¼³Ä¡¿¡ ÇÊ¿äÇÑ ÆÄÀÏ ´Ù¿î·Îµå »çÀÌÆ®
¼³Ä¡ Áß ¿¡·¯°¡ ³ª´Â °æ¿ì´Â ÇÊ¿äÇÑ ÇÁ·Î±×·¥ÀÌ ¾ø´Â °æ¿ì ¶Ç´Â ¹öÀüÀÌ ¸ÂÁö ¾Ê¾Æ¼ Àϼöµµ ÀÖÀ¸¸ç, ȯ°æº¯¼ö°¡ ÀâÇô ÀÖÁö ¾Ê°Å³ª, ÆÛ¹Ì¼Ç ¼³Á¤ÀÌ Àß ¸ø µÇ¾ú°Å³ª, ¿ÀŸÀÏ °¡´É¼ºÀ» »ìÆì º¾´Ï´Ù. ¿¡·¯ ¸Þ½ÃÁö¸¦ Àß º¸½Ã°í ´ëóÇϽñ⠹ٶø´Ï´Ù.
telnet console¿¡¼ ÀνºÅçÇÏ°íÀÚ ÇϽô ºÐÀº -console ȤÀº -silent ¿É¼ÇÀ» ÀÌ¿ëÇϼ¼¿ä.
# ./configure --prefix=/www/httpd/php --with-mysql=/usr/local/mysql \ --with-apxs2=/www/httpd/bin/apxs --with-exec-dir=/www/httpd/php/bin \ --enable-track-vars --with-config-file-path=/www/httpd/conf \ --with-libxml-dir=/www/libxml --with-mod-charset --with-language=korean \ --with-charset=euc_kr --enable-versioning --without-gd2 # make # make install # cp php.ini-dist /www/httpd/php/lib/php.ini
ÀÌ ºÎºÐ¿¡¼ Àú´Â ¼Ò½º¸¦ ÄÄÆÄÀÏ ÇÏÁö ¾Ê°í ÀÌ¹Ì ¼Ö¶ó¸®½º¿ëÀ¸·Î ¸¸µé¾îÁø so ÆÄÀÏÀ» ÀÌ¿ëÇß½À´Ï´Ù ¾ÆÆÄÄ¡ 2.0.43¿ëÀ¸·Î ¸¸µé¾î Á³Áö¸¸ À̹ø ¼³Ä¡¿¡ »ç¿ëÇÑ 2.0.47°úµµ ȣȯÀÌ µË´Ï´Ù. ¼Ò½ºÄÄÆÄÀϺ¸´Ù ÈξÀ ½±°Ô ¾ÆÆÄÄ¡-ÅèĹ ¿¬µ¿ ¿Ï·á
JSP :
Servlet :
°³ÀÎÅ° »ý¼º.
# openssl genrsa -rand rand.dat -des3 1024 > key.pem ( triple DES·Î °³ÀÎÅ°¸¦ ¾ÏÈ£ÈÇÏ±æ ¿øÇÒ °æ¿ì) ÁÖÀÇ:passphase¸¦ ±â¾ïÇØ¾ß ÇÕ´Ï´Ù.Apache-SSL¼¹ö ½ÃÀ۽à passphase°¡ ¹Ýµå½Ã ÇÊ¿äÇϱ⠶§¹®ÀÔ´Ï´Ù.
À§¿¡¼ »ý¼ºÇÑ ÀüÀÚ¼¸íÅ°¿Í ´ÙÀ½¿¡ ÀÔ·ÂÇÒ DN(distinguish name) Á¤º¸¸¦ °¡Áö°í ÀÎÁõ¿äûÁ¤º¸(CSR.PEM)À» »ý¼ºÇÕ´Ï´Ù 1. C (country : ±¹°¡) ¿¡ ÇØ´çÇÏ´Â °ªÀ» ÀÔ·ÂÇÕ´Ï´Ù. (¿¹) KR : Korea (mandatory) 2. ST (state : Áö¹æ) ¿¡ ÇØ´çÇÏ´Â °ªÀ» ÀÔ·ÂÇÕ´Ï´Ù (¿¹) New South Wales = NSW 3. L (locality : ) ¿¡ ÇØ´çÇÏ´Â °ª (city, town µî) À» ÀÔ·ÂÇÕ´Ï´Ù. 4. DN ¿¡ ÇØ´çÇÏ´Â O(organization) ÀÇ À̸§À» ±âÀÔÇÕ´Ï´Ù. ÀÌ NAMEÀº µµ¸ÞÀÎ NAMEÀÇ ÀϺηΠ»ç¿ëÇÏ°Ô µË´Ï´Ù.. ¿¹) KICA : Korea Information Certificate Authority (mandatory) 5. DN¿¡ ÇØ´çÇϴ ȸ»çÀ̸§ OU(organization unit)À» ÀÔ·ÂÇÕ´Ï´Ù. (¿¹) KR, Dacom µî 6. Web ServerÀÇ FULL µµ¸ÞÀÎ name ¶Ç´Â IP¸¦ ÀÔ·ÂÇÕ´Ï´Ù.. ÀÌ°ÍÀº ´ç½ÅÀÌ Â÷ÈÄ »ç¿ëÇÏ°Ô µÉ web site ÀÇ https URL·Î »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ÇÕ´Ï´Ù. (¿¹) www. Bookstore.com or 128.134.254.166 7.³²Àº attribute ºÎºÐÀº »ý·«Çصµ µË´Ï´Ù. 8.À§ °úÁ¤À» °ÅÄ¡¸é ´ÙÀ½°ú °°Àº csr.pem Çü½ÄÀÇ web server ÀÎÁõ¿äû Á¤º¸°¡ ³ª¿À°Ô µË´Ï´Ù.
CSR º¸±â
-----BEGIN CERTIFICATE REQUEST----- MIIB3zCCAUgCAQAwgZ4xCzAJBgNVBAYTAktSMQ4wDAYDVQQIEwVTZW91bDEfMB0G A1UEBxMWam9vbmdyaW0tZG9uZyxjaHVuZy1ndTENMAsGA1UEChMES0lDQTEUMBIG A1UECxMLbGljZW5zZWRXZWIxFzAVBgNVBAMTDnd3dy5zaWducmEuY29tMSAwHgYJ KoZIhvcNAQkBFhFraWNhQHNpZ25nYXRlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAwV7RJqGC9M0OGEiCRsszrXNa2uu1tJ+oqtIbmG5lzyLcpYPV0JOb o6vQq27RP2EbEHoUNLL92oWNlKwo/kkUoR9r3TvjhZ221uFoGjBt/LSwn9ui3nY+ Ntef90l24ltNpc7eHPNnvTdWLWWmkO9EImJ90soc0VTqwSORfxGd4KVqzH17U5yQ /m3W -----END CERTIFICATE REQUEST-----
ÀÌ pem Çü½ÄÀÇ ÀÎÁõ¿äûÁ¤º¸(CSR)¸¦ º¹»çÇÏ¿© À¥¼¹ö ÀÎÁõ ¹ß±Þ¿äû¿¡¼ ÀÎÁõ¼ ¿äû Á¤º¸¶õ¿¡cut & pasteÈÄ ³ª¸ÓÁö Á¤º¸¸¦ ÀÔ·ÂÇÑ µÚ ÀÎÁõ¼ ¹ß±Þ ¿äûÀ» ÇÏ¸é µË´Ï´Ù. http://www.crosscert.com ¿¡¼ Å×½ºÆ® ÀÎÁõ¼¸¦ ¹ÞÀ» ¼ö ÀÖ½À´Ï´Ù
ÀÎÁõ¼ ¼³Ä¡
#vi httpd.conf #Point SSLCertificateFile at a PEM encoded certificate. # If the certificate is encrypted, then you will be prompted for a pass phrase. # Note that a kill -1 will prompt again. # A test certificate can be generated with "make certificate". SSLCertificateFile /www/httpd/conf/cert.pem
2. SSL ÀüÀÚ¼¸í »ý¼ºÅ° ¼³Á¤( SSLCertificateKeyFile ) # °³ÀÎÅ° »ý¼º½Ã »ý¼ºÇß´ø ÀüÀú¼¸í»ý¼ºÅ°¸¦ ¼³Á¤ÇÏ´Â °ÍÀ¸·Î Àý´ëÆнº¸¦ ÁöÁ¤ÇØÁÖ¾î¾ß ÇÏ°í ¸¸¾à ¾ÏȣȵǾî ÀÖ´Ù¸é À¥¼¹ö ±âµ¿½Ã ¾ÏÈ£¸¦ ÀÔ·ÂÀ» ¿ä±¸ÇÑ´Ù.
#vi httpd.conf # If the key is not combined with the certificate, use this directive to # point at the key file. If this starts with a '/' it specifies an absolute # path, otherwise it is relative to the default certificate area. That is, it # means "/private/". SSLCertificateKeyFile /www/httpd/conf/key.pem
SSL ¼³Ä¡ ¿Ï·á & À¥¼¹ö ½ÃÀÛ
Apache/2.0.48 mod_ssl/2.0.48 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server localhost:443 (RSA) Enter pass phrase: (password ÀÔ·Â) Ok: Pass Phrase Dialog successful.
ÀÌ ¹®¼¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¾ø½À´Ï´Ù. ¸¶À½²¯ È°¿ëÇϼŵµ µË´Ï´Ù. ÇÏÁö¸¸, ÀÌ ¹®¼¿¡ ´ëÇÑ Ã¥ÀÓÀº ÁöÁö ¾Ê½À´Ï´Ù. ¹®Àdzª ¸ÞÀÏÀº »ç¾çÇÕ´Ï´Ù. Àúó·³ 1ÁÖÀϾ¿ »ðÁúÇϽô ºÐµéÀ» À§ÇØ ¸¸µé¾î º¸¾Ò½À´Ï´Ù. Âü°í·Î ÀÌ ÀÚ·á´Â http://www.parupunte.com/minaken/apache2/httpdtomcat507modjk2.html »çÀÌÆ®ÀÇ ÀڷḦ Åä´ë·Î ÀÛ¼º Çß½À´Ï´Ù.