  S RedHat Apache T[o̍\z@
  Richard Sigle, Richard.sigle@equifax.com
  0.1, 2001-02-06
  KURASHIKI Satoru (ouka@fx.sakura.ne.jp)
  0.1J, 2002-02-22

  ̃KCh́APKI  SSL ꏏɓ@悤ɈӐ}
  ܂BSȃT[o\z邽߂ɂ́ASSL vgRǂ@\Ă
  邩𗝉Kv܂B
  ______________________________________________________________________

  ڎ

  1. ̃KCh̖ړI/͈
     1.1 Secure Sockets Layer (SSL) ɂ
     1.2 tB[hobN
     1.3 쌠ƏW
     1.4 ӎ

  2. Secure Sockets Layer/Private Key Infrastructure ւ̏
     2.1 SSL/PKI ̐M
     2.2 SSL ͂ǂ@\̂
        2.2.1 SSL nhVFCNvgR
        2.2.2 ZbV (Ώ̌)
        2.2.3 J/閧̃yA(Ώ̃R[h)
     2.3 PKI ̎dg
     2.4 ؖ(x509 W)
     2.5 fW^ؖ̔閧
     2.6 fW^ؖ̌J
     2.7 ؖv(CSR)

  3. ؖɂ
     3.1 閧̍쐬
     3.2 ؖv̍쐬
     3.3 ؖ̍쐬
     3.4 EFuT[oւ̏ؖ̃CXg[

  4. Apache Server ̐ݒ
     4.1 ZLAȃ@[`zXg̒`
        4.1.1 SSL Engine
        4.1.2 SSLCertificateFile
        4.1.3 SSLCertificateKeyFile
        4.1.4 SSLCACertificateFile
     4.2 ̗ؖ
        4.2.1 T[oؖt@C
        4.2.2 ؖt@C̓e
        4.2.3 閧t@C
        4.2.4 閧t@C̓e
     4.3 Web T[o̍ċN

  5. guV[eBO
     5.1 T[o͋N悤Ɍ邪AZLATCgɃANZXłȂ
     5.2 Certificate Name Check Warning is issued by the client's browser
     5.3 NCAg̃uEUɁAؖMĂȂؖs@
     5.4 SSLEngine on is an un-recognized command (Apache ̋N)
     5.5 "PEM pXt[Y" YĂ܂AǂĂĐݒ肷邩m肽B

  6. pW

  ______________________________________________________________________

  1.  ̃KCh̖ړI/͈

  ̃KCh̖ړÍARedHat Linux ̃[U Apache EFuT[og
  ăT[o(SSL)ؖCXg[̂菕邱ƂłBڕẂA
  ԂƁȀꍇߖ񂵂Ă菇͂莦ƂłI

  ŏɁA SSL vgRƃfW^ؖɂĒmĂׂƂ
  ܂B̌oł́AModSSL  OpenSSL g Apache EFuT[o
  \ẑAłLvȃ\tgEFȂgݍ킹łBOpenSSL ͔ėp
  IȈÍCuŁASSL v2/v3  TLS v1 vgRT|[gĂ
  ܂B ModSSL ́AApache API W[ŁAApache  OpenSSL Ԃ̃C
  ^[tFCXƂē삷悤ɍĂ܂Bő̗v́A 3
  ̃pbP[Wt[ł邱ƂłB

   4 ͂́A̐ƁAModSSL  OpenSSL g݂ŃRpC
  ꂽ RedHat-Apache T[oւ̏ؖ̃CXg[ǂČ
  ܂B 4 ͂̎菇́AApache ƖڂɊ֌WĂ Stronghold 
  Raven Ƃp SSL T[õpbP[WɂKpłł傤B

  xF́AEquifax Secure Inc. Ƃؖs@ւ̃eNjJT|[
  gZp҂łBłA Equifax Secure ̏ؖg܂A
  Equifax Secure ̏ؖCXg[ɓK`ɂȂĂ܂BƂ
  A͑̏ؖs@ւɂؖɂg͂łB̕
  悵ďƂĂAEquifax Secure Inc. ́A
  菇gƂɂĐ鉽@Ȃ錋ʂɂĂA`ӔC
  B

  ǎ҂ɑ΂鎄̃RǵÃX^C()łB.

  ͕ʂ̃X^CŎ܂B.

  xȃRgAhoCX́ASGML \[X̃RgƂďĂ
  ܂B

  1.1.  Secure Sockets Layer (SSL) ɂ

  SSL ́ATCP ƃAvP[VẘԂɂAv[e[Vw̃T[
  rXłB̓vbgtH[AvP[Vɂ͈ˑ܂B
  SSL ̓NCAgƃT[oԂ̃ZLAȒʐM`lǗڂ
  Ă܂B SSL ̓NCAgƃT[oԂœ]f[^Í
  A͂ȋ@\񋟂܂B

  1.2.  tB[hobN

  ̃KChɂẴRǵA (richard.sigle@equifax.com) ɂ
  Ăɂ肢܂B

  1.3.  쌠ƏW

  Copyright (c) 2001 by Richard L. Sigle

  Please freely copy and distribute this document in any format. It's
  requested that corrections and/or comments be forwarded to the
  document maintainer. You may create a derivative work and distribute
  it provided that you:

  o  Send your derivative work (in the most suitable format such as
     sgml) to the LDP <http://www.LinuxDoc.org/> (Linux Documentation
     Project) or the like for posting on the Internet. If not the LDP,
     then let the LDP know where it is available.

  o  License the derivative work with this same license or use GPL.
     Include a copyright notice and at least a pointer to the license
     used.

  o  Give due credit to previous authors and major contributors.

  If you're considering making a derived work other than a translation,
  it's requested that you discuss your plans with the current
  maintainer.

  1.4.  ӎ

  ނƂȂ̃htgǂŁAAhoCXꂽ Tony Villasenor
  ɊӂB Tony Ȃ΁A̕͏グ邱ƂłȂ
  傤B

  2.  Secure Sockets Layer/Private Key Infrastructure ւ̏

  PKI ́AJ (NCAgɑ܂) Ɣ閧 (T[oɑ݂
  ) ȂAΏ̂̌VXełBPKI ́ANCAgƃT[o̗
  Í/ɓgAΏ̂̌VXeƂ͈قȂ܂B

  2.1.  SSL/PKI ̐M

  NWbgJ[hËL^A@Ae-commerce AvP[V
  ƂAł@ɒӂȂ΂ȂȂ̒ʐMɂp\ł
  悤ɁAƂv𖞂߂ SSL ͐݌v܂BeAvP[
  V́A@⏈̉lɂāAȉ̓̂ǂ (
  邢ׂ͂Ă) gIł܂B

     vCoV[
        Ⴆ΁AA  B ֓`B邽߂ɁAbZ[WƂ
        ܂BA  B ̌JgăbZ[WÍ܂B
        ƁAB ͎̔閧gẴbZ[W𕜍ēǂނƂ
        łB̐lƂȂ܂BAA ̂Ăʂ̐l
        邩͒肩ł͂܂B

     F
        A ̂Ăʂ̐lł邱Ƃm߂邽߂ɂ́Aۏ؂
        F؂KvłBɂ͏΂蕡GȈÍ̉ߒKv
        B̏ꍇAA  B ւ̃bZ[ẂAŏ A ̔閧ŁA
         B ̌JňÍ܂BB ͂܂̔閧ŁA A
        ̌JŕȂ΂Ȃ܂BŁAB  A ̂
        ʂ̐lƊmMł܂B̐l͒N A ̔閧ňÍ
        bZ[W邱Ƃ͂łȂ̂łB SSL ͂A
         (PKI) gƂŒBĂ܂Bؖ́A| ؖs@
         (CA)̂悤 | ̃T[hp[eB甭sAؖꂽ
        ̌JɉāAfW^^CX^v܂ł
        B SSL c[gΒNłfW^ؖ쐬
        ł܂Aؖł́AʂɌhӂ𕥂Ă钆̃T
        [hp[eBsAy̏d݂Ɍ܂B

     T
        SSL ɂẮAMAC (Message Authentication Code: bZ[WF
        R[h) K{̃nbVe[u֐ƂƂɎgƂŖT
        ؂Ă܂BbZ[W̐ɁAnbV֐gƂ
        MAC ǍʂbZ[Wɒǉ܂BbZ[W
        MƁAbZ[Wɖ߂܂ꂽ MAC 󂯂ƂbZ[W
        vZV MACƔr邱ƂŁAÓ؂܂B
        ŁAO҂ɂĕύXꂽbZ[W͂ɖ炩ɂȂ
        B

     ۔Fh~
        ۔Fh~́AIĈƂ̊ԁA̒ʐM҂݂
        삵܂B́Aǂ炩Â̈ꕔ𑗂Ȃ
        Aƌ̂h܂B۔Fh~́Aǂ瑤ɂĂAɂȂ
        ꂽƂ̓eς邱Ƃ܂BfW^۔Fh~
        `IȊoł΁A_񏑂ɃTĈƓłB

  2.2.  SSL ͂ǂ@\̂

  SSL vgŔA2 ̃TuvgR܂݂܂ | SSL R[hvg
  R SSL nhVFCNvgRłBSSL R[hvgR̓f[
  ^̓`ɎgtH[}bg`܂BSSL nhVFCNvgR
  ́A SSL R[hvgR̗p܂܂Ă܂B SSL ꂽ
  T[oƃNCAgŏ SSL ڑmƂɂƂ肷A
  ̃bZ[Wɗp܂B̃bZ[ẂAȉ̋@\e
  ɂׂ݌vĂ܂B

  o  T[oNCAgւ̔F؁BT[oؖ́Aؖs@ւ
     ďĂAؖĂ炸AM̍Ă
     Ƃۏ؂܂B

  o  NCAgƃT[oAoƂɃT|[gĂÍAS
     YA܂TCt@[(cipher)Iׂ悤ɂ܂B

  o  CӂŁAT[oɑ΂ăNCAgF؁B

  o  L̔閧𐶐̂ɁAJÍZpg܂B

  o  Íꂽ SSL ڑm܂B

  2.2.1.  SSL nhVFCNvgR

  nhVFCNvgŔANCAgƃT[ȍԂ𒲐̂Ɏg
  ܂BnhVFCN̊ԁAȉ̃Cxg܂ |

  o  NCAgƃT[o̊Ԃŏؖ܂ (Ώ̂̌)BT[o
     ͌JNCAgɑ܂BT[oؖgăNCA
     g̔F؂s悤ݒ肳ĂȂANCAg͌JT[o
     ɑ܂B̗ؖLmFAMꂽؖs@ւ
     fW^`FbN܂BLfW^ԈĂ
     ΁AuEU̓[UɌxo܂B[U͂ꂩؖ̕
     ҂M邱Ƃł܂B

  o  ɃNCAg̓_Ȍ (Ώ̌) 𐶐܂B͈Í
      MAC ̌vZɎg܂B̌́AT[ǒJňÍA
     T[oɑ܂B̐VΏ̌́AT[ô݂ł
     BVΏ̌́ANCAgƃT[oԂőf[^̈Í
     Ɏg܂B

     F T[o - uEUԔF؂̌ɑΏ̌gƂŁǍ̏
     ptH[}X啝ɉP܂B

  o  bZ[ẄÍASYƁAT̂߂̃nbV֐Ƃ
      (negotiate) ܂B̒ߒ́ANCAgT|[g
     ASŸꗗT[oɎAɃT[ooŗp\
     łÍIԁAƂ悤Ɏs܂BIꂽÍA
     SYƃnbV֐̎ʎq́Ã݂Xe[^ẌÍ@Xyb
     NtB[hɕۑAR[hvgR痘p܂B

  o  ȉ̃tB[h͑SāAnhVFCN̊ԂɃZbg܂ |vg
     R̃o[WAZbV IDAÍ̑gAk@Aꂩ 2 
     ̃_l ClientHello.random  ServerHello.randomB

  F IP AhX́Ae SSL ڑɕKvɂȂ܂BOx[X̃@[
  `zXg̓AvP[Vwŉ܂B SSL AvP[V
  w̉ɑ݂Ă邱Ƃvo܂傤B

  2.2.2.  ZbV (Ώ̌)

  o  40 rbǵAƂƗAop̂̂ł

  o  56 rbg DES ŗpĂ܂

  o  64 rbg | CAST ŗpĂA56 rbg 256 {͂ł

  o  80 rbg | CAST ŗpĂA56 rbg 16,000,000{
     ł (݂̋Zpł́Aj邱Ƃ͂ł܂)

  o  128 rbg | CAST  RC2 ŎgĂA݂A\ł関
     ɂĂAԗIɌǂ邱Ƃ͕s\ł

  2.2.3.  J/閧̃yA(Ώ̃R[h)

  o  512-bit

  o  768-bit

  o  1024-bit

  o  2048-bit

  2.3.  PKI ̎dg

  NCAgƃT[óAꂼJƔ閧܂ (NCAg
  ̏ؖĂAꂪT[oɗvȂANCA
  g̃uEU SSL ̃ZbVpɌ̃yA_ɐ܂)B

  M҂́A̔閧găbZ[WÍ܂BɂA
  bZ[W̃\[XF؂܂Bʂ̈Í́A󂯎̌Jł
  xÍ܂B́A󂯎݂̂Ag̔閧găbZ[W
  ŏɉǂ邱Ƃł悤ɂ邱ƂŁA@炵܂B
  M҂́AÍꂽbZ[Wɉǂ邽߁AM҂̌Jg
  ܂BM҂݂̂̔閧ɃANZXł̂ŁAM҂͈Í
  ꂽbZ[W̑M҂̂̂łƂƂۏ؂܂B

  bZ[W_CWFXǵA֌W҂O҂AbZ[Wɉ炩̉₂
  ύX{ĂȂƂmF̂ɗp܂BbZ[W_CWFX
  ǵAbZ[WɃnbV֐ (wƂĒmA閧̈ꕔ) g
  Ƃœ܂B_CWFXg (ƌĂ΂܂) ̓bZ[WɓYt
  邢͒ǉ܂B̒ (bZ[W̒Ɋւ炸) ŁA
  閧bZ[W_CWFXg̃^Cv (md5  128 rbgA sha1
  Ȃ 160 rbgAȂ) ɂ܂BbZ[W 1 rbgύX
  ł͕̒ω̂ŁAbZ[WύXꂽƂؖ
  ܂B

  2.4.  ؖ(x509 W)

  fW^ؖ̓C^[lbg݂̑Mł悤ɂ܂BfW^
  ́ȂO҂łؖs@ւɂė؂ꂽA[U
  ۏ؏܂݂܂B

  wIȃASYƒl () f[^ǂ߂Ȃ`ɈÍ邽߂Ɏg
  ܂Bf[^̕ɂ 2 ߂̌pA͑IȃAS
  Yƒlg܂B 2 ̌͊֘AÂꂽlĂȂ΂
  炸ÃyA ƌĂ΂܂B

  FITU-T ̊ X.509 [CCI88c]  X.509 ؖ̋L@݂̂Ȃ炸A
  X.500 fBNgւ̔F؃T[rX̎dl߂Ă܂Bؖ́AΏ
  ([U)Oƃ[ǓJƂ̂ȂF؂邽߂ɁAs҂
  ď܂BSSLv3  1994 Nɍ̑܂Bo[W 2 
  3 ̎ȈႢ́AgtB[hǉꂽƂłB̃tB[hɂ
  APȂ錮ƖÔȂ肾łȂAǉ̏`B邱Ƃł
  悤ɂȂA_ɂȂ܂BWIȊgł́AΏۂƔs҂̋A
  AF؃|V[A̗pȂǂ܂܂܂B

  X.509 ؖ́ÃtB[hō\܂ |

  o  o[W

  o  VAԍ

  o  ASY ID

  o  sҖ

  o  L

  o  Ώۂ([U)O

  o  Ώۂ̌J

  o  sҌŗL̎ʎq(o[W 2  3 ̂)

  o  ΏیŗL̎ʎq(o[W 2  3 ̂)

  o  g(o[W 3 ̂)

  o  LtB[hɂĂ̏

  2.5.  fW^ؖ̔閧

  閧́AfW^ؖɖ߂܂Ă͂܂B閧͂ǂȃT[o
  ܂B閧͈̂ÍƎwłB͎̃VX
  eŃ[JɐASȊ̂܂܂łȂ΂Ȃ܂B閧
  댯ɂ炳΁AQ҂́A{Iɂ̃ZLeBVXẽR
  [hɂƂɂȂ܂BNCAgƃT[oԂ̑ḾAT
  Aǂ꓾܂B_Atriple DES ZpgĈÍ
  ꂽ閧邱ƂĂ闝RłBƃt@C͈Í
  ApX[hŕی삳܂BɂAmȃpXt[YȂɎg
  ƂقƂǕs\ɂȂ܂B

  gUNṼZLeB́A̔閧Ɉˑ܂B̌
  lɂ킽ANłȒPɂ̍āAZLeBj邽
  ߂Ɏgpł܂B낤́AT[oւ̃bZ[W@ȃnbJ[
  ĖT󂳂A삳鎖Ԃ˂܂BSɃZLAȃVXe
  ł́ÂmłA̕WQ悤ɂȂĂȂ΂Ȃ
  B

  2.6.  fW^ؖ̌J

  J̓fW^ؖɖ߂܂ĂAZLAȐڑvꂽ
  ɁAT[oNCAg֑܂B̉ߒɂAؖg
  T[o̐gmF܂BJ͊SAMߐ؂A閧̃f[
  ^]邽߂Ƀf[^Í̂ɂg܂B

  2.7.  ؖv(CSR)

  CSR ͏ؖs@ւؖ쐬̂ɕKvƂȂ܂ނ̂
  B CSR ́A閧ɑ΂đIȃASYAT[o̐gؖ
  ܂B̏ɂ́AABAgDAʖ(hC)AA
  Ƃ񂪊܂܂܂A肳킯ł͂܂B

  3.  ؖɂ

  ȍ~̐߂ł́A閧t@C̍쐬AؖvAꂩ玩
  ܂ގ菇܂Bؖs@ւɂďꂽؖ
  肷ȂAؖv (CSR) 쐬Kv܂B
  ́Aؖ쐬邱Ƃł܂B

  3.1.  閧̍쐬

  閧ɂ́AOpenSSL c[LbgCXg[ĂāA
  Apache pɐݒ肳ĂKv܂B̗ł́AftHg
   /usr/local/ssl/bin fBNgɂ OpenSSL ̃R}hCc[
  g܂Bł́AOpenSSL ̃R}hCc[fBNg
   $PATH ɒǉĂ邱Ƃz肵Ă܂B

  gv DES ÍW () gĔ閧ɂ́ÃR}h
  g܂ |

       openssl genrsa -des3 -out filename.key 1024

  pXt[Y͂A܂ē͂悤ɋ߂܂Bgv DES
  gƂɂȂASSL T[oR[hX^[gŋNxɃpX
  [h߂܂B(ċNR}hgꍇ́ApX[h͕
  ܂B) ɃVXex݂̊ԂɋN˂΂ȂȂꍇÃpX[
  h͂Ǝv܂B܂AVXe͊ɏ\ɌS
  ƊmMĂ邩܂BłApX[h͂Ȃ悤ɑI
   (]ăgv DES Íg킸) ȂAȉ̃R}h
  sĂBtɁAP 512 bit ̌肽ȂAR}h̍Ō
  ɂ 1024 ĂB OpenSSL ̓ftHg 512 bit 
  ܂BȌgƁA΂葁Ȃ܂ASቺ
  ܂B

  閧gv DES ÍȂō쐬ɂ́ÃR}hg܂
  |

       openssl genrsa -out filename.key 1024

  ̔閧ɃpX[hǉɂ́ÃR}hg܂ |

       openssl -in filename.key -des3 -out newfilename.key

  ̔閧pX[h폜ɂ́ÃR}hg܂ |

       openssl -in filename.key -out newfilename.key

  ӁFʓrw肵Ȃ΁A閧̓JgfBNgɍ쐬܂B
  舵ɂ 3 ̊ȒPȕ@܂BOpenSSL pXɓ
  ΁At@Cۑ邽߂ɑI񂾃fBNgs邱Ƃ
  ł܂ (Apache ̃CXg[ RPM gꍇ̃ftHg
  /etc/httpd/conf/ssl.key ŁA\[Xt@CCXg[̂Ȃ
  /usr/local/apache/conf/ssl.key ł)Bʉ́A쐬ꂽfBNg
  AfBNgւƃt@CRs[邱ƂłBɁA
  ȂƂY܂AR}h̎sɃpXw肷邱Ƃł
  ܂ (eg.  openssl genrsa -out /etc/httpd/conf/ssl.key/filename.key
  1024)BɐiޑOɍƂIĂ΁A@͂ǂł\܂B

  OpenSSL c[LbgɂĂ̂ڂ́AĂ |
  OpenSSL Website <http://www.openssl.org/>

  3.2.  ؖv̍쐬

  ؖs@ւɂďꂽؖ肷ɂ́Aؖv
  (CSR) 쐬Kv܂BړÍA閧ۂƑA
  댯ɂ炵肷邱ƂȂAؖ쐬ɑ
  ؖs@ւɑ邱ƂłBCSR ́AႦ΃hCnƂ
  AؖɊ܂܂Ă܂B

  o  CSR Ƃ̔閧mF܂B̃R}h͂Ă
     |

       openssl req -new -key filename.key -out filename.csr

  o  nAʖ (hC)AgDȂǂ̓͂߂܂BK
     vƂ鍀ڂƁAsK؂ȃGg̏A̗p悤ƂĂ CA
     ɖ₢킹ĂB

  o  CSR  CA ̎wɏ]đ܂B

  o  Vؖ҂A邢͎ؖ쐬ĂB
     ؖ͏ؖs@ւؖ󂯂Ƃ܂Ŏgp邱Ƃł
     B

  ӁF閧Ɨv(:CSR)𓯎ɍ쐬ɂ́ÃR}hg
  B

       openssl genrsa -des3 -out filename.key 1024

  3.3.  ؖ̍쐬

  CA ̏ؖ肵悤ƂĂȂAؖKv
  ܂BƂ͂Aؖ̍쐬͂ւȒPłBKvȂ̂́A
  閧ƃZLAɂT[o̖O (SChC) łBn
  ⋤ʖ (hC)AgDȂǂu˂܂BOpenSSL ł́A
  łȂ̎R܂Bؖɋ@\邽߂ɗBKvȏ
  ́Aʖ (hC) łBꂪȂA肵Ă
  ƁACertificate Name Check xuEU󂯂邱ƂɂȂ܂B

  ؖ쐬ɂ |

       openssl req -new -key filename.key -x509 -out filename.crt

  3.4.  EFuT[oւ̏ؖ̃CXg[

  ̎wɏ]ĂA܂ł̂ƂA܂łł͓ɖ͋N
  ĂȂ͂łBCSR ؖs@ւɑāA܂ؖ󂯂Ƃ
  ȂȂAƈx݂܂傤I ؖgĂ邩Aؖ
  󂯂Ƃ肸݂ȂAɐił\܂B

  o  閧t@CAgƌ߂ꏊɂ邱ƂmFĂB
      RedHat RPM ɂCXg[̃ftHg
     lA/etc/httpd/conf/ssl.key ɊĂ܂B

  o  CA A邢͎̏ؖw肳ꂽfBNgɂ邱
     ƂmFĂBJԂ܂A RPM ̃ftHgł
     /etc/httpd/conf/ssl.crt g܂B܂ɂȂ΁Aɔzu
     ĂB

  o  ACXg[钆ԏؖ (܂̓[gؖ) ȂA
      /etc/httpd/conf/ssl.crt fBNgɃRs[ĂB

  o  ́Ahttpd.conf t@CҏWKv܂B̃Xeb
     vA``Apache Server ̐ݒ'' ɐiޑOɁÃt@C̃obNAbv
     ĂB

  4.  Apache Server ̐ݒ

  SSL T|[g邽߂ɂ́AApache ͒ǉ API W[g悤
  ݒ肳Kv܂B SSL \tgEFApbP[Wpł
  ܂B̗ł́AModSSL  OpenSSL pɐݒ肳ꂽ Apache ɂĂ
  ܂B̃v_NgT|[g鐔؂Ȃ炢̃[O
  Xgj[XO[v܂B Apache EFuT[oɂĂ邢
  ̏p SSL pbP[WɂA̎LpƎv
  ܂B

  ɓĂׂƂ܂ | T[oɕ̃@[
  `zXgĂ邱Ƃł܂B IP AhXŁAOx[X
  @[`zXg𑽐Ă邱Ƃł܂B IP AhXŁAO
  x[X̃@[`zXg𑽐ƁAZLAȃ@[`zXg 1
  Ă邱Ƃł܂B |  IP AhXŁÃZLA
  @[`zXgĂ邱Ƃ͂ł܂B̐lu˂ł
   | ́H ƁB͂ł | SSL ̓AvP[Vw̉ŋ@\
  ܂BOx[X̃zXǵAAvP[Vw܂ł͒`Ă܂
  B

  ɁA SOCKET (IP AhX + |[g) ɂāÃZLA
  @[`zXgĂ邱Ƃ͂ł܂BftHgł́AZLA
  zXg̓|[g 443 g܂B@[`zXg IP AhX
  قȂ|[gԍgƂŁAʂ̃\Pbg쐬悤ɐݒύX
  邱Ƃ͂ł܂B̕@ɂ͐̕ss܂BԖmȕss
  ́AftHg|[ggĂȂꍇAZLATCgւ̃ANZX
  āAURL Ƀ|[gԍ܂߂ȂĂ͂ȂȂƂłB

  Ⴆ΁F

  o  ftHg|[ggTCgAwww.something.com
     ́Ahttps://www.something.com ŃANZXł܂

  o  |[g 8888 gTCgł́Ahttps://www.something.com:8888 ŃAN
     ZXł܂B

  ̕sśÃ|[ggƁA|[gk܂nbJ
  [ɂ@^邱ƂɂȂAƂƂłBŌɁAI񂾃|[g
  ŎgĂƁAՓ˖肪邱ƂɂȂ܂B

  4.1.  ZLAȃ@[`zXg̒`

  @[`zXg̐ݒúASȒPłBZLAȃ@[`zXg
  ݒ肷{AĂ܂B

  ̗ɂāA.crt  .key t@Cgqg܂B́Al
  Xȃt@CƂ̍AlIȕ@łBApache gȂAD
  Ȋgqg܂A邢͊gqȂɂł܂B

  ZLAȃ@[`zXg͑SāAʏ httpd.conf t@C̖
  zuA<IfDefine SSL>  </IfDefine SSL> ɕ܂Kv
  B

  ZLAȃ@[`zXg̗ł |

       <VirtualHost 172.18.116.42:443>
       DocumentRoot /etc/httpd/htdocs
       ServerName www.somewhere.com
       ServerAdmin someone@somewhere.com
       ErrorLog /etc/httpd/logs/error_log
       TransferLog /etc/httpd/logs/access_log
       SSLEngine on
       SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
       SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
       SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
       <Files ~ "\.(cgi|shtml)$">
             SSLOptions +StdEnvVars
       </Files>
       <Directory "/etc/httpd/cgi-bin">
             SSLOptions +StdEnvVars
       </Directory>
       SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
       CustomLog /etc/httpd/logs/ssl_request_log \
                 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
       </VirtualHost>

  SSL ɂčłdvȃfBNeBúASSLEngine on,
  SSLCertificateFile, SSLCertificateKeyFile, ꂩ瑽̏ꍇ
  SSLCACertificateFile łB

  4.1.1.  SSL Engine

  "SSLEngine on"| ́ASSL Jn邽߂ ModSSL R}hłB

  4.1.2.  SSLCertificateFile

  SSLCertificateFile ́AApache ɏؖt@C̍ݏƁAꂪȂƂ
  OȂ̂w܂B̗ł́A"server.crt" ؖt@C
  ƂĎĂ܂B́AApache ƈꏏ ModSSL ݒ肵ɒ
  ftHgłBlIɂ́AftHg̖OgƂ͂
  ܂Bʓ|Ȃ̂炦āAؖɃT[o.crt (hC.crt) 
  tĂB悤ɁAftHg /etc/httpd/conf/ssl.crt 
  /usr/local/apache/conf/ssl.crt Ƃ͕ʂ̃fBNggƂł
  B

  4.1.3.  SSLCertificateKeyFile

  SSLCertificateKeyFile ́AApache ɔ閧̖OƂ̍ݏw
  BŎw肳ꂽfBNg root ݂̂ǂ/Ă
  Kv܂Bɂ͒ÑfBNgɃANZXׂł͂
  ܂B

  4.1.4.  SSLCACertificateFile

  SSLCACertificateFile fBNeBúAApache ɒԏؖ̏ꏊw
  ܂B̃fBNeBúAgpĂ CA ɂĕKvsK
  v肵܂B̏ؖ{IɐM̗ւƂȂ܂B

  ԏؖ | ؖs@ւ́AȂƂقƂǓ@ŏؖ𓾂
  B́AԏؖƂĒmĂ܂B́A{Iɂ͒ԏؖ
  ̏҂ÂłBEFuuEÚAe[XƂɍXV
  A"Mł" ؖs@ւ̃XgĂ܂Bؖs@ւ
  SVȂA̒ԏؖ́AuEU̐Mł CA Xgɂ
  ĂȂł傤BقƂǂ̐l̃uEUpɂɃAbvf
  [g肵ȂƂƍ킹ƁAȂ܂ | CA 
  IɐMł̂ƂĔFɂ́AN܂B́A
  SSLCACertificateFile fBNeBugāAT[oɒԏؖC
  Xg[邱ƂłBĂA"Mꂽ" CA ͒ԏؖ𔭍s
  ܂BłȂ΁ASSLCertificateChainFile fBNeBug
  ˂΂ȂȂm܂񂪁A͂܂ȂƂłB

  4.2.  ̗ؖ

  4.2.1.  T[oؖt@C

       -----BEGIN CERTIFICATE-----
       MIIC8DCCAlmgAwIBAgIBEDANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
       FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
       VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
       biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
       MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTkwNTI1
       MDMwMDAwWhcNMDIwNjEwMDMwMDAwWjBTMQswCQYDVQQGEwJVUzEbMBkGA1UEChMS
       RXF1aWZheCBTZWN1cmUgSW5jMScwJQYDVQQDEx5FcXVpZmF4IFNlY3VyZSBFLUJ1
       c2luZXNzIENBLTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYna8GjS9mG
       q4Cb8L0VwDBMZ+ztPI05urQb8F0t1Dp4I3gOFUs2WZJJv9Y1zCFwQbQbfJuBuXmZ
       QKIZJOw3jwPbfcvoTyqQhM0Yyb1YzgM2ghuv8Zz/+LYrjBo2yrmf86zvMhDVOD7z
       dhDzyTxCh5F6+K6Mcmmar+ncFMmIum2bAgMBAAGjYjBgMBIGA1UdEwEB/wQIMAYB
       Af8CAQAwSgYDVR0lBEMwQQYIKwYBBQUHAwEGCCsGAQUFBwMDBgorBgEEAYI3CgMD
       BglghkgBhvhCBAEGCCsGAQUFBwMIBgorBgEEAYI3CgMCMA0GCSqGSIb3DQEBBAUA
       A4GBALIfbC0RQ9g4Zxf/Y8IA2jWm8Tt+jvFWPt5wT3n5k0orRAvbmTROVPHGSLw7
       oMNeapH1eRG5yn+erwqYazcoFXJ6AsIC5WUjAnClsSrHBCAnEn6rDU080F38xIQ3
       j1FBvwMOxAq/JR5eZZcBHlSpJad88Twfd7E+0fQcqgk+nnjH
       -----END CERTIFICATE-----

  4.2.2.  ؖt@C̓e

  Certificate:
     Data:
       Version: 3 (0x2)
       Serial Number: 1516 (0x5ec)
       Signature Algorithm: md5WithRSAEncryption
       Issuer: C=US, O=Equifax Secure Inc, CN=Equifax Secure E-Business CA
       Validity
         Not Before: Jul 12 15:21:01 2000 GMT
         Not After : Jun  2 22:42:34 2001 GMT
       Subject: C=us, ST=ga, L=atlanta, O=Equifax, OU=Rick, CN=172.18.116.44/Email=richard.sigle@equifax.com
       Subject Public Key Info:
         Public Key Algorithm: rsaEncryption
         RSA Public Key: (1024 bit)
             Modulus (1024 bit):
               00:c8:eb:93:26:97:ca:00:ce:4c:e4:f3:fd:43:31:
               cd:53:ed:b4:8a:ad:93:84:dc:7a:48:39:b5:28:57:
               03:7f:a9:ac:3e:58:6a:7a:e3:52:3e:1e:52:58:a2:
               6f:23:ad:bb:84:d8:88:ed:6d:a5:da:08:6b:c8:6c:
               a5:4c:34:67:d8:46:1c:ca:20:50:b0:e8:54:7f:ca:
               5e:ef:09:ff:6e:8d:a6:2b:02:f5:54:0f:c2:d0:45:
               12:ad:66:e7:8b:dd:68:be:64:a4:9b:69:bd:a4:1a:
               5e:ef:09:ff:6e:8d:a6:2b:02:f5:54:0f:c2:d0:45:
               12:ad:66:e7:8b:dd:68:be:64:a4:9b:69:bd:a4:1a:
               5a:2f:3b:6e:73:84:d8:d6:17:bd:12:39:34:fa:3d:
               d8:a9:e8:59:3c:c2:61:c5:b3
             Exponent: 65537 (0x10001)
       X509v3 extensions:
         X509v3 Key Usage: critical
            Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
         Netscape Cert Type:
            SSL Server
         X509v3 Authority Key Identifier:
            keyid:5B:E0:A8:75:1C:78:02:47:71:AB:CE:27:32:E7:24:88:42:28:48:56
     Signature Algorithm: md5WithRSAEncryption
       87:53:74:e9:e1:a6:10:56:8c:fa:63:0e:7b:72:ff:76:4b:79:
       0e:49:2a:58:ed:71:7a:bf:77:61:fa:e8:74:04:37:8c:d3:6a:
       9a:3d:80:76:7a:c3:64:30:e7:1b:40:25:4e:2a:81:8b:e5:ac:
       76:a4:38:67:cc:3f:93:43:e1:1d:c3:8d:ba:ed:cc:d7:aa:a4:
       ab:d3:84:77:7c:8f:26:f6:dd:ba:3b:6a:99:81:e1:9e:7e:0f:
       ca:a6:ff:c0:c3:59:6e:dc:a6:03:23:bf:8f:24:ff:15:ad:ac:
       0d:85:fc:38:bf:d1:24:2d:1a:d3:72:55:12:95:5f:65:f0:60:
       df:b1

  4.2.3.  閧t@C

  -----BEGIN RSA PRIVATE KEY-----
  Proc-Type: 4,ENCRYPTED
  DEK-Info: DES-EDE3-CBC,124F61450D85A480

  ELz64SV+tFSRybsHjY9NH7CP7yDHXP6xcd9FY6MVgQykTkq2h0n7j+tmpfUPbStT
  6jCgm/dTYM9mpkQ3jYZBALiVD5JNJ9t1dWisxQXY/nsak8LSTN7LhUtZSfk5xSmV
  Zsl4gwQS20UdBzFiJ+4qDajP/pzocSdSuQvxIHq7UzNwJsW8UYxR3I1qrDgyNXKS
  db41BWH4QdNtE0p+pi9VndDzXktqZGHEvtrQTV+39DV/dwOdnGBpYBETljMO5X6t
  D42xcVs0Doa1vZ6PiMCkwFNPXsPlKHZtHwEL4I3CQdiH4E0oYh3klBzlXBY4YldN
  A+s4xU44FpXp5xwt9nnVPUKHPo+NpdaRK7dAcRNO3GN3+ek1ggzvEjjuWKes3RQh
  PlHPuF7VWo4KeaTfTIwJWfGxz4nvwlVByPJ6Z73Mn0VcDXCkVm6+h3PLlYL0FMqM
  baUyQPpw6bhfW71FO/IIQxz3R1EqkxW7OHv74uuYl8kjHXf3S6qRZEGUG/zOGLGr
  mI5s2qnU69HlBObFkc6WQq0QxMq4PiUi7HhCLMkH8+wBsNNMnb75+7lQKkEhdOeE
  iUMKe5kgQqfd9w8jsBH5nu+J/nCfvPdp0isQW+P3/Rrh6YMwdKnlVfNZWdGiTzpQ
  ngThAGq5lit4uf4zdTIYYrs+T9I5ltjj0KgCUD4VL5/7OfnR3gcphpbHXQf0E2cz
  Qwq7q7ppKwCf/x92pHi8oVevlV5Dx9NQbGhEOA5pooqD6S2xZBbPLzkUKWDEO2il
  oBZ5L1jClR5jjdF2U61w7aRrL0t6luDU/aRv/fcoYes=
  -----END RSA PRIVATE KEY-----

  4.2.4.  閧t@C̓e

  read RSA key
  Enter PEM pass phrase:
  Private-Key: (1024 bit)
  modulus:
      00:c8:eb:93:26:97:ca:00:ce:4c:e4:f3:fd:43:31:
      cd:53:ed:b4:8a:ad:93:84:dc:7a:48:39:b5:28:57:
      03:7f:a9:ac:3e:58:6a:7a:e3:52:3e:1e:52:58:a2:
      6f:23:ad:bb:84:d8:88:ed:6d:a5:da:08:6b:c8:6c:
      a5:4c:34:67:d8:46:1c:ca:20:50:b0:e8:54:7f:ca:
      5e:ef:09:ff:6e:8d:a6:2b:02:f5:54:0f:c2:d0:45:
      12:ad:66:e7:8b:dd:68:be:64:a4:9b:69:bd:a4:1a:
      5a:2f:3b:6e:73:84:d8:d6:17:bd:12:39:34:fa:3d:
      d8:a9:e8:59:3c:c2:61:c5:b3
  publicExponent: 65537 (0x10001)
  privateExponent:
      00:b6:57:7d:3b:58:24:1e:a9:1b:85:e9:9c:9e:5f:
      d3:3d:69:0c:21:93:37:bf:2b:2c:da:e1:6c:74:48:
      cb:c7:0f:60:5f:50:74:8a:44:45:be:54:5c:5d:4e:
      45:58:f6:f1:a8:b5:af:46:f2:ec:c2:bc:43:bd:28:
      44:b7:ad:13:d3:ca:de:59:24:e8:fa:f8:e5:5f:45:
      38:2c:a0:a3:de:98:13:d8:80:38:e1:47:53:4c:ea:
      e4:66:c3:82:93:89:c3:90:83:44:e1:13:4f:74:76:
      e2:c0:89:97:77:5f:33:d8:7d:27:21:52:55:c2:d7:
      dc:01:f9:bc:21:8d:a3:f5:c1
  prime1:
      00:e3:2d:6b:5e:05:6b:e1:46:e6:ab:ae:f3:8b:d0:
      5f:94:5c:6f:f5:47:46:1d:4e:66:d3:7e:98:18:e0:
      2c:0d:08:ca:b7:29:72:af:53:62:30:ec:be:26:1f:
      cc:5a:ed:65:62:65:70:1e:18:19:61:e3:77:00:a7:
      3a:9e:4e:12:93
  prime2:
      00:e2:69:56:78:e8:39:ff:17:db:cc:39:d7:7f:70:
      41:dc:c5:59:43:16:c1:84:4c:ae:e7:5d:8a:c5:4b:
      da:88:8e:03:99:7c:88:f2:8a:13:31:57:44:e0:b5:
      c8:0a:60:b0:05:de:f6:9e:f2:00:ec:37:21:8d:3b:
      dc:8e:c9:d4:61
  exponent1:
      1a:ad:6a:be:4f:c4:ab:5f:b8:16:d1:24:a8:76:7f:
      c2:dc:58:09:65:a5:46:2b:be:c7:77:46:45:25:8e:
      06:b9:d1:94:50:b9:b6:fd:03:ba:db:12:39:47:e2:
      a7:8a:d9:2d:04:dc:75:ac:3e:ce:cf:f7:59:8c:49:
      c5:ed:45:21
  exponent2:
      2d:4e:fd:32:06:ef:0c:40:7f:08:d8:8e:6a:7f:51:
      7e:d7:b3:6c:3c:92:8f:62:35:22:31:d3:02:76:92:
      8d:ff:35:73:32:bb:c9:25:9e:7f:a2:42:33:61:cd:
      5d:5e:49:fb:72:ca:11:b6:c6:3e:7f:2d:e4:b0:95:
      0b:b2:12:21
  coefficient:
      50:52:09:22:cb:fb:b2:b8:58:85:ab:1d:82:b9:6e:
      d0:f6:dc:e8:ce:a6:5d:a1:ff:c8:4d:3b:2b:1c:19:
      64:f0:c4:4a:bc:b2:1d:2b:2d:09:59:83:a3:9a:89:
      f8:db:2c:2c:8a:bd:fd:a3:16:51:76:aa:ce:ea:85:
      6b:1c:9f:f7

  4.3.  Web T[o̍ċN

  EFuT[oċNXNvǵA炭
  /usr/local/sbinA/usr/sbin (httpd ƂXNvg)A邢
  /usr/local/apache/bin (apachectl ƂXNvg) ɂł
  B SSL LɂăT[oNĂȂȂAT[o~āAN
  Kv܂BJnAċNA~̂߂ɁAp̃JX^}C
  YXNvgĂ\܂BSSL GWNA
  ͂܂B

  R}h |

       httpd stop
       httpd startssl
       httpd restart

  邢

       apachectl stop
       apachectl startssl
       apachectl restart

  5.  guV[eBO

  A肪ȖĂ܂B

  5.1.  T[o͋N悤Ɍ邪AZLATCgɃANZXłȂ

  error_log t@C`FbNĂB@[`zXgG[
  O悤ɐݒ肵ĂȂȂAlm܂B
   SSL @[`zXǵAG[Ot@Cɏo͂܂B
  A2, 3 ̌xƁAO̍ŌɃG[A{Iɂ͔閧ؖ
  ƈvȂAƂeł傤B

  F

       [Tue Nov 21 09:09:02 2000] [notice] Apache/1.3.14 (Unix) mod_ssl/2.7.1
       OpenSSL/0.9.6 configured -- resuming normal operations
       [Tue Nov 21 09:09:16 2000] [notice] caught SIGTERM, shutting down
       [Tue Nov 21 14:39:54 2000] [notice] Apache/1.3.14 (Unix) mod_ssl/2.7.1
       OpenSSL/0.9.6 configured -- resuming normal operations
       [Tue Nov 21 14:40:31 2000] [notice] caught SIGTERM, shutting down
       [Tue Nov 21 14:43:53 2000] [error] mod_ssl: Init: (esi.fin.equifax.com:443)
       Unable to configure RSA server private key (OpenSSL library error follows)
       [Tue Nov 21 14:43:53 2000] [error] OpenSSL: error:0B080074:x509 certificate
       routines:X509_check_private_key:key values mismatch

  L̃G[bZ[W𓾂ȂA͌ƏؖvȂƂ
  BftHg server.keyt@CgĂȂƂmFĂ
  B܂Ahttpd.conf t@C`FbNāAfBNeBu
  ƏؖwĂ邩̊mFׂłB

  mF̂߁A閧Əؖ̏mŁA݂ɑ΂ȂĂ邱Ƃ
  ׂ邱Ƃł܂B̂߂ɂ́ÃR}hgĔ閧^[~
  iEBhEɕAʂ̃EBhEŏؖ𕜍ĂB
  r̂́Aꂼ̃W[Ǝ̂łB̃W[Ǝ̂
  ؖ̂ƈvȂ΁Ȁؖƌ΂ɂȂĂƂ
  ܂B

  If all else fails, create a new private key, CSR or self-signed
  certificate.  Before you do this, check your CA's re-issue policy.
  You may be charged for a re-issue.

  To view the contents of the certificate:

       openssl x509 -noout -text -in filename.crt

  To view the contents of the private key:

       openssl rsa -noout -text -in filename.key

  5.2.  Certificate Name Check Warning is issued by the client's browser

  The most common cause for this is omitting the "www" at the beginning
  of the domain name when creating the CSR.  The name defined by the
  "ServerName" directive for that virtual host must match the domain
  name presented by the certificate exactly or the browser will let the
  client know.  The exception is a wild card certificate.  A wild card
  certificate's domain name field would look like *.somedomain.com.
  This enables you to use one certificate for any number of sub-domains
  of somedomain.com (e.g. host1.somedomain.com and
  host2.somedomain.com).

  5.3.  NCAg̃uEUɁAؖMĂȂؖs@

  If you are using a self-signed certificate, you will get this warning.
  Your clients will be given the option to trust your certificate or
  not.  If you have a CA signed certificate and are getting the
  untrusted warning, you probably need to install their intermediate
  (root) certificate.

  5.4.  SSLEngine on is an un-recognized command (Apache ̋N)

  ̃G[bZ[ẂAApache ƈꏏ ModSSL RpCȂ
  ꍇɔ܂B@[`zXg SSL ĝɁAʂ̃fBN
  eBug SSL pbP[W܂Bʂ̃fBNeBugpbP
  [WgĂꍇ̃G[bZ[W܂邱ƂɂȂ܂B

  5.5.  "PEM pXt[Y" YĂ܂AǂĂĐݒ肷邩
  m肽B

  ̃pXt[YĐݒ肷@͂܂Bɂ́ApXt[
  YĂAV閧쐬邵܂BƁAV
  ؖ擾邩AVؖ쐬KvłĂł
  B

  6.  pW

     F
        T[oNCAgA[UƂlbg[N݂̑Am
        ɓłƏؖ邱ƁBSSL ̕ł́AF؂̓T[oƃNC
        Agɂؖ̏ƍߒ܂B

     ANZX
        lbg[N̈ւ̃ANZX𐧌邱ƁBʏ Apache ̕
        ́A URL ւ̃ANZX𐧌邱ƁB

     ASY
        ꂽ萔Ŗ邽߂̖Ȓ莮A邢͋K̑gB
        Í̂߂̃ASÝAʏ cipher ƌĂ΂܂B(󒍁F
        {ł́Acipher ÍAȂǂƖ󂵂Ă܂B)

     ؖ
        T[oNCAgƂlbg[NGeBeBF؂
        ɎgAf[^R[hBؖ́ȀL (subject ƌĂ
        ܂) Əؖs@ (issuer ƌĂ΂܂) Ɋւ
         X.509 ̏fЁAďL҂̔閧 CA ɂč쐬
        ܂݂܂Blbg[NGeBeB͂̏؂
        ̂ɁA CA ̏ؖg܂B

     F؋@ (CA)
        MĂOҋ@ւŁAlbg[NGeBeBSȎi
        ŔF؂邽߂ɁȀؖɏ̂ړIłB̃lbg
        [NGeBeB͏`FbNāA CA ؖ̉^юƂ
        ĔF؂Ă邱ƂmF邱Ƃł܂B

     ؖv (CSR)
        F؋@ւɒo鏐ĂȂؖŁA CA ؖ̔
        ŏ܂BCSR ͏邱ƂŐ^̏ؖƂȂ܂B

     TCt@
        f[^̈Í̂߂ɎgASYVXeBႦ΁ADES,
        IDEA, RC4 ȂǂłB(󒍁F̃~XƑz肵ĖɎĂ
        ܂)

     Í
        vCeLXgɈÍ@{ʁB

     ݒfBNeBu
        vŐɂāA1 ȏ̑ʂ𑀍삷ݒ薽
        ߁BApache ̕ł́Aݒt@C̍ŏ̃Jɂ閽
        ܂B

     Í | Ώ
        NCAgƃT[oAf[^̈Íƕɓp
        B

     Í | Ώ
        ̃yA (JƔ閧) ō\܂BPKI ͔Ώ̈ÍłB

     fW^
        ÍꂽbZ[WƂƂɑMf[^ŁA쐬҂̏ؖ
        A₂ĂȂƂmF܂B

     HTTPS
        (S)nCp[eLXg]vgRŁAWorld Wide Web ɂ
        ẄÍꂽʐMJjYłB́Aۂɂ͒PȂ
        HTTP over SSL łB

     bZ[W_CWFXg
        bZ[W̃nbVŁAbZ[W̓e]ɕύXĂ
        ƂmF邽߂ɗp܂B

     ۔Fh~
        (Cӂ̑Oҋ@ւCӂ̎ɊmF\) Us\Ȋ֌WƁA
        {ł邱ƂmxŒfłF؂Ƃ̑oɂāAf[^
        ̖TƋNƂؖĂT[rXB

        ͈Í@ɂĒBꂽŁAl邢͎̂ɁAf
        [^Ɋւ̍sȂ悤ɂ (ႦΔ۔F֎~F
        (o)̋@\A`EӎuEϔCȂǂ̏ؖA邢͏L̏ؖ
        Ȃ)B

     OpenSSL
        I[v\[X SSL/TLS c[LbgłB
        http://www.openssl.org/ <http://www.openssl.org/> QƁB

     pXt[Y
        閧t@Cی삷PZBF؂Ȃ[UA
        ÍɎĝh܂BẮATCt@[ɑ΂Ďg
        AÍ/̔閧̌ƂȂ܂B

     
        ÍĂȂeLXgB

     閧
        JÍVXeɂ閧̌ŁA͂bZ[W̕
        ƁAoĂbZ[Wւ̏Ɏg܂B

     J
        JÍVXeɂāANłpł錮ŁȀL҈
        ăbZ[ẄÍƁȀL҂ɂ鏐̕Ɏg
        B

     JÍ
        錮ÍAʂ̌𕜍ɎgAΏ̂ȈÍVXě
        AvP[VBΉ邱̌̑gyA\
        BΏ̈ÍƂĂ΂܂B

     Secure Sockets Layer (SSL)
        ʓIȒʐMF؂ TCP/IP lbg[Nz̈Í̂߂ɁAlb
        gXP[vR~jP[VYЂɂč쐬ꂽvgRB
        Lȗp@ HTTPSAȂ킿 HTTP over SSL łB

     ZbV
        SSL ʐMɂReLXgB

     SSLeay
        Eric A. Young <eay@aus.rsa.com> JAŏ SSL/TLS 
        CuBhttp://www.ssleay.org/
        <http://www.ssleay.org/> QƁB

     Ώ̈Í@
        Íƕ̗ɁAP̔閧gAAvP[V
        B

     gX|[gwZLeB (TLS)
        SSL ̌pvgRŁAʓIȒʐMF؂ TCP/IP lbg[Nz
        ̈Í̂߂ɁAC^[lbgZp]c (IETF) ɂč쐬
        ܂B TLS ̃o[W 1 ́ASSL ̃o[W 3 ƂقƂ
        ǓłB

     jtH[\[XP[^ (URL)
        World Wide Web ̗lXȃ\[ẌʒuAK̎ʎqB
        ƂL URL ̃XL[́A http łBSSL  https Ƃ
        XL[p܂B

     X.509
        ےʐMA (ITU-T) F؏ؖ̃XL[ŁA SSL/TLS 
        F؂ɗp܂B

     ITU-T
        X.509 [CCI88c] ́AX.509 ̏ؖL@łȂ X.500 fBN
        g̔F؃T[rX`܂BX.509 ̃fBNgF؂́A閧
        łJł\ŁA҂͌JؖɊÂ̂łB
        Wł́ÄÍASY͎w肳Ă܂񂪁AW
        Qlł́A RSA ASYɂĐȂĂ
        ܂B

