サイバーディフェンス 証明書設定方法
OpenSSL設定を一時的に変更
policy_matchセクションを探して、organizationNameをoptionalに変更:
# OpenSSL設定ファイルをバックアップ
cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.bak
# 設定を編集
vi /etc/pki/tls/openssl.cnf
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = optional # matchからoptionalに変更
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
1. DNSサーバ設定の修正
# DNS設定を修正
echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
# DNSが動作するか確認
nslookup google.com
1. ミラー参照場所変更
[root@centos-server ~]# cat /etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-7 - Base
baseurl=http://150.65.7.130/pub/Linux/CentOS-vault/7.5.1804/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[updates]
name=CentOS-7 - Updates
baseurl=http://150.65.7.130/pub/Linux/CentOS-vault/7.5.1804/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[extras]
name=CentOS-7 - Extras
baseurl=http://150.65.7.130/pub/Linux/CentOS-vault/7.5.1804/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7a
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
baseurl=http://150.65.7.130/pub/Linux/CentOS-vault/7.5.1804/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
キャッシュクリアと実行
# キャッシュをクリア
yum clean all
# mod_sslインストール
yum install -y mod_ssl