Category Archives: Linux

UbuntunでLAMP環境を構築する手順メモ

1.手動でインストール
sudo apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server

2.設定ファイルを変更
sudo vim /etc/apache2/apache2.conf

設定ファイルの最後下記を追加
ファイルタイプのサポートを追加:
AddType application/x-httpd-php .php .htm .html
3.Ubuntuにphp環境でGDライブラリをインストール
apt-get install php5-gd

4.サーバーが再起動
/etc/init.d/apache2 restart

Linuxにsubversionサーバーをインストールと設定方法

システム要件
svn環境インストール
ソースパッケージのダウンロード
wget http://archive.apache.org/dist/httpd/httpd-2.2.19.tar.bz2
wget http://www.sqlite.org/sqlite-amalgamation-3.6.13.tar.gz
wget http://subversion.tigris.org/downloads/subversion-deps-1.6.6.tar.bz2
wget http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz

1.aprとapr-utilのインストール
cd httpd-2.2.19/srclib/apr
./configure –prefix=/usr/local/apr
make&&make install
cd ../
./configure –prefix=/usr/local/apr-util –with-apr=/usr/local/apr
make&&make install

2.apacheのインストール
cd httpd-2.2.19
./configure –prefix=/usr/local/webserver/httpd-2.2.19 –enable-dav –enable-so –with-apr=/usr/local/apr/bin/apr-1-config –with-apr-util=/usr/local/apr-util/bin/apu-1-config –with-included-apr
make && make install

3.subversionのインストール
cd subversion-1.6.17
./configure –prefix=/usr/local/webserver/svn –with-apxs=/usr/local/webserver/httpd-2.2.19/bin/apxs –with-apr=/usr/local/apr/bin/apr-1-config –with-apr-util=/usr/local/apr-util/bin/apu-1-config –with-ssl –with-zlib=/usr –enable-maintainer-mode
make && make install

4.インストールエラー現象と解決方法:
checking sqlite library version (via header)… unsupported SQLite version
checking sqlite library version (via pkg-config)… none or unsupported 3.3
no
An appropriate version of sqlite could not be found. We recommmend
3.6.13, but require at least 3.4.0.
Please either install a newer sqlite on this system
or
get the sqlite 3.6.13 amalgamation from:
http://www.sqlite.org/sqlite-amalgamation-3.6.13.tar.gz
unpack the archive using tar/gunzip and copy sqlite3.c from the
resulting directory to:
/data/software/subversion-1.6.17/sqlite-amalgamation/sqlite3.c
This file also ships as part of the subversion-deps distribution.
configure: error: Subversion requires SQLite

4.1 解決方法
sqlite-amalgamation-3.6.13.tar.gzをダウンロード
[root@svn subversion-1.6.6]# mkdir sqlite-amalgamation
[root@svn soft]# cp sqlite-3.6.13/sqlite3.c /data/software/subversion-1.6.17/sqlite-amalgamation/
4.2 再度configure,エラー下記:
configure: maintainer-mode: adding GCC warning flags
configure: error: –with-zlib requires an argument.

4.3 zlibをインストールする、subversion-deps-1.6.6.tar.bz2 をダウンロード
cd subversion-1.6.6/zlib/
./configure –shared
make

4.4 再度インストール、下記エラー:
BDB WARNING:
configure: WARNING: we have configured without BDB filesystem support
You don’t seem to have Berkeley DB version 4.0.14 or newer
installed and linked to APR-UTIL. We have created Makefiles which
will build without the Berkeley DB back-end; your repositories will
use FSFS as the default back-end. You can find the latest version of
Berkeley DB here:
http://www.oracle.com/technology/software/products/berkeley-db/index.html
make && make install

5.subversionを設定
 5.1 ディレクトリを作成
mkdir /data/subversion
5.2 ファイルを作成
touch svn-access-file
touch svn-auth-file
5.3 ライブラリを作成
svnadmin create /data/subversion/lxsym_web

6.apacheのhttpd.confを設定

6.1 subversionをインストール後、apacheの「conf/httpd.conf」にモジュールを追加
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
6.2 設定変更を追加
listen 8098を修正

<Location /svn>
DAV svn
SVNParentPath /data/subversion/
#SVNPath /data/subversion
AuthType Basic
AuthName “Subversion repository”
AuthUserFile /data/subversion/svn-auth-file
Require valid-user
AuthzSVNAccessFile /data/subversion/svn-access-file
</Location>
<Directory /data>
AllowOverride none
Options MultiViews
order allow,deny
Allow from all
</Directory>

6.3 ユーザーと権限を追加
htpasswd svn-auth-file startnews24_test1
パスワードを2回入力した後、成功メッセージを表示する
Adding password for user startnews24_test1
vi svn-access-file
[groups]
lxsym_all = admin
[lxsym_web:/]
admin = rw
@lxsym_all = r
test1 = rw
* =

6.4 設定完了、画面の確認
http://svn.XXX.com:8098/svn/lxsym_web/

【Redisの学習】Redisのプロセスを管理するシェルスクリプト

役割:Redisのプロセスを管理するために(起動、停止、再起動)シェルスクリプト

シェルコード:

#!/bin/sh
# redis – this script starts and stops the redis-server daemon
# chkconfig:   – 85 15
# description:  Redis is a persistent key-value database
# processname: redis-server
# config:      /usr/local/webserver/redis-2.4.4/bin/redis-server
# config:      /usr/local/webserver/redis-2.4.4/etc/redis.conf

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ “$NETWORKING” = “no” ] && exit 0
redis=”/usr/local/webserver/redis-2.4.4/bin/redis-server”
prog=$(basename $redis)
REDIS_CONF_FILE=”/usr/local/webserver/redis-2.4.4/etc/redis.conf”
[ -f /etc/sysconfig/redis ] && . /etc/sysconfig/redis
lockfile=/var/lock/subsys/redis

start() {
[ -x $redis ] || exit 5
[ -f $REDIS_CONF_FILE ] || exit 6
echo -n $”Starting $prog: ”
daemon $redis $REDIS_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}

stop() {
echo -n $”Stopping $prog: ”
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}

restart() {
stop
start
}

reload() {
echo -n $”Reloading $prog: ”
killproc $redis -HUP
RETVAL=$?
echo
}

force_reload() {
restart
}

rh_status() {
status $prog
}

rh_status_q() {
rh_status >/dev/null 2>&1
}

case “$1” in
start)
rh_status_q && exit 0
$1
;;

    stop)
rh_status_q || exit 0
$1
;;

    restart|configtest)
$1
;;

    reload)
rh_status_q || exit 7
$1
;;

    force-reload)
force_reload
;;

    status)
rh_status
;;

    condrestart|try-restart)
rh_status_q || exit 0
;;

    *)
echo $”Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}”
exit 2
esac

chmod 755 /etc/rc.d/init.d/redis

[root@lx_web_s1 init.d]# service redis start

Starting redis-server:                                     [  OK  ]

[root@lx_web_s1 init.d]# service redis stop

Stopping redis-server:                                    [  OK  ]

自動起動を追加設定

chkconfig –add redis

chkconfig –level 3 redis on

Ubuntuでタスクcronの使い方

1.配置ファイル:
/etc/crontab
自動起動ファイル:
chkconfig\sysv-rc-conf

vim /etc/crontab
# m h dom mon dow user command
18 * * * * root cd / && run-parts –report /etc/cron.hourly
24 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.daily )
37 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.weekly )
22 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.monthly )

2.cronの起動、停止、再起動
sudo /etc/init.d/cron start
sudo /etc/init.d/cron stop
sudo /etc/init.d/cron restart

cronのステータスの確認
pgrep cron

CentOSに vsftpd のインストール、設定

1.インストール
# yum -y install vsftpd

2.vsftpdが起動
# service vsftpd start

3.自動起動
# chkconfig vsftpd on

4.ftpアカウントを追加
# useradd –d /data/wwwroot/www.ttlsa.com/webroot -g nobody –s /sbin/nologin ttlsa_ftp

5.パスワードを設定
# passwd ttlsa_ftp

6.ディレクトリ属性を変更
# chown -R ttlsa_ftp /data/wwwroot/www.ttlsa.com/webroot

7.ftpの設定
# vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
chroot_local_user=YES

8.サーバーが再起動して有効
# service vsftpd restart

9.selinux有効の場合
# setsebool -P ftpd_disable_trans on
# setsebool -P ftp_home_dir on

selinuxを無効になる
# setenforce 0
# vi /etc/selinux/config
SELINUX=disabled

CentOS6.3 x86_64環境でxfc4ディスクトップのvncserverをインスール

1. rpm -ivh epel-release-6-7.noarch.rpm
# ls
CentOS-Base.repo CentOS-Base.repo.bak CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo epel.repo epel-testing.repo

2.# yum groupinfo xfce
Loaded plugins: fastestmirror, presto
Setting up Group Process
Loading mirror speeds from cached hostfile

3.# yum -y groupinstall xfce

4.vncserverのインストール
# yum -y install tigervnc-server

5.アカウント配置ファイル
# vncserver

You will require a password to access your desktops.
Password:
Verify:
xauth: (stdin):1: bad display name “bogon:1” in “add” command
New ‘bogon:1 (root)’ desktop is bogon:1
Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/bogon:1.log
# su – tao
$ vncserver
You will require a password to access your desktops.
Password:
Verify:
xauth: (stdin):1: bad display name “bogon:2” in “add” command
New ‘bogon:2 (tao)’ desktop is bogon:2
Creating default startup script /home/tao/.vnc/xstartup
Starting applications specified in /home/tao/.vnc/xstartup
Log file is /home/tao/.vnc/bogon:2.log
$ ls .vnc/
bogon:2.log bogon:2.pid passwd xstartup

6.xstartupを修正
[root@localhost ~]# cat ~/.vnc/xstartup
#!/bin/sh
/usr/bin/startxfce4 &

7.vncserver構成ファイルを変更してクライアントのアカウント情報を接続
# tail -n 3 /etc/sysconfig/vncservers
VNCSERVERS=”1:root 2:tao ”
VNCSERVERARGS[1]=”-geometry 1024×768″
VNCSERVERARGS[2]=”-geometry 1024×768″

8.vncserverが起動
# /etc/init.d/vncserver restart
自動起動の設定
# chkconfig vncserver on

9.selinuxを閉じる、ファイウォールを設定
# grep SELINUX /etc/sysconfig/selinux
# SELINUX= can take one of these three values:
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
SELINUXTYPE=targeted
# getenforce
Disabled
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp — anywhere anywhere state NEW tcp dpts:5901:5902
REJECT all — anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all — anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

10.クライアントの接続
VNC Host:XXXX
username :vnc_user
Password : startnews24_pwd

CentOS6.3 x86_64 yumソース

cat CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-6.3 – Base
#mirrorlist=http://mirrorlist.centos.org/?release=6.3&arch=$basearch&repo=os
baseurl=http://mirrors.163.com/centos/6.3/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates 
[updates]
name=CentOS-6.3 – Updates
#mirrorlist=http://mirrorlist.centos.org/?release=6.3&arch=$basearch&repo=updates
baseurl=http://mirrors.163.com/centos/6.3/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-6.3 – Extras
#mirrorlist=http://mirrorlist.centos.org/?release=6.3&arch=$basearch&repo=extras
baseurl=http://mirrors.163.com/centos/6.3/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-6.3 – Plus
#mirrorlist=http://mirrorlist.centos.org/?release=6.3&arch=$basearch&repo=centosplus
baseurl=http://mirrors.163.com/centos/6.3/centosplus/$basearch/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib – packages by Centos Users
[contrib]
name=CentOS-6.3 – Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=6.3&arch=$basearch&repo=contrib
baseurl=http://mirrors.163.com/centos/6.3/contrib/$basearch/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

Ubuntu 12/04にOpenCV 2.4.5をインストール

1.ダウンロードURL:
http://opencv.org/
OpenCV2.4.5を解凍
/home/ユーザー名/opencv2.4.5

2.cmakeのインストール
$sudo apt-get install cmake

3.opencvのコンパイル
3.1.opencvの解凍ディレクトリにbuildフォルダを作成
$cd ~/opencv2.4.5

$mkdir build

$cd build

$cmake -D CMAKE_BUILD_TYPE=RELEASE -D CMAKE_INSTALL_PREFIX=/usr/local -D BUILD_PYTHON_SUPPORT=ON ..
3.2 cmakeを実行
$make
$sudo make install
4.インストールが成功したかどうかをテスト
$cd ~/opencv2.4.5/samples/c

$g++ pkg-config --cflags opencv -o mydelaunay delaunay.c pkg-config --libs opencv

「Linux」サーバーでウェブサイトが重い原因を調べる方法

1.システムのパフォーマンスを見る:メモリ、CPUとディスク
free -m //メモリ
top //cpu負荷
df -h //ディスク容量
2.topのステータスの確認
netstat -n | awk ‘/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}’

3.iftopでトラフィックを確認
iftop – i eth0
TX:トラフィックの送信量
RX:トラフィックの受信量
TOTAL:トラフィックの総量
peak:瞬間に発生したトラフィックの最大量
rates:平均値

「Linux」OpenSSLでのプライベート認証局(CA)と自己証明書の作成手順

1.CA鍵ペアが生成
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# ls
certs crl newcerts private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
………………………………………………….+++
……..+++
e is 65537 (0x10001)
[root@localhost CA]# ls -l private/cakey.pem
-rw——- 1 root root 1675 Mar 19 18:55 private/cakey.pem
[root@localhost CA]#

2.自己署名証明書を生成

[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# ls
certs crl newcerts private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
………………………………………………….+++
……..+++
e is 65537 (0x10001)
[root@localhost CA]# ls -l private/cakey.pem
-rw——- 1 root root 1675 Mar 19 18:55 private/cakey.pem
[root@localhost CA]#

3.必要なファイルを作成
[root@localhost CA]# touch index.txt serial crlnumber
[root@localhost CA]# echo 01 > serial
[root@localhost CA]#

4.アプリケーションサーバ鍵は証明書の構成ディレクトリに保存
[root@localhost ~]# mkdir /etc/httpd/ssl
[root@localhost ~]# cd /etc/httpd/ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
………………….++++++
…++++++
e is 65537 (0x10001)
[root@localhost ssl]# ls -l
total 4
-rw——- 1 root root 887 Mar 19 11:24 httpd.key
[root@localhost ssl]#
5.証明書を生成して、リクエストを署名
[root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:tokyo
Locality Name (eg, city) [Default City]:shinakawa
Organization Name (eg, company) [Default Company Ltd]:startnews24
Organizational Unit Name (eg, section) []:Linux Operation
Common Name (eg, your name or your server’s hostname) []:ca.arkgame.com
Email Address []:caadmin@arkgame.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls -l httpd.csr
-rw-r–r– 1 root root 720 Mar 19 11:27 httpd.csr
[root@localhost ssl]#

6.CAにリクエストファイルを送信
[root@localhost ssl]# ls
httpd.csr httpd.key
[root@localhost ssl]# scp httpd.csr root@172.16.5.3:/etc/pki/CA
The authenticity of host ‘172.16.5.3 (172.16.5.3)’ can’t be established.
RSA key fingerprint is b1:b0:d8:51:a6:10:63:6f:ec:9a:47:96:2b:81:f4:75.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.16.5.3’ (RSA) to the list of known hosts.
root@172.16.5.3’s password:
httpd.csr 100% 720 0.7KB/s 00:00
[root@localhost ssl]#

7.CA署名付き証明書
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# ls -l httpd.csr
-rw-r–r– 1 root root 720 Mar 19 19:28 httpd.csr
[root@localhost CA]# openssl ca -in httpd.csr -out httpd.crt -days 3650
Using configuration from /etc/pki/tls/openssl.JPf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Mar 19 11:31:27 2014 GMT
Not After : Mar 16 11:31:27 2024 GMT
Subject:
countryName = JP
stateOrProvinceName =tokyo
organizationName = startnews24
organizationalUnitName = Linux Operation
commonName = ca.arkgame.com
emailAddress = caadmin@arkgame.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
20:EB:87:77:A1:8B:2C:04:B0:B9:08:29:4D:57:F3:81:29:9B:56:3F
X509v3 Authority Key Identifier:
keyid:6E:55:BA:24:FB:A2:5E:A1:46:8F:55:AE:5E:91:32:F4:0A:B3:9E:A2
Certificate is to be certified until Mar 16 11:31:27 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

8.証明書をリクエスト側に返す
[root@localhost CA]# scp httpd.crt root@172.16.5.6:/etc/httpd/ssl
The authenticity of host ‘172.16.5.6 (172.16.5.6)’ can’t be established.
RSA key fingerprint is 4e:15:59:c4:6e:b3:10:5b:46:e5:a8:b5:2d:05:29:be.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.16.5.6’ (RSA) to the list of known hosts.
root@172.16.5.6’s password:
httpd.crt 100% 3929 3.8KB/s 00:00
[root@localhost CA]#

9.証明書の確認
[root@localhost ssl]# ls -l httpd.crt
-rw-r–r– 1 root root 3929 Mar 19 11:33 httpd.crt
[root@localhost ssl]# cat httpd.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=JP, ST=tokyo, L=shinakawa, O=startnews24, OU=Linux Operation, JP=ca.arkgame.com/emailAddress=caadmin@arkgame.com
Validity
Not Before: Mar 19 11:31:27 2014 GMT
Not After : Mar 16 11:31:27 2024 GMT
Subject: C=JP, ST=tokyo, O=startnews24, OU=Linux Operation, JP=ca.arkgame.com/emailAddress=caadmin@arkgame.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:f1:f6:5b:ad:82:7c:ca:27:df:7d:64:d2:bb:02:
69:81:3a:c0:10:1c:a8:d0:be:12:d3:e5:d6:02:b2:
3c:ee:49:9f:db:67:9e:65:3d:5f:36:8e:c2:0e:3b:
33:7e:b5:9a:25:e0:61:96:8f:79:e9:86:ca:d4:77:
6e:8a:b5:d2:f9:0e:72:f7:0b:dd:e6:55:63:ce:06:
ee:0f:6c:2d:44:68:4d:bd:02:11:79:7c:1d:fb:06:
49:cf:f4:ff:3d:e7:6b:99:74:5b:43:3a:de:ab:83:
a1:e0:d3:fe:64:f9:17:59:64:7a:c2:da:a5:46:8c:
74:94:93:9b:49:78:bc:cb:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
20:EB:87:77:A1:8B:2C:04:B0:B9:08:29:4D:57:F3:81:29:9B:56:3F
X509v3 Authority Key Identifier:
keyid:6E:55:BA:24:FB:A2:5E:A1:46:8F:55:AE:5E:91:32:F4:0A:B3:9E:A2
Signature Algorithm: sha1WithRSAEncryption
15:c0:88:62:d1:e1:fe:f5:6d:95:f9:41:a3:51:f7:13:39:cb:
dc:1d:ef:22:5b:77:e1:a2:3b:38:c5:85:b7:ad:b4:ac:18:93:
7c:0b:95:0c:32:a8:33:0d:d5:34:47:57:ae:b6:a5:04:6c:cc:
81:0b:64:97:a1:c9:91:ed:56:1b:da:0a:62:34:7a:48:8d:07:
3e:00:c2:df:53:fd:0d:a2:8a:84:33:af:5a:1c:c6:81:3c:22:
e3:da:7e:ab:00:2e:57:8f:ba:34:2d:1d:06:5a:ce:d6:2a:f3:
6c:67:da:12:cf:94:54:19:9e:10:d3:38:d9:6d:ac:a8:06:34:
a1:3c:95:3a:ba:3a:44:23:c1:c1:4f:31:d8:93:1a:09:58:80:
d0:62:3f:00:a1:89:ec:ce:48:e9:86:1b:56:65:0f:84:90:9d:
9d:ee:94:09:25:2a:81:13:eb:61:e6:36:55:19:f6:22:34:94:
27:38:db:12:df:c0:f4:c1:80:b9:4d:36:43:1a:fe:1b:80:f5:
1c:25:6f:1d:8e:fa:6e:53:25:9c:47:54:82:c4:82:2c:1e:14:
68:6f:9c:ce:79:9c:45:38:e1:b0:d8:60:df:f2:f9:d1:d3:67:
cf:6e:d4:6f:75:f8:c2:65:0b:9e:97:b4:02:a9:34:3a:99:65:
9a:dd:f7:c1
—–BEGIN CERTIFICATE—–
MIIDlTCCAn2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQ04x
EjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDzANBgNVBAoM
Bm1lc2FkYTEYMBYGA1UECwwPTGludXggT3BlcmF0aW9uMRYwFAYDVQQDDA1jYS5t
ZXNhZGEuY29tMSEwHwYJKoZIhvJPAQkBFhJjYWFkbWluQG1lc2FkYS5jb20wHhJP
MTQwMzE5MTEzMTI3WhJPMjQwMzE2MTEzMTI3WjCBhzELMAkGA1UEBhMCQ04xEjAQ
BgNVBAgMCUd1YW5nZG9uZzEPMA0GA1UECgwGbWVzYWRhMRgwFgYDVQQLDA9MaW51
eCBPcGVyYXRpb24xFjAUBgNVBAMMDWNhLm1lc2FkYS5jb20xITAfBgkqhkiG9w0B
CQEWEmNhYWRtaW5AbWVzYWRhLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA8fZbrYJ8yifffWTSuwJpgTrAEByo0L4S0+XWArI87kmf22eeZT1fNo7CDjsz
frWaJeBhlo956YbK1HduirXS+Q5y9wvd5lVjzgbuD2wtRGhNvQIReXwd+wZJz/T/
PedrmXRbQzreq4Oh4NP+ZPkXWWR6wtqlRox0lJObSXi8y9sCAwEAAaN7MHkwCQYD
VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFCDrh3ehiywEsLkIKU1X84Epm1Y/MB8GA1UdIwQYMBaA
FG5VuiT7ol6hRo9Vrl6RMvQKs56iMA0GCSqGSIb3DQEBBQUAA4IBAQAVwIhi0eH+
9W2V+UGjUfcTOcvcHe8iW3fhojs4xYW3rbSsGJN8C5UMMqgzDdU0R1eutqUEbMyB
C2SXocmR7VYb2gpiNHpIjQc+AMLfU/0NooqEM69aHMaBPCLj2n6rAC5Xj7o0LR0G
Ws7WKvNsZ9oSz5RUGZ4Q0zjZbayoBjShPJU6ujpEI8HBTzHYkxoJWIDQYj8AoYns
zkjphhtWZQ+EkJ2d7pQJJSqBE+th5jZVGfYiNJQnONsS38D0wYC5TTZDGv4bgPUc
JW8djvpuUyWcR1SCxIIsHhRob5zOeZxFOOGw2GDf8vnR02fPbtRvdfjCZQuel7QC
qTQ6mWWa3ffB
—–END CERTIFICATE—–
[root@localhost ssl]#
10.キーを紛失場合、速やかに証明書を失効させる
[root@localhost CA]# openssl ca -revoke httpd.crt
Using configuration from /etc/pki/tls/openssl.JPf
Revoking Certificate 01.
Data Base Updated
[root@localhost CA]#