Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
*
HanIRCÀÇ #coffeenix ¹æ
[
Àåºñ ¹× ȸ¼± ÈÄ¿ø
]
> Forum <
IT ÀÏÁ¤
N
e
w
!
ÀÚµ¿È ÇÁ·ÎÁ§Æ®
HOME
>
³×Æ®¿öÅ©(network)
>
À¥ ¼¹ö(web, httpd, apache)
>
Apache SSL / mod_ssl
µµ¿ò¸»
°Ë»ö :
»çÀÌÆ®
WHOIS
À¥¼¹ö Á¾·ù
Firefox¿¡¼¸¸ SSLÀÎÁõ¼ ¿¡·¯ ³¯ ¶§(unknown_issuer)
ÀÛ¼ºÀÏ : 2009/08/12 13:06
±Û¾´ÀÌ : ÁÁÀºÁøÈ£ (
http://coffeenix.net/
)
Á¶È¸¼ö : 25885
[
ÀÌÀüȸé
/
¼öÁ¤
] ºñ¹Ð¹øÈ£ :
Á¦ ¸ñ : Firefox¿¡¼¸¸ SSLÀÎÁõ¼ ¿¡·¯ ³¯ ¶§(unknown_issuer)
ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel,
http://coffeenix.net/
)
ÀÛ¼ºÀÏ : 2009.8.11(È)
SSL ÀÎÁõ¼°¡ MS ÀͽºÇ÷η¯¿Í ±¸±Û Å©·Ò¿¡¼´Â Á¤»óÀûÀ¸·Î µ¿ÀÛÇϴµ¥, ÀÌ»óÇÏ°Ô Firefox 3.0.x°ú 3.5.x¿¡¼¸¸ ¿¡·¯¸¦ ³»¹ï´Â °æ¿ì°¡ ÀÖ´Ù.
¿Ö ÀÌ·± ¹®Á¦°¡ »ý±â´ÂÁö, ±×¸®°í ¾î¶»°Ô ÇØ¾ß ÇØ°áÇÒ ¼ö ÀÖ´ÂÁö¸¦ ¼³¸íÇÑ´Ù.
1. Firefox¿¡¼ ¿¡·¯³ª´Â È¸é »ìÆ캸±â
´ÙÀ½Àº Firefox 3.5¿¡¼ ¿¡·¯°¡ ¹ß»ýÇÒ ¶§ ¸Þ½ÃÁöÀÌ´Ù.
# ÇÑ±Û Firefox 3.5¿¡¼
»ó¼¼ ±â¼ú Á¤º¸
OOO.OOOOOOOOO.OOO µµ¸ÞÀÎÀº À¯È¿ÇÏÁö ¾ÊÀº º¸¾È ÀÎÁõ¼¸¦ »ç¿ëÇÕ´Ï´Ù.
¹ß±ÞÀÚ ÀÎÁõ¼¸¦ ¾Ë ¼ö ¾ø±â ¶§¹®¿¡ ÀÎÁõ¼¸¦ ½Å·ÚÇÒ ¼ö ¾ø½À´Ï´Ù.
(¿À·ù ÄÚµå: sec_error_unknown_issuer)
# ¿µ¹® Firefox 3.5¿¡¼
Technical Details
OOO.OOOOOOOOO.OOO uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
[ FireFox 3.5¿¡¼ SSL ÀÎÁõ¼ ¿¡·¯È¸é. ¡Ø ³×¸ð»óÀÚ¿¡´Â µµ¸ÞÀÎÀÌ Ç¥½Ã°¡ µÇ´Âµ¥, Áö¿üÀ½. ]
2. ¿Ö ¿¡·¯°¡ ¹ß»ýÇϳª
ù°, ¹ß±Þ±â°üÀÇ ÀÎÁõ¼(CA ÀÎÁõ¼)¸¦ À¥¼¹ö¿¡¼ ¼³Á¤ÇÏÁö ¾Ê´Â °æ¿ìÀÌ´Ù. ¾ÆÆÄÄ¡ÀÇ °æ¿ì SSL ¼³Á¤ ºÎºÐ¿¡ SSLCACertificateFile¸¦ ¼³Á¤ÇÑ´Ù.
# Certificate Authority (CA):
SSLCACertificateFile /usr/local/...°æ·Î.../ÀÎÁõ¼ÆÄÀÏ
CAÀÎÁõ¼¸¦ ÁöÁ¤À» Çߴµ¥µµ ¿¡·¯°¡ ³ª´Â °æ¿ìµµ ÀÖ´Ù. ´ÙÀ½ ³»¿ëÀº »óÀ§ ÀÎÁõ±â°üÀÌ VeriSignÀÎ °æ¿ì¾Ö ÇØ´çµÈ´Ù.
ÀÎÁõ±â°üÅëÇؼ ¹ß±Þ¹ÞÀº ÀÎÁõ¼¸¦ »ìÆ캸ÀÚ. Issuer ÀÇ CN(Common Names)ºÎºÐÀ» º¸¸éÀº ¿¹Àü¿¡ ¹ß±Þ ¹ÞÀº °Í°ú ¿ÃÇØ(Á¤È®È÷´Â 2009.5.17ÀÏ ÀÌÈÄ) ¹ß±Þ¹ÞÀº °ÍÀÌ ¾à°£ÀÇ Â÷ÀÌ°¡ ÀÖ´Ù´Â °ÍÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù. (¾î¶² ÀÎÁõ¼¸¦ ±¸¸ÅÇß´À³Ä¿¡ µû¶ó¼ CN= Àº ´Ù¸£°Ô ³ª¿È. ±×·¯³ª ¾Æ·¡ ³»¿ëÀº ±âÁ¸°ú °°Àº Á¾·ùÀÇ ÀÎÁõ¼¸¦ ±¸¸ÅÇߴµ¥, ´Ù¸£°Ô ³ª¿Â °ÍÀÓ)
¿¹Àü : CN=VeriSign Class 3 Secure Server CA
ÇöÀç : CN=VeriSign Class 3 Secure Server CA - G2
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
... »ý·« ...
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
https://www.verisign.com/rpa
(c)09,
CN=VeriSign Class 3 Secure Server CA - G2
VeriSignÀº 2009³â 5¿ù 17ÀÏ¿¡ SSl, OFX, ÄÚµå»çÀÌ´×(Code Signing) ÀÎÁõ¼¸¦ 1024ºñÆ® SHA-1·Î ¾÷±×·¹À̵åÇß´Ù. µû¶ó¼ ±âÁ¸¿¡ ¼¹ö¿¡ ¼³Ä¡µÈ CAÀÎÁõ¼ ÆÄÀÏÀ» ´Ù¸¥ ÆÄÀϸíÀ¸·Î ¹Ù²Ù°í, ¾÷±×·¹À̵åµÈ CAÀÎÁõ¼¸¦ »õ·Î ¼³Ä¡ÇØ¾ß Firefox¿¡¼ ¿¡·¯°¡ ¹ß»ýÇÏÁö ¾Ê´Â´Ù. CAÀÎÁõ¼´Â root ÀÎÁõ¼¿Í intermediate ÀÎÁõ¼ ¸ðµÎ ¹Ù²î¾ú´Ù. CAÀÎÁõ¼¸¦ ¹Ù²ã¾ßÇÏ´ÂÁö ¿©ºÎ´Â ¹ß±Þ ÀÏÀÚ¿¡ µû¶ó Á¤¸®ÇÏ¸é ´ÙÀ½°ú °°´Ù.
- 2009³â 5¿ù 17ÀÏ ÀÌÀü¿¡ ¹ß±Þ¹ÞÀº ÀÎÁõ¼¶ó¸é ¸¸·áµÉ ¶§±îÁö ±âÁ¸ÀÇ CAÀÎÁõ¼¸¦ ±×´ë·Î »ç¿ëÇÏ¸é µÈ´Ù.
- ±×·¯³ª ±× ÀÌÈÄ ½Å±Ô ¹ß±Þ¹Þ°Å³ª °»½ÅµÈ ÀÎÁõ¼´Â »õ CAÀÎÁõ¼¸¦ ¼³Ä¡ÇØ¾ß ÇÑ´Ù.
ÀÌ¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ±ÛÀº '4. °ü·Ã ÀÚ·á'ÀÇ 'Important Update: VeriSign SSL, OFX and Code Signing Certificates moved to 1024-bit SHA-1 root as of May 17, 2009.'À» Àо±â ¹Ù¶õ´Ù.
3. ¹®Á¦ÇØ°á
'VeriSign Intermediate CA Certificates'(URLÀº '4. °ü·Ã ÀÚ·á' Âü°í)ÆäÀÌÁö¿¡ Á¢¼ÓÇÑ´Ù. ±¸¸ÅÇÑ ÀÎÁõ¼ Á¾·ù¿¡ ¸Â°Ô ¼³Ä¡ÇÑ CA ÀÎÁõ¼¸¦ Ŭ¸¯ÇÑ´Ù. ¿©±â¼´Â 'Standard SSL Certificate'¸¦ Ŭ¸¯Çß´Ù.
[ VeriSignÀÇ 'Intermediate CA Certificates' ÀÎÁõ¼ ³»·Á¹Þ±â ÆäÀÌÁö ]
À§¿¡´Â ÇöÀç ÀÎÁõ¼(After May 17th), ¾Æ·¡´Â °ú°Å ÀÎÁõ¼(Before May 17th)°¡ ³ª¿À´Âµ¥,
ÀÎÁõ¼¸¦ Copy & PasteÇÏ¿© À¥¼¹ö¿¡ ÀúÀåÇÑ´Ù. ÀÌ ¶§ ÆÄÀϸíÀº ¾ÆÆÄÄ¡ÀÇ SSLCACertificateFile ¿¡¼ ÁöÁ¤ÇÑ ÆÄÀϸíÀ¸·Î ÀúÀåÇÑ´Ù¸é µÈ´Ù. ÀúÀå ÈÄ À¥¼¹ö¸¦ Àç½ÇÇàÇÏ¸é ¿Ï·á.
Firefox¿¡¼ ¼³Ä¡µÈ CA ÀÎÁõ¼¸¦ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
- ÇÑ±Û Firefox : µµ±¸ -> ¼³Á¤ -> °í±Þ -> ¾ÏÈ£È ÅÇ -> ÀÎÁõ¼ º¸±â
- ¿µ¹® Firefox : Tools -> Options -> Advanced -> Encryption ÅÇ -> View Certificates
[ Firefox 3.5ÀÇ ÀÎÁõ¼ °ü¸®ÀÚ(Certificate Manager). ¾ÆÁ÷ »õ·Î¿î CAÀÎÁõ¼°¡ ¾ø´Ù. ]
[ »õ CAÀÎÁõ¼·Î ±³Ã¼ÇÏ°í »çÀÌÆ®¿¡ Á¢¼ÓÇϸé ÇØ´ç ÀÎÁõ±â°üÀÇ CAÀÎÁõ¼(¿©±â¼´Â 'VeriSign ... CA - G2')°¡ Ãß°¡µÇ¾î ÀÖ´Ù. ]
¹®Á¦ ÇØ°á Àü »óȲÀ¸·Î µ¹¾Æ°¡¼ »ý°¢Çغ¸ÀÚ.
Firefox 3.5.x, 3.0.x ¹öÀüÀ» »ç¿ëÇÏ´Â ¿©·¯ ´ëÀÇ PC°¡ ÀÖ´Ù°í °¡Á¤ÇÑ´Ù. ±×·±µ¥, ¾î¶² PC¿¡¼´Â ¿¡·¯°¡ ³µÀ¸³ª ƯÁ¤ PC¿¡¼´Â ¹ß»ýÇÏÁö ¾ÊÀ» ¼ö ÀÖ´Ù. ´Ù °°ÀÌ ¿¡·¯°¡ ¹ß»ýÇØ¾ß Çϴµ¥, ¿¡·¯°¡ ¾ø´Â PC°¡ ÀÖ´Â °ÍÀº ¿Ö ±×·²±î? ¿¡·¯°¡ ¹ß»ýÇÏÁö ¾ÊÀº PC´Â ´Ù¸¥ »çÀÌÆ®¿¡ Á¢¼ÓÇؼ ÇØ´ç Á¾·ùÀÇ CA ÀÎÁõ¼¸¦ ÀÌ¹Ì ¹Þ¾Æ¿Ô±â ¶§¹®ÀÌ´Ù('ÀÎÁõ¼ °ü¸®ÀÚ'¿¡ ÀÌ¹Ì µé¾îÀÖ´Ù´Â °Í). µû¶ó¼, °ü¸®ÇÏ´Â »çÀÌÆ®¿¡ Á¢¼ÓÀ» Çßµµ ¿¡·¯°¡ ¹ß»ýÇÏÁö ¾ÊÀº °ÍÀÌ´Ù.
4. °ü·Ã ÀÚ·á
1) Verisign ÀÎÁõ¼ °ü·Ã
- Important Update: VeriSign SSL, OFX and Code Signing Certificates moved to 1024-bit SHA-1 root as of May 17, 2009.
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD146&actp=LIST
- VeriSign Intermediate CA Certificates (CA ÀÎÁõ¼ ¸ñ·Ï)
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657
- Intermediate CA Certificates (SSL Ç¥ÁØ ÀÎÁõ¼ÀÇ CA ÀÎÁõ¼)
http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
- VeriSignÀÇ ÀÎÁõ¼ Á¾·ù
http://www.verisign.com/repository/ca-ra.html
2) ±×¿Ü
- openssl·Î ÀÎÁõ¼ Á¤º¸ »ìÆ캸±â (2008.12, ±Û ÁÁÀºÁøÈ£)
http://coffeenix.net/board_view.php?bd_code=1661
- SSL ¿î¿µ(https)½Ã µµ¸ÞÀαâ¹Ý Virtual host°¡ ¾ÈµÇ´Â ÀÌÀ¯ (2007.9, ±Û ÁÁÀºÁøÈ£)
http://coffeenix.net/board_view.php?bd_code=1543
- mod_ssl ¼³Á¤½Ã - (13)Permission denied: couldn't grab the accept mutex ¿¡·¯ ó¸®. (2007.3, ±Û ·ù¹ü·æ)
http://coffeenix.net/board_view.php?bd_code=1482
Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
[10/09]
Øâ follower T
[10/08]
¿ÜÁ¦
[10/08]
Gagner des abonn
[10/20]
Cross Compiler ±ò
[07/14]
SSL ¬¡¬°
[04/26]
Re: µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[04/25]
µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[10/30]
Cshell¿¡¼ ³¼ö ¼³Á¤
[10/23]
°øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
[01/26]
Re: wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/25]
wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/11]
ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼ SSL ¹®Á¦ (WebView ¹ö±×)
[08/01]
DNS forwarder (Àü´ÞÀÚ) ¼¹ö¸¦ ÅëÇؼ Äõ¸®ÇÏ¸é ¿ª¹æÇâÀ» ¹Þ¾Æ¿ÀÁú ¸øÇÕ´Ï´Ù.
[05/16]
(ÁÖ)ÈÄÀÌÁî ½Ã½ºÅÛ¿£Áö´Ï¾î (°æ·ÂÀÚ) ¸ðÁý
[02/15]
[AWS] Cloudfront edge È®ÀÎÇϱâ
N
e
w
! ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
QCad for Windows --- GNU GPL (Free Software)
The Hello World Collection
IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼¹ö°ü¸®
DNS ¼³Á¤ °Ë»ç
nagiosgraph ¼³Ä¡ ¹æ¹ý
Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
clusterssh
[ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]
¿î¿µÁø :
ÁÁÀºÁøÈ£(truefeel)
, ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
2003³â 8¿ù 4ÀÏ~