Zabbixをhttps化する手順を記載する。
# mod_sslのインストール yum -y install mod_ssl
# 秘密鍵とサーバ証明書の作成 openssl genrsa > server.key openssl req -new -key server.key > server.csr #全てEnterを入力します。 # 自分の秘密鍵で自己署名した証明書を作成する openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 # 鍵ファイルの格納先作成 mkdir /etc/httpd/conf/ssl.key mkdir /etc/httpd/conf/ssl.crt # 鍵ファイルの移動 mv server.key /etc/httpd/conf/ssl.key/ mv server.crt /etc/httpd/conf/ssl.crt/
# ssl.confの編集 vi /etc/httpd/conf.d/ssl.conf
# Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that restarting httpd will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) # require an ECC certificate which can also be configured in # parallel. SSLCertificateFile /etc/pki/tls/certs/localhost.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that restarting httpd will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) # require an ECC certificate which can also be configured in # parallel. # SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
# apacheの再起動 systemctl restart httpd