Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
* HanIRCÀÇ #coffeenix ¹æ
[ Àåºñ ¹× ȸ¼± ÈÄ¿ø ]
HOME > ³×Æ®¿öÅ©(network) > À¥ ¼­¹ö(web, httpd, apache) > Apache SSL / mod_ssl µµ¿ò¸»
°Ë»ö : »çÀÌÆ® WHOIS À¥¼­¹ö Á¾·ù


  Firefox¿¡¼­¸¸ SSLÀÎÁõ¼­ ¿¡·¯ ³¯ ¶§(unknown_issuer) ÀÛ¼ºÀÏ : 2009/08/12 13:06
 
  • ±Û¾´ÀÌ : ÁÁÀºÁøÈ£ ( http://coffeenix.net/ )
  • Á¶È¸¼ö : 25885
          [ ÀÌÀüÈ­¸é / ¼öÁ¤ ]   ºñ¹Ð¹øÈ£ :     Àμâ¿ë È­¸é
      Á¦  ¸ñ : Firefox¿¡¼­¸¸ SSLÀÎÁõ¼­ ¿¡·¯ ³¯ ¶§(unknown_issuer)
    ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ )
    ÀÛ¼ºÀÏ : 2009.8.11(È­)

    SSL ÀÎÁõ¼­°¡ MS ÀͽºÇ÷η¯¿Í ±¸±Û Å©·Ò¿¡¼­´Â Á¤»óÀûÀ¸·Î µ¿ÀÛÇϴµ¥, ÀÌ»óÇÏ°Ô Firefox 3.0.x°ú 3.5.x¿¡¼­¸¸ ¿¡·¯¸¦ ³»¹ï´Â °æ¿ì°¡ ÀÖ´Ù.
    ¿Ö ÀÌ·± ¹®Á¦°¡ »ý±â´ÂÁö, ±×¸®°í ¾î¶»°Ô ÇØ¾ß ÇØ°áÇÒ ¼ö ÀÖ´ÂÁö¸¦ ¼³¸íÇÑ´Ù.

    1. Firefox¿¡¼­ ¿¡·¯³ª´Â È­¸é »ìÆ캸±â

    ´ÙÀ½Àº Firefox 3.5¿¡¼­ ¿¡·¯°¡ ¹ß»ýÇÒ ¶§ ¸Þ½ÃÁöÀÌ´Ù.

     
    # ÇÑ±Û Firefox 3.5¿¡¼­
    »ó¼¼ ±â¼ú Á¤º¸

    OOO.OOOOOOOOO.OOO µµ¸ÞÀÎÀº À¯È¿ÇÏÁö ¾ÊÀº º¸¾È ÀÎÁõ¼­¸¦ »ç¿ëÇÕ´Ï´Ù.
    ¹ß±ÞÀÚ ÀÎÁõ¼­¸¦ ¾Ë ¼ö ¾ø±â ¶§¹®¿¡ ÀÎÁõ¼­¸¦ ½Å·ÚÇÒ ¼ö ¾ø½À´Ï´Ù.
    (¿À·ù ÄÚµå: sec_error_unknown_issuer)

    # ¿µ¹® Firefox 3.5¿¡¼­
    Technical Details

    OOO.OOOOOOOOO.OOO uses an invalid security certificate.
    The certificate is not trusted because the issuer certificate is unknown.
    (Error code: sec_error_unknown_issuer)
     


    [ FireFox 3.5¿¡¼­ SSL ÀÎÁõ¼­ ¿¡·¯È­¸é. ¡Ø ³×¸ð»óÀÚ¿¡´Â µµ¸ÞÀÎÀÌ Ç¥½Ã°¡ µÇ´Âµ¥, Áö¿üÀ½. ]
    firefox¿¡¼­ SSLÀÎÁõ¼­ ¿¡·¯

    2. ¿Ö ¿¡·¯°¡ ¹ß»ýÇϳª

    ù°, ¹ß±Þ±â°üÀÇ ÀÎÁõ¼­(CA ÀÎÁõ¼­)¸¦ À¥¼­¹ö¿¡¼­ ¼³Á¤ÇÏÁö ¾Ê´Â °æ¿ìÀÌ´Ù. ¾ÆÆÄÄ¡ÀÇ °æ¿ì SSL ¼³Á¤ ºÎºÐ¿¡ SSLCACertificateFile¸¦ ¼³Á¤ÇÑ´Ù.

     
    # Certificate Authority (CA):
    SSLCACertificateFile /usr/local/...°æ·Î.../ÀÎÁõ¼­ÆÄÀÏ
     


    CAÀÎÁõ¼­¸¦ ÁöÁ¤À» Çߴµ¥µµ ¿¡·¯°¡ ³ª´Â °æ¿ìµµ ÀÖ´Ù. ´ÙÀ½ ³»¿ëÀº »óÀ§ ÀÎÁõ±â°üÀÌ VeriSignÀÎ °æ¿ì¾Ö ÇØ´çµÈ´Ù.

    ÀÎÁõ±â°üÅëÇؼ­ ¹ß±Þ¹ÞÀº ÀÎÁõ¼­¸¦ »ìÆ캸ÀÚ. Issuer ÀÇ CN(Common Names)ºÎºÐÀ» º¸¸éÀº ¿¹Àü¿¡ ¹ß±Þ ¹ÞÀº °Í°ú ¿ÃÇØ(Á¤È®È÷´Â 2009.5.17ÀÏ ÀÌÈÄ) ¹ß±Þ¹ÞÀº °ÍÀÌ ¾à°£ÀÇ Â÷ÀÌ°¡ ÀÖ´Ù´Â °ÍÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù. (¾î¶² ÀÎÁõ¼­¸¦ ±¸¸ÅÇß´À³Ä¿¡ µû¶ó¼­ CN= Àº ´Ù¸£°Ô ³ª¿È. ±×·¯³ª ¾Æ·¡ ³»¿ëÀº ±âÁ¸°ú °°Àº Á¾·ùÀÇ ÀÎÁõ¼­¸¦ ±¸¸ÅÇߴµ¥, ´Ù¸£°Ô ³ª¿Â °ÍÀÓ)

    ¿¹Àü : CN=VeriSign Class 3 Secure Server CA
    ÇöÀç : CN=VeriSign Class 3 Secure Server CA - G2

     
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                ... »ý·« ...
            Signature Algorithm: sha1WithRSAEncryption
            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Secure Server CA - G2
     


    verisign
    VeriSignÀº 2009³â 5¿ù 17ÀÏ¿¡ SSl, OFX, ÄÚµå»çÀÌ´×(Code Signing) ÀÎÁõ¼­¸¦ 1024ºñÆ® SHA-1·Î ¾÷±×·¹À̵åÇß´Ù. µû¶ó¼­ ±âÁ¸¿¡ ¼­¹ö¿¡ ¼³Ä¡µÈ CAÀÎÁõ¼­ ÆÄÀÏÀ» ´Ù¸¥ ÆÄÀϸíÀ¸·Î ¹Ù²Ù°í, ¾÷±×·¹À̵åµÈ CAÀÎÁõ¼­¸¦ »õ·Î ¼³Ä¡ÇØ¾ß Firefox¿¡¼­ ¿¡·¯°¡ ¹ß»ýÇÏÁö ¾Ê´Â´Ù. CAÀÎÁõ¼­´Â root ÀÎÁõ¼­¿Í intermediate ÀÎÁõ¼­ ¸ðµÎ ¹Ù²î¾ú´Ù. CAÀÎÁõ¼­¸¦ ¹Ù²ã¾ßÇÏ´ÂÁö ¿©ºÎ´Â ¹ß±Þ ÀÏÀÚ¿¡ µû¶ó Á¤¸®ÇÏ¸é ´ÙÀ½°ú °°´Ù.

    - 2009³â 5¿ù 17ÀÏ ÀÌÀü¿¡ ¹ß±Þ¹ÞÀº ÀÎÁõ¼­¶ó¸é ¸¸·áµÉ ¶§±îÁö ±âÁ¸ÀÇ CAÀÎÁõ¼­¸¦ ±×´ë·Î »ç¿ëÇÏ¸é µÈ´Ù.
    - ±×·¯³ª ±× ÀÌÈÄ ½Å±Ô ¹ß±Þ¹Þ°Å³ª °»½ÅµÈ ÀÎÁõ¼­´Â »õ CAÀÎÁõ¼­¸¦ ¼³Ä¡ÇØ¾ß ÇÑ´Ù.

    ÀÌ¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ±ÛÀº '4. °ü·Ã ÀÚ·á'ÀÇ 'Important Update: VeriSign SSL, OFX and Code Signing Certificates moved to 1024-bit SHA-1 root as of May 17, 2009.'À» Àо±â ¹Ù¶õ´Ù.

    3. ¹®Á¦ÇØ°á

    'VeriSign Intermediate CA Certificates'(URLÀº '4. °ü·Ã ÀÚ·á' Âü°í)ÆäÀÌÁö¿¡ Á¢¼ÓÇÑ´Ù. ±¸¸ÅÇÑ ÀÎÁõ¼­ Á¾·ù¿¡ ¸Â°Ô ¼³Ä¡ÇÑ CA ÀÎÁõ¼­¸¦ Ŭ¸¯ÇÑ´Ù. ¿©±â¼­´Â 'Standard SSL Certificate'¸¦ Ŭ¸¯Çß´Ù.

    [ VeriSignÀÇ 'Intermediate CA Certificates' ÀÎÁõ¼­ ³»·Á¹Þ±â ÆäÀÌÁö ]
    VeriSign Intermediate CA Certificates

    À§¿¡´Â ÇöÀç ÀÎÁõ¼­(After May 17th), ¾Æ·¡´Â °ú°Å ÀÎÁõ¼­(Before May 17th)°¡ ³ª¿À´Âµ¥,

    ÀÎÁõ¼­¸¦ Copy & PasteÇÏ¿© À¥¼­¹ö¿¡ ÀúÀåÇÑ´Ù. ÀÌ ¶§ ÆÄÀϸíÀº ¾ÆÆÄÄ¡ÀÇ SSLCACertificateFile ¿¡¼­ ÁöÁ¤ÇÑ ÆÄÀϸíÀ¸·Î ÀúÀåÇÑ´Ù¸é µÈ´Ù. ÀúÀå ÈÄ À¥¼­¹ö¸¦ Àç½ÇÇàÇÏ¸é ¿Ï·á.

    Firefox¿¡¼­ ¼³Ä¡µÈ CA ÀÎÁõ¼­¸¦ È®ÀÎÇÒ ¼ö ÀÖ´Ù.

    - ÇÑ±Û Firefox : µµ±¸  -> ¼³Á¤    -> °í±Þ     -> ¾Ïȣȭ ÅÇ     -> ÀÎÁõ¼­ º¸±â
    - ¿µ¹® Firefox : Tools -> Options -> Advanced -> Encryption ÅÇ -> View Certificates

    [ Firefox 3.5ÀÇ ÀÎÁõ¼­ °ü¸®ÀÚ(Certificate Manager). ¾ÆÁ÷ »õ·Î¿î CAÀÎÁõ¼­°¡ ¾ø´Ù.  ]
    firefoxÀÇ ÀÎÁõ¼­ °ü¸®ÀÚ, Certificate Manager

    [ »õ CAÀÎÁõ¼­·Î ±³Ã¼ÇÏ°í »çÀÌÆ®¿¡ Á¢¼ÓÇϸé ÇØ´ç ÀÎÁõ±â°üÀÇ CAÀÎÁõ¼­(¿©±â¼­´Â 'VeriSign ... CA - G2')°¡ Ãß°¡µÇ¾î ÀÖ´Ù.   ]
    firefoxÀÇ ÀÎÁõ¼­ °ü¸®ÀÚ, Certificate Manager

    ¹®Á¦ ÇØ°á Àü »óȲÀ¸·Î µ¹¾Æ°¡¼­ »ý°¢Çغ¸ÀÚ.
    Firefox 3.5.x, 3.0.x ¹öÀüÀ» »ç¿ëÇÏ´Â ¿©·¯ ´ëÀÇ PC°¡ ÀÖ´Ù°í °¡Á¤ÇÑ´Ù. ±×·±µ¥, ¾î¶² PC¿¡¼­´Â ¿¡·¯°¡ ³µÀ¸³ª ƯÁ¤ PC¿¡¼­´Â ¹ß»ýÇÏÁö ¾ÊÀ» ¼ö ÀÖ´Ù. ´Ù °°ÀÌ ¿¡·¯°¡ ¹ß»ýÇØ¾ß Çϴµ¥, ¿¡·¯°¡ ¾ø´Â PC°¡ ÀÖ´Â °ÍÀº ¿Ö ±×·²±î? ¿¡·¯°¡ ¹ß»ýÇÏÁö ¾ÊÀº PC´Â ´Ù¸¥ »çÀÌÆ®¿¡ Á¢¼ÓÇؼ­ ÇØ´ç Á¾·ùÀÇ CA ÀÎÁõ¼­¸¦ ÀÌ¹Ì ¹Þ¾Æ¿Ô±â ¶§¹®ÀÌ´Ù('ÀÎÁõ¼­ °ü¸®ÀÚ'¿¡ ÀÌ¹Ì µé¾îÀÖ´Ù´Â °Í). µû¶ó¼­, °ü¸®ÇÏ´Â »çÀÌÆ®¿¡ Á¢¼ÓÀ» Çßµµ ¿¡·¯°¡ ¹ß»ýÇÏÁö ¾ÊÀº °ÍÀÌ´Ù.

    4. °ü·Ã ÀÚ·á

    1) Verisign ÀÎÁõ¼­ °ü·Ã

      - Important Update: VeriSign SSL, OFX and Code Signing Certificates moved to 1024-bit SHA-1 root as of May 17, 2009.
        https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD146&actp=LIST
      - VeriSign Intermediate CA Certificates (CA ÀÎÁõ¼­ ¸ñ·Ï)
        https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657
      - Intermediate CA Certificates (SSL Ç¥ÁØ ÀÎÁõ¼­ÀÇ CA ÀÎÁõ¼­)
        http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
      - VeriSignÀÇ ÀÎÁõ¼­ Á¾·ù
        http://www.verisign.com/repository/ca-ra.html

    2) ±×¿Ü
       - openssl·Î ÀÎÁõ¼­ Á¤º¸ »ìÆ캸±â (2008.12, ±Û ÁÁÀºÁøÈ£)
         http://coffeenix.net/board_view.php?bd_code=1661
       - SSL ¿î¿µ(https)½Ã µµ¸ÞÀαâ¹Ý Virtual host°¡ ¾ÈµÇ´Â ÀÌÀ¯ (2007.9, ±Û ÁÁÀºÁøÈ£)
         http://coffeenix.net/board_view.php?bd_code=1543
       - mod_ssl ¼³Á¤½Ã - (13)Permission denied: couldn't grab the accept mutex ¿¡·¯ ó¸®. (2007.3, ±Û ·ù¹ü·æ)
         http://coffeenix.net/board_view.php?bd_code=1482
      Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
    [10/09] Øâ follower T
    [10/08] ¿ÜÁ¦&#5
    [10/08] Gagner des abonn&#2
    [10/20] Cross Compiler ±ò
    [07/14] SSL ¬¡¬°
    [04/26] Re: µµ½ºÈ­¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
    [04/25] µµ½ºÈ­¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
    [10/30] Cshell¿¡¼­ ³­¼ö ¼³Á¤
    [10/23] °øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
    [01/26] Re: wgetÀ¸·Î ´Ù¸¥¼­¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
    [01/25] wgetÀ¸·Î ´Ù¸¥¼­¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
    [01/11] ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼­ SSL ¹®Á¦ (WebView ¹ö±×)
    [08/01] DNS forwarder (Àü´ÞÀÚ) ¼­¹ö¸¦ ÅëÇؼ­ Äõ¸®ÇÏ¸é ¿ª¹æÇâÀ» ¹Þ¾Æ¿ÀÁú ¸øÇÕ´Ï´Ù.
    [05/16] (ÁÖ)ÈÄÀÌÁî ½Ã½ºÅÛ¿£Áö´Ï¾î (°æ·ÂÀÚ) ¸ðÁý
    [02/15] [AWS] Cloudfront edge È®ÀÎÇϱâ
      New!   ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
      KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
      ¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
      QCad for Windows --- GNU GPL (Free Software)
      The Hello World Collection
      IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼­¹ö°ü¸®
      DNS ¼³Á¤ °Ë»ç
      nagiosgraph ¼³Ä¡ ¹æ¹ý
      Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
      Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
      clusterssh

    [ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]




    ¿î¿µÁø : ÁÁÀºÁøÈ£(truefeel), ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
    2003³â 8¿ù 4ÀÏ~