\u3053\u3093\u306b\u3061\u306f\u3002\u30af\u30e9\u30e9\u306e\u5409\u6751\u3067\u3059\u3002<\/p>\n
Prism\u3092\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u4f7f\u3063\u3066\u3044\u308b\u3068\u3001SSL\u8a3c\u660e\u66f8\u306e\u30a8\u30e9\u30fc\u304c\u51fa\u3066\u3057\u307e\u3044\u30ab\u30c3\u30b3\u3088\u304f\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n
\u3053\u308c\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306fPrism\u306b\u300c*.nutanix.local\u300d\u3068\u3044\u3046SSL\u8a3c\u660e\u66f8\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u3067\u3001 Nutanix\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u898b\u308b\u3068\u3053\u306eSSL\u8a3c\u660e\u66f8\u306f\u81ea\u7531\u306b\u5909\u66f4\u3067\u304d\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n
\u307e\u305f\u3001\u72ec\u81eaSSL\u8a3c\u660e\u66f8\u306b\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
Note:<\/span>\u00a0Nutanix recommends that customers replace the default self-signed certificate with a CA signed certificate. The\u00a0Controller VM Security Operations Guide<\/a>\u00a0includes more information about certificates, such as generating a private key and certificate signing request (CSR).<\/p><\/blockquote>\n
\u3068\u3044\u3046\u308f\u3051\u3067\u4eca\u56de\u306f\u3001Let’s Encrypt \u3092 Route53 \u306e TXT\u30ec\u30b3\u30fc\u30c9\u8a8d\u8a3c\u3067SSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u3066\u3001Prsim \u306b\u8a2d\u5b9a\u3059\u308b\u307e\u3067\u3092\u3054\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n
<\/p>\n
Route53\u306e\u8a2d\u5b9a<\/h3>\n
TXT\u30ec\u30b3\u30fc\u30c9\u306e\u8a8d\u8a3c\u306f\u7279\u306b Route53 \u3067\u306a\u304f\u3066\u3082\u3088\u3044\u306e\u3067\u3059\u304c\u3001\u81ea\u52d5\u5316\u3068\u3044\u3046\u90e8\u5206\u3092\u8003\u616e\u3057\u3066 certbot\u3068\u306e\u76f8\u6027\u306e\u826f\u3055\u3067\u9078\u3073\u307e\u3057\u305f\u3002<\/p>\n
Route53\u3063\u3066\u306a\u306b\uff1f\u3068\u3044\u3046\u65b9\u306f\u3053\u3061\u3089\u3092\u3069\u3046\u305e\u3002<\/p>\n
\n\n
\n OS<\/td>\n Ubuntu 16.04.3 LTS (Bash on Windows)<\/td>\n<\/tr>\n \n Python<\/td>\n python 2.7<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n <\/h4>\n
aws cli \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n
apt\u3067\u3082\u3001github\u304b\u3089\u3067\u3082\u3001pip\u3067\u3082\u306a\u3093\u3067\u3082\u826f\u3044\u3067\u3059\u3002<\/p>\n
[bash]<\/p>\n
sudo apt install awscli
\naws configure<\/p>\n[\/bash]<\/p>\n
\u6ce8\u610f\u70b9\u3068\u3057\u3066\u306f\u3001aws configure \u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u30e6\u30fc\u30b6\u8a2d\u5b9a\u3067\u3001\u5148\u307b\u3069\u4f5c\u6210\u3057\u305fAMI\u30e6\u30fc\u30b6\u3092\u8a2d\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n
\u3053\u306e\u5f8c\u306e\u4f5c\u696d\u3067\u3001–profile \u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u306e\u30e6\u30fc\u30b6\u5207\u66ff\u306f\u60f3\u5b9a\u3057\u3066\u306a\u3044\u3067\u3059\u3002<\/p>\n
<\/p>\n
certbot \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n
github\u304b\u3089\u6700\u65b0\u7248\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n
certbot\u306fSSL\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u306e\u81ea\u52d5\u5316\u306e\u305f\u3081\u306b\u3001crontab \u3092\u5229\u7528\u3057\u307e\u3059\u3002<\/p>\n
\u305d\u306e\u305f\u3081\u3001root \u30e6\u30fc\u30b6\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3001\u4f5c\u696d\u5b9f\u65bd\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n
[bash]<\/p>\n
git clone https:\/\/github.com\/certbot\/certbot
\ncd certbot
\n.\/tools\/venv.sh
\nsource venv\/bin\/activate<\/p>\n[\/bash]<\/p>\n
<\/p>\n
SSL\u8a3c\u660e\u66f8\u306e\u53d6\u5f97<\/h3>\n
\u3088\u3046\u3084\u304f\u74b0\u5883\u304c\u6574\u3044\u307e\u3057\u305f\uff01\u3053\u3053\u307e\u3067\u6765\u305f\u3089\u3082\u3046\u4e00\u606f\u3067\u3059\u3002<\/p>\n
[bash]<\/p>\n
## \u4f5c\u696d\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3002
\nmkdir ~\/cb-work<\/p>\n## \u304a\u307e\u3058\u306a\u3044\u3002
\n## \u79c1\u306e\u74b0\u5883\u3067\u306f\u3053\u308c\u3092\u3084\u3089\u306a\u3044\u3068 openssl \u306e\u30e9\u30a4\u30d6\u30e9\u30ea\u8aad\u307f\u8fbc\u307f\u30a8\u30e9\u30fc\u304c\u51fa\u307e\u3057\u305f\u3002
\nsudo execstack -c ~\/certbot\/venv\/lib\/python2.7\/site-packages\/cryptography\/hazmat\/bindings\/_openssl.so<\/p>\n## SSL\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/p>\n
## 1FQDN test.clara.ne.jp \u3092\u7df4\u7fd2\u3067\u767a\u884c\u3059\u308b\u5834\u5408
\ncertbot –config-dir ~\/cb-work –work-dir ~\/cb-work –logs-dir ~\/cb-work certonly –server https:\/\/acme-v02.api.letsencrypt.org\/directory -a dns-route53 –email \u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9 –agree-tos –no-eff-email -d ‘test.clara.ne.jp’ -d ‘clara.ne.jp’<\/p>\n# \u30ef\u30a4\u30eb\u30c9\u30ab\u30fc\u30c9 *.clara.ne.jp \u3092\u672c\u756a\u3067\u767a\u884c\u3059\u308b\u5834\u5408
\ncertbot –config-dir ~\/cb-work –work-dir ~\/cb-work –logs-dir ~\/cb-work certonly –server https:\/\/acme-v02.api.letsencrypt.org\/directory -a dns-route53 –email \u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9 –agree-tos –no-eff-email -d ‘*.clara.ne.jp’ -d ‘clara.ne.jp’<\/p>\n[\/bash]<\/p>\n
\u3057\u3070\u3089\u304f\u5f85\u3064\u3068\u30fb\u30fb\u30fb<\/p>\n
[bash]<\/p>\n
IMPORTANT NOTES:
\n– Congratulations! Your certificate and chain have been saved at:
\n~\/cb-work\/live\/test.clara.ne.jp\/fullchain.pem
\nYour key file has been saved at:
\n~\/cb-work\/live\/test.clara.ne.jp\/privkey.pem<\/p>\n[\/bash]<\/p>\n
<\/p>\n
<\/p>\n
\u51fa\u6765\u307e\u3057\u305f\uff01<\/p>\n
Prism\u306bSSL\u8a3c\u660e\u66f8\u3092\u9069\u7528\u3059\u308b<\/h3>\n
Let’s Encrypt \u3067SSL\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002\u3042\u3068\u306fPrism\u306b\u3053\u306eSSL\u8a3c\u660e\u66f8\u3092\u8a2d\u5b9a\u3057\u3066\u3042\u3052\u307e\u3057\u3087\u3046\u3002<\/p>\n
\u30a4\u30f3\u30dd\u30fc\u30c8\u306b\u5fc5\u8981\u306a\u9805\u76ee<\/h4>\n
Prism\u3078\u306eSSL\u8a3c\u660e\u66f8\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b\u306b\u306f\u4ee5\u4e0b\u306e4\u3064\u306e\u9805\u76ee\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n
\n\n
\n \u9805\u76ee\u540d<\/td>\n \u610f\u5473<\/td>\n<\/tr>\n \n certificate-path<\/samp><\/td>\n \u30b5\u30fc\u30d0\u306eSSL\u8a3c\u660e\u66f8<\/p>\n Let’s Encrypt \u3067\u53d6\u5f97\u3057\u305f\u00a0cert.pem \u30d5\u30a1\u30a4\u30eb<\/td>\n<\/tr>\n
\n cacertificate-path<\/samp><\/td>\n CA\u4e2d\u9593\u8a3c\u660e\u66f8<\/p>\n Let’s Encrypt \u3067\u53d6\u5f97\u3057\u305f\u00a0chain.pem \u30d5\u30a1\u30a4\u30eb<\/p>\n
\u203bRootCA\u8a3c\u660e\u66f8\u3082\u8ffd\u8a18\u3059\u308b<\/td>\n<\/tr>\n
\n key-path<\/samp><\/td>\n \u30b5\u30fc\u30d0\u306eSSL\u8a3c\u660e\u66f8\u306e\u79d8\u5bc6\u9375<\/p>\n Let’s Encrypt \u3067\u53d6\u5f97\u3057\u305f\u00a0privkey.pem \u30d5\u30a1\u30a4\u30eb<\/td>\n<\/tr>\n
\n key-type<\/samp><\/td>\n \u79d8\u5bc6\u9375\u306e\u6697\u53f7\u30bf\u30a4\u30d7\u3068\u9375\u9577<\/p>\n Let’s Encrypt \u306e\u5834\u5408\u306b\u306f\u3001RSA_2048<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\u30cf\u30de\u308a\u30dd\u30a4\u30f3\u30c8\u306f\u3001Let’s Encrypt \u3067\u305d\u306e\u307e\u307e\u53d6\u5f97\u3057\u305fCA\u4e2d\u9593\u8a3c\u660e\u66f8\u3067\u306f\u3001\u30a4\u30f3\u30dd\u30fc\u30c8\u306b\u5931\u6557\u3057\u307e\u3059\u3002<\/p>\n
Let’s Encrypt \u306eRoot\u8a3c\u660e\u66f8\u3092CA\u4e2d\u9593\u8a3c\u660e\u66f8\u306b\u8ffd\u8a18\u3057\u3066\u3042\u3052\u307e\u3057\u3087\u3046\u3002<\/p>\n
Let’s Encrypt \u306eRoot\u8a3c\u660e\u66f8\u306f\u3053\u3061\u3089\u304b\u3089\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002<\/p>\n