~~NOCACHE~~
## 5.Zabbixをhttps化する
Zabbixをhttps化する手順を記載する。

### https化手順
#### mod_sslのインストール
<sxh bash; gutter:True>
# mod_sslのインストール
yum -y install mod_ssl
</sxh>
#### 秘密鍵とサーバ証明書の作成
<sxh bash; gutter:True>
# 秘密鍵とサーバ証明書の作成
openssl genrsa > server.key
openssl req -new -key server.key > server.csr #全てEnterを入力します。

# 自分の秘密鍵で自己署名した証明書を作成する
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

# 鍵ファイルの格納先作成
mkdir /etc/httpd/conf/ssl.key
mkdir /etc/httpd/conf/ssl.crt

# 鍵ファイルの移動
mv server.key /etc/httpd/conf/ssl.key/
mv server.crt /etc/httpd/conf/ssl.crt/
</sxh>
#### ssl.confの編集
<sxh bash; gutter:True>
# ssl.confの編集
vi /etc/httpd/conf.d/ssl.conf
</sxh>
##### 変更前：ハイライト行を変更する
<sxh bash;first-line:76; highlight: [85,93]; gutter:True>
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that restarting httpd will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
#   require an ECC certificate which can also be configured in
#   parallel.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
</sxh>
##### 変更後：ハイライト行を変更する
<sxh bash;first-line:76; highlight: [85-86,94-95]; gutter:True>
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that restarting httpd will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
#   require an ECC certificate which can also be configured in
#   parallel.
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
</sxh>

#### apacheの再起動
<sxh bash; gutter:True>
# apacheの再起動
systemctl restart httpd
</sxh>

{{tag>RHEL Zabbix 実践的}}