[B! ssl] s_moriã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

s_mori id:s_mori

sslã«é–¢ã™ã‚‹s_moriã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (7)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

https://www.digicert.co.jp/welcome/pdf/wp_sslandroot-certificate.pdf
s_mori 2018/07/13
pdf

ssl

internet
ãƒªãƒ³ã‚¯
ã€ãƒ¡ãƒ¢ã€‘SSLé€šä¿¡ã¨é›»åç½²åã¨èªè¨¼å±€ã¨è¨¼æ˜Žæ›¸ã«ã¤ã„ã¦(éšæ™‚ä¿®æ£ãƒ»æ›´æ–°) - Qiita
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? SSLè¨¼æ˜Žæ›¸ã«ã¤ã„ã¦ã®ãƒ¡ãƒ¢ã§ã™ã€‚ ã„ã¤ã‚‚çµ„ã¿è¾¼ã‚€ã¨ãç´°éƒ¨ã‚’å¿˜ã‚Œã¦ä½•ã‚„ã£ã¦ã‚‹ã®ã‹åˆ¤ã‚‰ãªããªã‚‹ã®ã§å‹‰å¼·ã—ç›´ã—ãƒ»ãƒ»ãƒ»ã€‚ é–“é•ã£ã¦ã‚‹ã¨ã“ã‚ã¯æŒ‡æ‘˜ã—ã¦ã‚‚ã‚‰ãˆã‚‹ã¨åŠ©ã‹ã‚Šã¾ã™ã€‚ SSLã®ç›®çš„ æƒ…å ±ã‚’æš—å·åŒ–ã—ã¦é€ä¿¡ã™ã‚‹ã€‚ é€ä¿¡ã®æš—å·åŒ–ã¨https æˆã‚Šç«‹ã¡ é€ä¿¡ã•ã‚Œã‚‹æƒ…å ±ã¯ç›—è´å¯èƒ½ã€ã‚ˆã£ã¦ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚„å€‹äººæƒ…å ±ã‚’å¹³æ–‡ã§é€ä¿¡ã™ã‚‹ã®ã¯ã¾ãšã„ã€‚ ã—ã‹ã—httpãƒ—ãƒãƒˆã‚³ãƒ«ã¯å¹³æ–‡ã§ã—ã‹é€ä¿¡ã§ããªã„ã€‚ãã®ç‚ºåˆ¥ã®ä»•çµ„ã¿ãŒå¿…è¦ã«ãªã£ãŸã€‚ httpsãƒ—ãƒãƒˆã‚³ãƒ« httpã§ã¯ãªãhttpsã‚’åˆ©ç”¨ã™ã‚‹äº‹ã§æƒ…å ±ã¯æš—å·åŒ–ã•ã‚Œã¦é€ä¿¡ã™ã‚‹äº‹ãŒå‡ºæ¥ã‚‹ã€‚ httpsã®ä»•çµ„ã¿(åŸºæœ¬) åŸºæœ¬
s_mori 2018/07/13
ssl

internet
ãƒªãƒ³ã‚¯
Let's Encrypt ã‚’æ”¯ãˆã‚‹ ACME ãƒ—ãƒãƒˆã‚³ãƒ« - Block Rockinâ€™ Codes
Intro å…ˆæ—¥ #http2study ã§ mozilla ã® Richard Barnes ãŒ Let's Encrypt ã«ã¤ã„ã¦è©±ã—ã¦ãã‚Œã¾ã—ãŸã€‚ è³‡æ–™: Let's Encrypt Overview ã“ã®è³‡æ–™ã®ç¿»è¨³ ã¯ã—ãŸã®ã§ã™ãŒã€ã„ã‚‰ãªããªã£ã¦ã—ã¾ã£ãŸã®ã§ä¾›é¤Šã‚‚ã‹ãã¦ã“ã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ãƒ¢ãƒãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ã¨ã€ Web ã§ãŠã“ã£ã¦ã„ã‚‹ HTTPS æŽ¨é€²ã®ãŸã©ã‚‹é“ã«ã¤ã„ã¦ã€è³‡æ–™ã‚’è£œè¶³ã—ã¤ã¤ç´¹ä»‹ã—ã¾ã™ã€‚ çµè«–ã‹ã‚‰è¨€ã†ã¨ Let's Encrypt ã¯ã‚‚ã¡ã‚ã‚“ ACME ãƒ—ãƒãƒˆã‚³ãƒ« ã«ã¤ã„ã¦ã‚‚æ˜¯éžçŸ¥ã£ã¦ãŠãã¨è‰¯ã„ã¨æ€ã„ã¾ã™ã€‚ HTTPS ã®å•é¡Œ ã™ã§ã«ã“ã®ãƒ–ãƒã‚°ã§ã‚‚ç´¹ä»‹ã—ã¦ã„ã‚‹ã‚ˆã†ã«ã€ Web ã«ãŠã‘ã‚‹ HTTPS ã®é‡è¦æ€§ã¯å¢—ã—ã€ãã‚Œã®æ™®åŠã‚’å¾ŒæŠ¼ã—ã™ã‚‹æ´»å‹•ãŒå„æ‰€ã§é€²ã‚ã‚‰ã‚Œã¦ã„ã¾ã™ã€‚ HTTPS åŒ–ã™ã‚‹ Web ã‚’ã©ã†è€ƒãˆã‚‹ã‹ ã‚ˆãè¨€ã‚ã‚Œã‚‹ç›—è´é˜²æ¢ã‚’å§‹ã‚ã€æš—å·åŒ–ã‚’è¡Œã†ã“ã¨ã§é˜²ã’ã‚‹å•é¡Œã¯å¤šãã‚
s_mori 2015/11/21
ssl
ãƒªãƒ³ã‚¯
OpenSSLã®è„†å¼±æ€§CCS Injection(CVE-2014-0224)ã®æ”»æ’ƒãŒè¡Œã‚ã‚Œã‚‹æã‚ŒãŒã‚ã‚‹ãƒ‘ã‚¿ãƒ¼ãƒ³ã‚’ãƒžãƒˆãƒªãƒƒã‚¯ã‚¹åŒ–ã—ã¦ã¿ãŸã€‚ - piyolog
lepidumç¤¾ã®èŠæ± æ°ãŒOpenSSLã®å®Ÿè£…ã«è„†å¼±æ€§ãŒã‚ã‚‹ã“ã¨ã‚’ç™ºè¦‹ã—ã¾ã—ãŸã€‚ã“ã®è„†å¼±æ€§ã¯ChangeCipherSpecãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®å‡¦ç†ã«æ¬ é™¥ãŒã‚ã‚‹ã‚‚ã®ã§ã€æ‚ªç”¨ã•ã‚ŒãŸå ´åˆã«æš—å·é€šä¿¡ã®æƒ…å ±ãŒæ¼ãˆã„ã™ã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ã¨åŒç¤¾å…¬é–‹æƒ…å ±ã§ã¯èª¬æ˜Žã•ã‚Œã¦ã„ã¾ã™ã€‚ å°šã€6æœˆ6æ—¥ã«ãƒ¬ãƒ”ãƒ€ãƒ ç¤¾ãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã®å½è£…ã‚’è¡Œã†æ”»æ’ƒãŒè¡Œã‚ã‚Œã‚‹æã‚Œã«ã¤ã„ã¦å±é™ºãŒãªã„ã“ã¨ãŒç¢ºèªã•ã‚ŒãŸã¨ã—ã¦è¨‚æ£ã‚’è¡Œã„ã¾ã—ãŸã€‚ãã‚Œã«ä¼´ã„ä»¥ä¸‹ã®å†…å®¹ã‚‚ä¿®æ£ã‚’åŠ ãˆã¦ã„ã¾ã™ã€‚(ä¿®æ£å‰ã®è¨˜äº‹ã¯éšæ‹“ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚) lepidumç¤¾ å…¬é–‹æƒ…å ± å½“ç¤¾ã§ç™ºè¦‹ã—å ±å‘Šã‚’ã—ãŸOpenSSLã®è„†å¼±æ€§ï¼ˆCVE-2014-0224 ï¼‰ãŒå…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚æ—©æ€¥ãªæ›´æ–°ãŒæœ›ã¾ã‚Œã‚‹å†…å®¹ã ã¨è€ƒãˆã¦ã„ã¾ã™ã€‚ #ccsinjection #OpenSSL æ¦‚è¦ã¯ã“ã¡ã‚‰ã®ãƒšãƒ¼ã‚¸ã‚’ã”å‚ç…§ä¸‹ã•ã„ã€‚http://t.co/bhY7GpLZ2jâ€” lepidum (@lepidum) 2
s_mori 2014/06/06
security

ssl
ãƒªãƒ³ã‚¯
æ ¼å®‰SSLè¨¼æ˜Žæ›¸ã‚µãƒ¼ãƒ“ã‚¹ã®SSLãƒœãƒƒã‚¯ã‚¹ï½œã‚µã‚¤ãƒˆã‚·ãƒ¼ãƒ«ä»˜ãSSLãŒ1,320å††(ç¨Žè¾¼)ã€œ
SSLãƒœãƒƒã‚¯ã‚¹ã§ã¯ã€èªè¨¼ãƒ¬ãƒ™ãƒ«ã®é•ã†3ã¤ã®ç¨®é¡žï¼ˆEVãƒ»ä¼æ¥èªè¨¼ãƒ»ãƒ‰ãƒ¡ã‚¤ãƒ³èªè¨¼ï¼‰ã®è¨¼æ˜Žæ›¸ã‚’å–ã‚Šæ‰±ã£ã¦ãŠã‚Šã€è¨¼æ˜Žæ›¸ã«æ±‚ã‚ã‚‹èªè¨¼ãƒ¬ãƒ™ãƒ«(ä¿¡é ¼æ€§)ã‚„ã€ã”åˆ©ç”¨ç”¨é€”ã«åˆã‚ã›ã¦ãŠé¸ã³ã„ãŸã ã‘ã¾ã™ã€‚ï¼ˆSSLã‚„ãã®ç¨®é¡žã«ã¤ã„ã¦ã¯ã€ŒSSLã¨ã¯ã€ã‚’ã”å‚ç…§ãã ã•ã„ã€‚ï¼‰ ä½Žä¾¡æ ¼ãƒ»çŸæ™‚é–“ã§è¨¼æ˜Žæ›¸ã‚’å–å¾—ã—ãŸã„
s_mori 2013/03/24
ssl
ãƒªãƒ³ã‚¯
Webã‚µãƒ¼ãƒãƒ¼é–“é€šä¿¡å†…å®¹æš—å·åŒ–(Apache+mod_SSL) - CentOSã§è‡ªå®…ã‚µãƒ¼ãƒãƒ¼æ§‹ç¯‰
ãƒ¦ãƒ¼ã‚¶ãƒ¼åã‚„ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ç‰ã®æ©Ÿå¯†æƒ…å ±ã‚’Webãƒ–ãƒ©ã‚¦ã‚¶ã‹ã‚‰å…¥åŠ›ã™ã‚‹å ´åˆã€ç›—è´ã•ã‚Œã‚‹æã‚ŒãŒã‚ã‚‹ãŸã‚ã€Webã‚µãƒ¼ãƒãƒ¼é–“ã®é€šä¿¡å†…å®¹ã‚’æš—å·åŒ–ã™ã‚‹ã€‚ ã“ã“ã§ã¯ã€Webã‚µãƒ¼ãƒãƒ¼ã«mod_sslã‚’å°Žå…¥ã—ã¦ã€URLã‚’http://ï½žã§ã¯ãªãã€https://ï½žã§ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ã€Webã‚µãƒ¼ãƒãƒ¼é–“ã®é€šä¿¡å†…å®¹ã‚’æš—å·åŒ–ã™ã‚‹ã‚ˆã†ã«ã™ã‚‹ã€‚ ãªãŠã€Webã‚µãƒ¼ãƒãƒ¼ã¨ã®é€šä¿¡å†…å®¹ã‚’æš—å·åŒ–ã™ã‚‹ã«ã¯ã€ã‚µãƒ¼ãƒãƒ¼è¨¼æ˜Žæ›¸ã‚’ç™ºè¡Œã™ã‚‹å¿…è¦ãŒã‚ã‚‹ãŒã€ã“ã“ã§ã¯ã€è‡ªä½œã‚µãƒ¼ãƒãƒ¼è¨¼æ˜Žæ›¸ã‚’ç™ºè¡Œã—ã¦å„ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã™ã‚‹ã€‚ â€»ã‚µãƒ¼ãƒãƒ¼è¨¼æ˜Žæ›¸ã‚’å„ã‚¯ãƒ©ã‚¤ãƒ³ãƒˆã¸ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ãªãã¦ã‚‚æš—å·åŒ–é€šä¿¡ã¯è¡Œãˆã‚‹ãŒã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒé€šä¿¡ã™ã‚‹ãŸã³ï¼ˆWebãƒ–ãƒ©ã‚¦ã‚¶èµ·å‹•æ¯Žï¼‰ã«ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®è¦å‘ŠãŒè¡¨ç¤ºã•ã‚Œã¦ã—ã¾ã† [root@centos ~]# cd /etc/pki/tls/certs/ã€€â†ã€€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªç§»å‹• [root@centos certs]# sed -i
s_mori 2012/12/19
Apache

ssl
ãƒªãƒ³ã‚¯
Apache/SSLè‡ªå·±è¨¼æ˜Žæ›¸ã®ä½œæˆã¨mod sslã®è¨å®š - maruko2 Note.
Apache/SSLè‡ªå·±è¨¼æ˜Žæ›¸ã®ä½œæˆã¨mod sslã®è¨å®š æä¾›ï¼šmaruko2 Note. < Apache ç§»å‹•ï¼š æ¡ˆå†…, æ¤œç´¢ ç›®æ¬¡ 1 æ‰‹é † 2 ç§˜å¯†éµã®ä½œæˆ (server.key) 3 CSRï¼ˆè¨¼æ˜Žæ›¸ã®åŸºã«ãªã‚‹æƒ…å ±ï¼‰ã®ä½œæˆã€€(server.csr) 3.1 å…¥åŠ›é …ç›®ã®ä¾‹ 4 è¨¼æ˜Žæ›¸ï¼ˆå…¬é–‹éµï¼‰ã®ä½œæˆ (server.crt) 5 Apache mod_ssl ã®è¨å®š 6 Apache èµ·å‹•æ™‚ã«ãƒ‘ã‚¹ãƒ•ãƒ¬ãƒ¼ã‚ºã®å…¥åŠ›ã‚’çœç•¥ã™ã‚‹ 6.1 ç§˜å¯†éµ (server.key) ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ã‚ã‚‰ã‹ã˜ã‚å¾©å·åŒ–ã—ã¦ãŠãæ–¹æ³• 6.2 Apacheèµ·å‹•æ™‚ã®ãƒ‘ã‚¹ãƒ•ãƒ¬ãƒ¼ã‚ºå…¥åŠ›ã‚’è‡ªå‹•åŒ–ã™ã‚‹æ–¹æ³• 7 å‚è€ƒãƒšãƒ¼ã‚¸ 8 Apache é–¢é€£ã®ãƒšãƒ¼ã‚¸ æ‰‹é † 2017å¹´1æœˆ1æ—¥ä»¥é™ã€SSL è¨¼æ˜Žæ›¸ã®ç½²åã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨ã—ã¦ SHA-1 ã‚’ä½¿ç”¨ã—ã¦ã„ã‚‹è¨¼æ˜Žæ›¸ã¯ SSL é€šä¿¡ãŒã§ããªããªã‚‹ã€‚ ã“ã‚Œã¯ã€Windowsè£½å“ã€Goog
s_mori 2012/10/26
Apache

ssl
ãƒªãƒ³ã‚¯
1