{"id":584,"date":"2017-01-16T10:21:25","date_gmt":"2017-01-16T01:21:25","guid":{"rendered":"https:\/\/column.prime-strategy.co.jp\/?p=584"},"modified":"2017-01-16T10:21:25","modified_gmt":"2017-01-16T01:21:25","slug":"ssl%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%81%ae%e9%80%8f%e6%98%8e%e6%80%a7%e3%81%a3%e3%81%a6%e3%81%aa%e3%82%93%e3%81%a7%e3%81%99%e3%81%8b%ef%bc%9f","status":"publish","type":"post","link":"https:\/\/kusanagi.tokyo\/column\/archives\/column_584","title":{"rendered":"SSL\u8a3c\u660e\u66f8\u306e\u900f\u660e\u6027\u3063\u3066\u306a\u3093\u3067\u3059\u304b\uff1f"},"content":{"rendered":"<h2><span class=\"ez-toc-section\" id=\"%E3%81%AF%E3%81%98%E3%82%81%E3%81%AB\"><\/span>\u306f\u3058\u3081\u306b<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>KUSANAGI-8.0.1 \u3067\u306fSSL\u8a3c\u660e\u66f8\u306e\u900f\u660e\u6027( CT(Certificate Transparency) \u3068\u547c\u3073\u307e\u3059) \u306b\u5bfe\u5fdc\u3057\u3066\u3044\u307e\u3059\u3002<br \/>\n\u4eca\u56de\u3001\u3053\u308c\u306b\u3064\u3044\u3066\u5c11\u3057\u89e3\u8aac\u3057\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n<h2><span class=\"ez-toc-section\" id=\"CT%E3%81%AE%E8%83%8C%E6%99%AF\"><\/span>CT\u306e\u80cc\u666f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u30d1\u30d6\u30ea\u30c3\u30af\u306aSSL\u8a3c\u660e\u66f8\u306f\u3001\u8a8d\u8a3c\u5c40(CA:Certification Authority)\u306b\u3088\u3063\u3066\u767a\u884c\u3055\u308c\u3001\u305d\u306e\u5185\u5bb9\u304c\u4fdd\u8a3c\u3055\u308c\u307e\u3059\u3002<br \/>\n\u3057\u304b\u3057\u3001\u8fd1\u5e74\u8a8d\u8a3c\u5c40\u304c\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u53d7\u3051\u3066\u507d\u306eSSL\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u305f\u308a\u3001\u8aa4\u3063\u3066\u4e0d\u6b63\u306a\u8a3c\u660e\u66f8\u3092SSL\u767a\u884c\u3057\u305f\u308a\u3068\u3044\u3046\u4e8b\u4ef6\u304c\u3042\u308a\u307e\u3057\u305f\u3002<br \/>\n\u305d\u3053\u3067Google\u793e\u304c\u8003\u6848\u3057\u305f\u306e\u304c\u3001\u4e0d\u6b63\u306aSSL\u8a3c\u660e\u66f8\u3092\u65e9\u671f\u306b\u767a\u898b\u30fb\u691c\u77e5\u3059\u308b\u305f\u3081\u306e\u4ed5\u7d44\u307f\u3067\u3042\u308bCT\u3092(Certificate Transparency)\u3067\u3059\u3002\u3053\u308c\u306f\u3001\u73fe\u5728RFC6922\u3068\u3057\u3066\u898f\u683c\u5316\u3055\u308c\u3001Google Chrome \u306a\u3069\u304c\u5bfe\u5fdc\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2><span class=\"ez-toc-section\" id=\"CT%E3%81%AE%E4%BB%95%E7%B5%84%E3%81%BF\"><\/span>CT\u306e\u4ed5\u7d44\u307f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CT\u306f\u3001SSL\u8a3c\u660e\u66f8\u3092\u30ed\u30b0\u30b5\u30fc\u30d0\u306b\u767b\u9332\u3057\u3066\u53d6\u5f97\u3059\u308bSCT(Signed Certificate Timestamp) \u3068SSL\u8a3c\u660e\u66f8\u3092Web\u30b5\u30fc\u30d0\u3067\u63d0\u4f9b\u3057\u307e\u3059\u3002<br \/>\nWeb\u30d6\u30e9\u30a6\u30b6\u306fWeb\u30b5\u30fc\u30d0\u304b\u3089\u53d6\u5f97\u3057\u305fSCT\u304c\u3001\u30ed\u30b0\u30b5\u30fc\u30d0\u306b\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u3067\u3001SSL\u8a3c\u660e\u66f8\u304c\u6b63\u5f53\u306a\u3082\u306e\u3067\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<p>CT\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306b\u306f\u3001\u5e7e\u3064\u304b\u306e\u65b9\u6cd5\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\n\u4e00\u3064\u306f\u8a8d\u8a3c\u5c40\u304cSCT\u4ed8\u304dSSL\u8a3c\u660e\u66f8\u3092\u63d0\u4f9b\u3059\u308b\u3082\u306e\u3067\u3059\u3002<br \/>\n\u8a8d\u8a3c\u5c40\u306fSSL\u8a3c\u660e\u66f8\u3092\u30ed\u30b0\u30b5\u30fc\u30d0\u306b\u767b\u9332\u3057\u3001\u30ed\u30b0\u30b5\u30fc\u30d0\u304b\u3089SCT(Signed Certificate Timestamp)\u3092\u53d6\u5f97\u3057\u3001SCT\u4ed8\u304d\u306eSSL\u8a3c\u660e\u66f8\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002Web\u30b5\u30fc\u30d0\u3067\u306f\u3001\u3053\u306eSCT\u4ed8\u304d\u306eSSL\u8a3c\u660e\u66f8\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<br \/>\n\u3082\u3046\u4e00\u3064\u306f\u3001\u8a8d\u8a3c\u5c40\u304cSSL\u8a3c\u660e\u66f8\u3068SCT\u3092\u63d0\u4f9b\u3057\u3001Web\u30b5\u30fc\u30d0\u3067\u306f\u3053\u306e2\u3064\u3092\u4f7f\u7528\u3057\u3066SCT\u4ed8\u304d\u306eSSL\u8a3c\u660e\u66f8\u3068\u3059\u308b\u3082\u306e\u3067\u3059\u3002<\/p>\n<h2><span class=\"ez-toc-section\" id=\"KUSANAGI%E3%81%A7%E3%81%AECT%E5%AE%9F%E7%8F%BE\"><\/span>KUSANAGI\u3067\u306eCT\u5b9f\u73fe<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>KUSANAGI\u3067\u306f\u3001NGINX \u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u9650\u308a CT \u306b\u5bfe\u5fdc\u3057\u3066\u3044\u307e\u3059\u3002<br \/>\nKUSANAGI\u3067CT\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u30013\u3064\u306e\u65b9\u6cd5\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>Let's Encrypt\u3092\u4f7f\u7528<br \/>\nLet's Encrypt \u3067SSL\u8a3c\u660e\u66f8\u3067CT\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u30ed\u30b0\u30b5\u30fc\u30d0\u3078SSL\u8a3c\u660e\u66f8\u3092\u767b\u9332\u3057\u3001NGINX\u306e\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<code>kusanagi ssl --ct on <\/code>\u3053\u306e\u30b3\u30de\u30f3\u30c9\u3067\u306f\u3001\u53d6\u5f97\u3057\u305fSSL\u8a3c\u660e\u66f8\u3092\u30ed\u30b0\u30b5\u30fc\u30d0\u306b\u81ea\u52d5\u767b\u9332\u3057SCT\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<br \/>\n\u3053\u306e\u53d6\u5f97\u3057\u305fSCT\u3068SSL\u8a3c\u660e\u66f8\u3092NGINX\u306e Certificate Transparency module\u3067SCT\u4ed8\u304d\u306eSSL\u8a3c\u660e\u66f8\u3068\u3057\u3066\u63d0\u4f9b\u3057\u307e\u3059\u3002<br \/>\n\u307e\u305f\u3001Let's Encrypt\u306e\u81ea\u52d5\u66f4\u65b0\u6642\u306b\u306f\u3001SCT\u3082\u81ea\u52d5\u66f4\u65b0\u3057\u307e\u3059\u3002<\/li>\n<li>SCT\u4ed8\u304dSSL\u8a3c\u660e\u66f8\u3092\u4f7f\u7528<br \/>\n\u3059\u3067\u306b\u30ed\u30b0\u30b5\u30fc\u30d0\u306b\u767b\u9332\u6e08\u307f\u306eSSL\u8a3c\u660e\u66f8\u3092\u8a8d\u8a3c\u5c40\u304b\u3089\u63d0\u4f9b\u3055\u308c\u3066\u3044\u308b\u3068\u304d\u3001\u901a\u5e38\u901a\u308aSSL\u8a3c\u660e\u66f8\u3092\u8a2d\u5b9a\u3057\u3066\u4e0b\u3055\u3044\u3002<\/li>\n<li>SCT\u3068SSL\u8a3c\u660e\u66f8\u3092\u4f7f\u7528<br \/>\n\u8a8d\u8a3c\u5c40\u304b\u3089SCT\u3068SSL\u8a3c\u660e\u66f8\u304c\u63d0\u4f9b\u3055\u308c\u308b\u3068\u304d\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u30ed\u30b0\u30b5\u30fc\u30d0\u3078\u767b\u9332\u3092\u884c\u308f\u305a\u306b\u3001NGINX\u306e\u8a2d\u5b9a\u306e\u307f\u3092\u884c\u3044\u307e\u3059\u3002<code>kusanagi ssl --ct --on --no-register<\/code>\u307e\u305f\u3001SSL\u8a3c\u660e\u66f8\u3092\u914d\u7f6e\u3057\u305f\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4ee5\u4e0b\u306bscts \u3068\u3044\u3046\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u3001\u305d\u3053\u306bSCT\u30d5\u30a1\u30a4\u30eb\u3092\u914d\u7f6e\u3057\u3066\u4e0b\u3055\u3044\u3002<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"CT%E3%81%AE%E7%A2%BA%E8%AA%8D%E6%96%B9%E6%B3%95\"><\/span>CT\u306e\u78ba\u8a8d\u65b9\u6cd5<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CT\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3059\u308b\u5834\u5408\u3001\u4ee5\u4e0b\u306e\u30b5\u30a4\u30c8\u3067FQDN\u3092\u691c\u7d22\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>https:\/\/www.google.com\/transparencyreport\/https\/ct\/?hl=ja<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%E6%9C%80%E5%BE%8C%E3%81%AB\"><\/span>\u6700\u5f8c\u306b<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u5e38\u6642SSL\u5316\u3068\u3044\u3046\u30ad\u30fc\u30ef\u30fc\u30c9\u304c\u6700\u8fd1\u898b\u53d7\u3051\u3089\u308c\u3001\u307e\u305fLet's Encrypt\u306b\u4ee3\u8868\u3055\u308c\u308b\u7121\u511f\u306eSSL\u8a3c\u660e\u66f8\u3084\u3001\u683c\u5b89\u306eSSL\u8a3c\u660e\u66f8\u3092\u4f7f\u3046\u5834\u9762\u304c\u591a\u304f\u306a\u3063\u3066\u304d\u307e\u3057\u305f\u3002<br \/>\n\u305d\u306e\u4e2d\u3067\u3001SSL\u8a3c\u660e\u66f8\u304c\u6b63\u5f53\u306a\u3082\u306e\u3067\u3042\u308b\u3053\u3068\u3092\u4fdd\u8a3c\u3059\u308b\u3001CT\u306e\u3088\u3046\u306a\u6280\u8853\u306e\u91cd\u8981\u6027\u306f\u5897\u3057\u3066\u3044\u307e\u3059\u3002<br \/>\nKUSANAGI\u306eCT\u306e\u4ed5\u7d44\u307f\u306f\u305d\u308c\u3092\u652f\u63f4\u3059\u308b\u3082\u306e\u3067\u3059\u306e\u3067\u3001\u6709\u52b9\u306b\u304a\u4f7f\u3044\u4e0b\u3055\u3044\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u306f\u3058\u3081\u306b KUSANAGI-8.0.1 \u3067\u306fSSL\u8a3c\u660e\u66f8\u306e\u900f\u660e\u6027( CT(Certificate Transparency) \u3068\u547c\u3073\u307e\u3059)  ... <a title=\"SSL\u8a3c\u660e\u66f8\u306e\u900f\u660e\u6027\u3063\u3066\u306a\u3093\u3067\u3059\u304b\uff1f\" class=\"read-more\" href=\"https:\/\/kusanagi.tokyo\/column\/archives\/column_584\" aria-label=\"SSL\u8a3c\u660e\u66f8\u306e\u900f\u660e\u6027\u3063\u3066\u306a\u3093\u3067\u3059\u304b\uff1f \u306b\u3064\u3044\u3066\u3055\u3089\u306b\u8aad\u3080\">Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":592,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[10],"tags":[],"series":[],"journey":[],"product":[],"class_list":["post-584","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kusanagi","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-33","no-featured-image-padding"],"_links":{"self":[{"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/posts\/584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/comments?post=584"}],"version-history":[{"count":0,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/posts\/584\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/media\/592"}],"wp:attachment":[{"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/media?parent=584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/categories?post=584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/tags?post=584"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/series?post=584"},{"taxonomy":"journey","embeddable":true,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/journey?post=584"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/kusanagi.tokyo\/column\/wp-json\/wp\/v2\/product?post=584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}