■環境
- Server version: Apache/2.2.15 (Unix)
- OpenSSL 1.0.1e-fips 11 Feb 2013
- VirtualHost
- hogehoge.com <=ここにSSL証明書をインストール
- www.hogehoge.com <= トップドメインにリダイレクト
- watashi.hogehoge.com
- festival.hogehoge.com
- hogehoge.com <=ここにSSL証明書をインストール
- SSl証明書の購入先
- KING SSL => https://www.kingssl.com/
■参考手順
- https://www.kingssl.com/ssl_support/technical/csr_support/csr_8.html
- https://www.kingssl.com/ssl_support/technical/inst_support/inst_6.html
vhost.conf
NameVirtualHost *:80
NameVirtualHost *:443
#main
<VirtualHost *:80>
DocumentRoot /var/www/html/public
ServerName hogehoge.com
ServerAlias www.hogehoge.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.hogehoge\.com)(:80)? [NC]
RewriteRule ^/(.*) http://hogehoge.com/$1 [R=301,L]
ErrorLog /var/log/httpd/hogehoge.com/error_log
CustomLog /var/log/httpd/hogehoge.com/access_log combined
<Directory "/var/www/html/public">
AllowOverride All
</Directory>
</VirtualHost>
#main-ssl
<VirtualHost *:443>
DocumentRoot /var/www/html/public
ServerName hogehoge.com:443
ServerAlias www.hogehoge.com
ErrorLog /var/log/httpd/hogehoge.combinedom/error_log
CustomLog /var/log/httpd/hogehoge.com/access_log combined
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.hogehoge\.com) [NC]
RewriteRule ^/(.*) https://hogehoge.com/$1 [R=301,L]
SSLEngine on
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/intermediate_hogehoge.com.2016.cer
SSLCertificateFile /etc/httpd/conf/ssl.crt/hogehoge.com.2016.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/ssl.hogehoge.com.key
<Directory "/var/www/html/public">
AllowOverride All
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
#sub-festival
<VirtualHost *:80>
DocumentRoot /var/www/html/fest
ServerName festival.hogehoge.com
ErrorLog /var/log/httpd/festival.hogehoge.com/error_log
CustomLog /var/log/httpd/festival.hogehoge.com/access_log combined
<Directory "/var/www/html/fest">
AllowOverride All
</Directory>
</VirtualHost>
#sub-watashi
<VirtualHost *:80>
DocumentRoot /var/www/html/watashi
ServerName watashi.hogehoge.com
ErrorLog /var/log/httpd/watashi/error_log
CustomLog /var/log/httpd/watashi/access_log combined
<Directory "/var/www/html/watashi">
AllowOverride All
</Directory>
</VirtualHost>
以上
■トップドメインディレクトリにある.htaccessのリダイレクト設定
http://~にアクセスした場合、https://~へリダイレクトする設定を書きました。
.htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /var/www/html/public
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
#---ここから---
#http to https
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
#---ここまで---
</IfModule>
# END WordPress
■おまけ
最初は設定の誤りのためか、httpd の起動がエラーが発生してしまいました。
おそらく、設定の途中でミスを犯していたのだと思います。
今回は、CSRの再作成、証明書の再発行からやり直して無事クリア。
errorlog
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[warn] RSA server certificate CommonName (CN) `AlphaSSL CA - SHA256 - G2' does NOT match server name!?
[error] Unable to configure RSA server private key
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[warn] Init: (tk2-229-24426.vs.sakura.ne.jp:443) You configured HTTP(80) on the standard HTTPS(443) port!