三歩あるけば物も忘れる

お腹のお肉がメタボックル

ユーザ用ツール

サイト用ツール


InfrastructureConstruction:Zabbix:ZabbixConvertHTTPS

5.Zabbixをhttps化する

Zabbixをhttps化する手順を記載する。

https化手順

mod_sslのインストール

# mod_sslのインストール
yum -y install mod_ssl

秘密鍵とサーバ証明書の作成

# 秘密鍵とサーバ証明書の作成
openssl genrsa > server.key
openssl req -new -key server.key > server.csr #全てEnterを入力します。

# 自分の秘密鍵で自己署名した証明書を作成する
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

# 鍵ファイルの格納先作成
mkdir /etc/httpd/conf/ssl.key
mkdir /etc/httpd/conf/ssl.crt

# 鍵ファイルの移動
mv server.key /etc/httpd/conf/ssl.key/
mv server.crt /etc/httpd/conf/ssl.crt/

ssl.confの編集

# ssl.confの編集
vi /etc/httpd/conf.d/ssl.conf

変更前:ハイライト行を変更する

#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that restarting httpd will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
#   require an ECC certificate which can also be configured in
#   parallel.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

変更後:ハイライト行を変更する

#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that restarting httpd will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
#   require an ECC certificate which can also be configured in
#   parallel.
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

apacheの再起動

# apacheの再起動
systemctl restart httpd

InfrastructureConstruction/Zabbix/ZabbixConvertHTTPS.txt · 最終更新: 2021/01/09 by 127.0.0.1