1. ssl이 설치되어있는지 확인한다.
[root@localhost ~]# rpm -qa openssl
openssl-1.0.1e-34.el7.x86_64
2. 서버 개인키가 생성된다.
[root@localhost ~]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.......................+++
..................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
3. 서버 인증요청서 server.csr 파일 생성
[root@localhost ~]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:Gwanak
Organization Name (eg, company) [Default Company Ltd]:tlstjscjswo
Organizational Unit Name (eg, section) []:tlstjscjswo
Common Name (eg, your name or your server's hostname) []:tlstjscjswo.co.kr
Email Address []:sshin@tlstjscjswo.co.kr
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: enter
An optional company name []: enter
[root@localhost ~]#
4. 2번에서 생성한 개인키에 설정한 패스워드 삭제(아파치에서 계속 비밀번호를 묻는다) _ 귀찮으니까 삭제함
[root@localhost ~]# cp server.key server.key.org
[root@localhost ~]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
[root@localhost ~]# ll server*
-rw-r--r--. 1 root root 1078 11월 24 14:53 server.csr
-rw-r--r--. 1 root root 1675 11월 24 14:43 server.key
-rw-r--r--. 1 root root 1743 11월 24 14:40 server.key.org
5. 인증서 생성하기
[root@localhost ~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=KR/ST=Seoul/L=Gwanak/O=tlstjscjswo/OU=tlstjscjswo/CN=tlstjscjswo.co.kr/emailAddress=sshin@tlstjscjswo.co.kr
Getting Private key
6. 개인키와 인증서 설치하기
[root@localhost ~]# cp server.key /etc/httpd/conf/
[root@localhost ~]# cp server.crt /etc/httpd/conf/
[root@localhost ~]# ll /etc/httpd/conf
total 60
-rw-r--r--. 1 root root 34417 Sep 20 07:41 httpd.conf
-rw-r--r--. 1 root root 1298 Sep 20 08:45 server.crt
-rw-r--r--. 1 root root 1679 Sep 20 08:45 server.key
7. httpd.conf 파일 수정하기
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
DocumentRoot /var/www/html --> 내 설정의 경우임. 개인이 정한 documentRoot로 설정
</VirtualHost>
아파치 재시작하기
[root@localhost ~]# service httpd restart
-------------------------------------------------------------------------------
※ Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration 오류날 경우 해결방법
[root@localhost ~]# yum install mod_ssl -y
-------------------------------------------------------------------------------
확인하기
https://도메인 또는 https://아이피주소
댓글