™ã‚‹å¿…è¦ãŒã‚ã‚‹

Apache

windows

ssl
ãƒªãƒ³ã‚¯
1