ã¯ã©ãŠãå©çšãæ¡å€§ããŠãããããªã«ã誀解ããªãã ãããïŒ
ã¯ã©ãŠããµãŒãã¹ã®å©çšãæ¡å€§ããŠãããäŒæ¥ã®éã§ããã¯ã©ãŠããåæã«ã·ã¹ãã ãèšèšãéçšããèãæ¹ã¯åœããåã«ãªãã€ã€ããããããªãªããã¬ã³ã¿ã«ãµãŒããVPSãšãã£ããµãŒãã¹ã®ååšã"ã¯ã©ãŠã"ãšããããŒã¯ãŒãã«ãã£ãŠãåãããã¡ã«ãªã£ãŠãããããã誀解ããªãã§ã»ããããããã®ãµãŒãã¹ã¯æ±ºããŠããŒãºãæžå°ããããã§ã¯ãªããä»ã§ããã£ãããšãŠãŒã¶ãŒãããããæ°ãµãŒãã¹ãããŒã³ãããç¶ããŠããã
ãªãã«ã¯ãä»ãŸã§ã®ã¬ã³ã¿ã«ãµãŒãã§ã¯å®çŸã§ããªãã£ãããšãå¯èœã«ãªããããªé²åãéããŠãããã®ãããããããã€ã³ã¿ãŒãããã2æããæäŸãéå§ãããSNI SSLãããã®1ã€ã ã
ããããSNI SSLã«å¯Ÿå¿ããããšã§ãã¬ã³ã¿ã«ãµãŒãã®äœ¿ãåæãšSSLã®é©çšç¯å²ã¯å€§ããåºãã£ããSSLã«é¢ããŠã®å©äŸ¿æ§ã¯ã¯ã©ãŠãã«å¹æµãããšèšã£ãŠãéèšã§ã¯ãªãã ãããå ·äœçã«ã©ããªã¡ãªãããåŸãããã®ããSNI SSLã®èšå®æ¹æ³ã亀ããªããæ¢ã£ãŠãããã
ã¬ã³ã¿ã«ãµãŒãã ããããSNI SSLãçãã
ããããã®ã¬ã³ã¿ã«ãµãŒããã¯ãã³ã¹ãããã©ãŒãã³ã¹ãšä¿¡é Œæ§ãé«ãã¬ã³ã¿ã«ãµãŒããšããŠäººæ°ã®ãµãŒãã¹ã ãå ±æSSLã«å ããŠãç¬èªSSLã®äœ¿çšãå¯èœã§ãæ³äººåãã«ãµãŒã1å°ãå°æããããããã®ãããŒãžããµãŒãããæäŸããã
SNI SSLã¯ãã¹ã¿ã³ããŒããã©ã³ä»¥äžã®ãããã®ã¬ã³ã¿ã«ãµãŒããšãããã®ãããŒãžããµãŒãã§å©çšã§ãããã¬ã³ã¿ã«ãµãŒãã§SNI SSLãå©çšã§ããã¡ãªããã¯å€§ãã3ã€ããã
[1.ã³ã¹ã] 1ã€ã¯ããµãŒãã®ã³ã¹ãããã©ãŒãã³ã¹ãé«ããªãããšã ããããŸã§ã®SSLãµãŒãèšŒææžã«ã€ããŠã¯ããããã®ãã¡ã€ã³ããšã«ååŸãããµãŒãèªäœ(IPã¢ãã¬ã¹)ãç°ãªããã®ã«å€ããå¿ èŠããã£ããSNI SSLãå©çšããã°ããããå¿ èŠã¯ãªããªãã
[2.å·¥æ°] 2ã€ãã¯ãSSLãµãŒãèšŒææžã®ååŸãã€ã³ã¹ããŒã«ãèšå®ã®æéãåæžã§ããããšã ãç¹ã«ããããã®ã¬ã³ã¿ã«ãµãŒãã§ã¯ãSSLãµãŒãèšŒææžã®ååŸãã€ã³ã¹ããŒã«ãèšå®ã®ããã®GUIãæŽåãããŠãããé ç®ãéžæããŠããã ãã§èª°ã§ãç°¡åã«è€æ°ã®SSLã®èšå®ã管çã§ããã
[3.ã»ãã¥ãªãã£] 3ã€ãã¯ãSSLãå«ããŠã»ãã¥ãªãã£å šè¬ã®ç®¡çããŸãããããããšã ãè匱æ§ã®ä¿®æ£ãªã©ã»ãã¥ãªãã£ç®¡çã®å€ããäºæ¥è ãè¡ãããšã§ãããå®å šãªWebãµã€ããæäŸããããšãã§ããã
ã¬ã³ã¿ã«ãµãŒãã®é åãå確èª
ãããã³ã¹ãããã©ãŒãã³ã¹ãäœæ¥ã®æéãã»ãã¥ãªãã£ç®¡çãšãã£ãã¡ãªãããã¯ã©ãŠããšæ¯èŒããŠã¿ãããã¯ã©ãŠããšããŠã¯ãä»®æ³ãµãŒããæ§ç¯ããŠéçšããã¿ã€ãã§ãSNI SSLãå©çšããªãã±ãŒã¹ãæ³å®ããã
[æ¯èŒ1.ã³ã¹ã] ãŸããã³ã¹ãããã©ãŒãã³ã¹ã«ã€ããŠã¯ãã¯ã©ãŠãã§è€æ°ã®SSLãµã€ããéå¶ããå Žåãç¬èªãã¡ã€ã³ããšã«ãµãŒããç«ãŠãããããã«å¯ŸããŠæéãæ¯æããšããæ§æã«ãªããè€æ°SSLãµã€ããéå¶ããå ŽåããããããµãŒãæ°ã¯å¢ããå°æ°åã®æéããããããšã«ãªãã
äžæ¹ãã¬ã³ã¿ã«ãµãŒãã¯ãè€æ°ãã¡ã€ã³ã®éçšãã§ããã ã1å°ã®ãµãŒãã§ããªãããšãåæã ãè€æ°ã®SSLãµã€ããéå¶ããå Žåããã§ã«éå¶ããŠãããã¡ã€ã³ããšã«SSLãå°å ¥ããã°æžããã¹ã±ãŒã«ã¢ãŠãã®å¿ èŠæ§ãé«ãå Žåã¯ã¯ã©ãŠããããã§ãªãå Žåã¯ã1å°ã§æžãŸããããã¬ã³ã¿ã«ãµãŒãã®ã»ããã³ã¹ãããã©ãŒãã³ã¹ã¯é«ããªãããŸããããããæäŸãããæå°åäœãã¬ã³ã¿ã«ãµãŒãã®ã»ããå®ãã
[æ¯èŒ2.å·¥æ°] äœæ¥ã®æéã«ã€ããŠã¯ãSSLãµãŒãèšŒææžã«é¢ããŠç®¡çç»é¢ãæäŸãããŠããããšã倧ãããå€ãã®å Žåãã¯ã©ãŠãã¯ãSSLãµãŒãèšŒææžã®ã€ã³ã¹ããŒã«ãèšå®ãèªåã§è¡ãå¿ èŠããããããšãã°ãOpenSSLã®ã©ã€ãã©ãªã䜿ã£ãŠããµãŒãèšŒææžååŸã®ããã®CSRãäœæããèªèšŒæ©é¢ããçºè¡ããããµãŒãèšŒææžãWebãµãŒãå ã«èšçœ®ãããããæå¹ã«ãããšãã£ãæéãããããã€ã³ã¹ããŒã«ãèšå®ã§ã³ãã³ãã©ã€ã³ã䜿ãã·ãŒã³ãå°ãªããªãã
ã¬ã³ã¿ã«ãµãŒããç¹ã«ãããã®ã¬ã³ã¿ã«ãµãŒãã®å Žåãããããäœæ¥ãWebäžã®ç®¡çç»é¢ãããã¹ãŠè¡ãããšãã§ãããCSRã®äœæãããèšŒææžã®ã€ã³ã¹ããŒã«ãšèšå®ãŸã§ã誰ã«ã§ã䜿ããããã€ã³ã¿ãã§ãŒã¹ã§ç°¡åã«ç®¡çããããšãã§ãããåååãäžãããSureServer for SAKURAããªã©ã®SSLãµãŒãèšŒææžãå©çšããã°ãSSLãµãŒãæŽæ°ã«ãããéçšã³ã¹ãã®åæžãå¯èœã ã
[æ¯èŒ3.ã»ãã¥ãªãã£] ã¯ã©ãŠãã¯ãèªç±åºŠãé«ãåé¢ããã¹ãŠèªåã§ã»ãã¥ãªãã£ã管çããå¿ èŠããããã¬ã³ã¿ã«ãµãŒãã¯ãäžå®ã®å¶çŽã¯ãããã®ã®ãããŸããŸãªã»ãã¥ãªãã£æ©èœãæšæºã§ä»å±ãããŠãŒã¶ãŒåŽã®ãªã¹ã¯ç®¡çã®æéã¯å°ãªãããããã®ã¬ã³ã¿ã«ãµãŒãã¯ãWAF(ãŠã§ãã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«)ãIPã¢ãã¬ã¹ãã£ã«ã¿ãæšæºã§åããã»ããRAID1æ§æãšå¥ãµãŒããžã®èªåããã¯ã¢ããããµãŒã皌åç99.99%ãªã©ãã¯ã©ãŠããšæ¯èŒããŠãéè²ãªãä¿¡é Œæ§ãæäŸããŠããã
ã¯ã©ãŠããšã¬ã³ã¿ã«ãµãŒãã§ã¯ãããããããã³ã¹ããçšéãç°ãªããã ããã¹ã±ãŒã«ã¢ãŠããå¿ é ãšã¯ãããªãèŠæš¡ã®è€æ°ã®Webãµã€ããECãµã€ããSSLã§ä¿è·ããå Žåãã¬ã³ã¿ã«ãµãŒããšSNI SSLã䜿ã£ãã»ãããã³ã¹ãããã©ãŒãã³ã¹ãé«ãã管çãæ¥œã§å®å¿ãªãµã€ãéå¶ãã§ããããšã¯ããããããã ããã ããã
ãããã®ã¬ã³ã¿ã«ãµãŒãã§SNI SSLã䜿ã£ãŠã¿ã
å®éã«SNI SSLãå©çšããå Žåãã©ããªæé ã«ãªãã®ããç°¡åã«æ¯ãè¿ã£ãŠããããããã§ã¯ãååçºè¡ããSSLãµãŒãèšŒææžãSureServer for SAKURAããçšããŠãã€ã³ã¹ããŒã«ãšèšå®ãè¡ããWebãµãŒãã§ç¢ºèªããŠã¿ããã
SSLãµãŒãèšŒææžã®ç®¡çã¯ããããã®ã³ã³ãããŒã«ããã«ã®ããã¡ã€ã³èšå®ãããäžæ¬ããŠè¡ãããããã§ã¯ãè€æ°ãã¡ã€ã³ã®éå¶ãã«ãŒãé äžã«èšããå°çšãã£ã¬ã¯ããª(ãã¹)ã§ç®¡çããä»çµã¿ã«ãªã£ãŠããããã¡ã€ã³èšå®ã§ã¯ããã¡ã€ã³ããšã®ãã£ã¬ã¯ããªã®ç®¡çãSSLã®ç®¡çãå¯èœã ã
ãŸããèªèšŒæžã¿ã®SSLãµãŒãèšŒææžãæå ã«ããŠã³ããŒãããããããããéãããŠããã¡ãŒã«ã«ããµã€ããŒãã©ã¹ãã®èšŒææžããŠã³ããŒãç»é¢ã®ãªã³ã¯ãèšèŒãããŠããã®ã§ãããããååŸãããcerãšããæ¡åŒµåãæã€ããã¹ããã¡ã€ã«ãããŠã³ããŒããããã
次ã«ãããã¡ã€ã³èšå®ãç»é¢ããSSLãµãŒãèšŒææžãã€ã³ã¹ããŒã«ããããã¡ã€ã³äžèЧã«ã¯ãããããç»é²ããŠãããç¬èªãã¡ã€ã³ããªã¹ã衚瀺ãããŠãããåããŠãã¡ã€ã³ã远å ãããšãã¯ããã¡ã€ã³äžèЧã®SSLã®é ç®ããç»é²ãã«ãªãã®ã§ãç»é²ãã¿ã³ãæŒããŠããµãŒãèšŒææžååŸã®ããã®CSRãäœæããããšã«ãªãã
ä»åã®ããã«ãã§ã«CSRãäœæããŠããå Žåã¯ãç»é²ãã¿ã³ãã¯ãªãã¯ããç¬èªSSLã®èšå®ç»é¢ããSSLãµãŒãèšŒææžãã€ã³ã¹ããŒã«ãããcerããšãã£ã¿ãªã©ã§éããæå®ã®äœçœ®ã«äžèº«ãã³ããŒïŒããŒã¹ãããã
ããã§ãã€ã³ã¹ããŒã«ã¯å®äºã ãåãããã«ãäžéèšŒææžãã€ã³ã¹ããŒã«ããŠãããäžéèšŒææžã¯ãSSLãµãŒãèšŒææžçºè¡æã«ããããããå±ãã¡ãŒã«ã«ãªã³ã¯å ãèšèŒãããŠããã
èšå®ãããã¡ã€ã³ã«httpsã§ã¢ã¯ã»ã¹ãããšãSSLéä¿¡ã瀺ãéµããŒã¯ãªã©ã衚瀺ãããã°ãåé¡ãªãã
ããã§1ã€ã®ãã¡ã€ã³ã«ã€ããŠSSLã«ããä¿è·ãå¯èœã«ãªã£ããåãããã«ããŠãå¥ã®ãã¡ã€ã³ã远å ããŠãããSSLã®ãçš®å¥ããèŠããšãSNIããšãªã£ãŠããããšããããã
ãã®ããã«ããŠã1å°ã®ãµãŒã(åäžã®IPã¢ãã¬ã¹)ã§è€æ°SSLãµã€ãéå¶ãè¡ã£ãŠãããå®éã«äœ¿ã£ãŠã¿ããšã1ã€ã®ç®¡çç»é¢äžã§ãSSLåããè€æ°ã®ãµã€ããäžå çã«ç®¡çã§ããããšã¯ããããžã䟿å©ã§ããããšã宿ã§ããã ããã
ä»åŸãå¢ãã"SSLããŒãº"ã«å¯Ÿããææãªéžæè¢
ã¯ã©ãŠããæ¥ã æ©èœã®æ¡å ãç¶ããŠããããã«ãã¬ã³ã¿ã«ãµãŒããæ¥ã é²åãéããŠãããã¯ã©ãŠããšããèšèã§ã²ãšãããã«ãããã¡ã ããã¯ã©ãŠãã«èŠæãªåéãããã°ãã¬ã³ã¿ã«ãµãŒããVPSã«ãŸãããã»ããããã±ãŒã¹ãå€ãã
ç¹ã«ãSSLã«ã€ããŠã¯ãSNI SSLã«ãããIPã¢ãã¬ã¹ããšã§ã¯ãªããã¹ãåããšã«SSLãµã€ããéå¶ã§ããããã«ãªã£ãã¡ãªãããæå€§éã«çããããšãã§ããããã«ãªã£ããèªç±åºŠã®é«ãããã¯ã©ãŠãäžèŸºåã«ãªããã¡ã ãã驿驿ã§ãµãŒãã¹ãéžæããã³ã¹ããè² è·ãæé©åããŠãããããšããã ã
SNI SSLã«å¯Ÿå¿ãããããã®ã¬ã³ã¿ã«ãµãŒãã¯ãããããç¹ããã䜿ãåæããããµãŒãã¹ã ãSSLãžã®å¯Ÿå¿ããŒãºã¯ä»åŸãå¢ããŠããããšã¯ééããªãããã²èªåã®ç®ã§ç¢ºèªããŠããã ãããã
â ãããã€ã³ã¿ãŒãããã®ã»ãã¥ãªãã£ãµãŒãã¹ãæ€èšŒãã
1åç® : SSLãæåäœã§å©çšå¯èœ!! - ãããã€ã³ã¿ãŒãããã®ãSureServer for SAKURAãã¯ãã©ããªçšéã«æé©ã(æ¬èšäº)
2åç® : äžéãã¯ã©ãŠãã«ãã€ã€ãæãããŠããéã«ãã¬ã³ã¿ã«ãµãŒãã¯ã©ãã ãé²åããã®ã - ãããã®ã¬ã³ã¿ã«ãµãŒãã§ãåäžãµãŒãäžã§ã®è€æ°SSLãµã€ãéå¶ããå¯èœã«ïŒæ¬èšäºïŒ
ãããã€ã³ã¿ãŒããããSureServer for SAKURAã
â詳现ã¯ãã¡ã
ïŒãã€ãããã¥ãŒã¹ åºåäŒç»ïŒ
[PR]æäŸïŒãããã€ã³ã¿ãŒããã








