Apache + SSL

Posted at 2009. 11. 12. 09:01 | Posted in Server/Ubuntu
반응형
http://seoeun25.tistory.com/405



ssl module 사용

# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!

private key 생성

# cd /etc/apache2/conf.d

/etc/apache2/conf.d# openssl genrsa -rand rand.dat -des3 -out ssl.nerv-team.key
218 semi-random bytes loaded
Generating RSA private key, 512 bit long modulus
.....++++++++++++
.......................................++++++++++++
e is 65537 (0x10001)
Enter pass phrase for ssl.nerv-team.key:비밀번호입력
Verifying - Enter pass phrase for ssl.nerv-team.key:비밀번호입력

csr 생성

/etc/apache2/conf.d# openssl req -new -key ssl.nerv-team.key -out ssl.nerv-team.csr
Enter pass phrase for ssl.nerv-team.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:SEOUL
Locality Name (eg, city) []:SEOUL
Organization Name (eg, company) [Internet Widgits Pty Ltd]:nerv-team
Organizational Unit Name (eg, section) []:nerv
Common Name (eg, YOUR name) []:antop
Email Address []:antop@nerv-team.co.kr
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

csr 파일 확인

/etc/apache2/conf.d# openssl req -noout -text -in ssl.nerv-team.csr

crt 생성

/etc/apache2/conf.d# openssl req -new -x509 -days 365 -key ssl.nerv-team.key -out ssl2009.crt
Enter pass phrase for ssl.nerv-team.key:비밀번호입력
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:SEOUL
Locality Name (eg, city) []:SEOUL
Organization Name (eg, company) [Internet Widgits Pty Ltd]:nerv-team
Organizational Unit Name (eg, section) []:nerv
Common Name (eg, YOUR name) []:antop
Email Address []:antop@nerv-team.co.kr

파일 백업 / 이동

/etc/apache2/conf.d# rm rand.dat   # 불필요한 파일 삭제

/etc/apache2/conf.d# mv ssl.nerv-team.* /opt/ssl   # 백업

# cp /opt/ssl/ssl.nerv-team.crt /etc/ssl/certs   # csr 파일 위치
# cp /opt/ssl/ssl.nerv-team.key /etc/ssl/private   # private key 파일 위치

apache2 ssl 설정

# vi /etc/apache2/mods-enabled/ssl.conf

<IfModule mod_ssl.c>
....

# 추가
SSLCertificateFile /etc/ssl/certs/ssl.nerv-team.crt
SSLCertificateKeyFile /etc/ssl/private/ssl.nerv-team.key
</IfModule>

# vi /etc/apache2/sites-enabled/000-default

# 추가
# https
<VirtualHost *:443>
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combinded
        SSLEngine on
        SSLCertificateFile "/etc/ssl/certs/ssl.nerv-team.crt"
        SSLCertificateKeyFile "/etc/ssl/private/ssl.nerv-team.key"
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory "/usr/lib/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>
        # tomcat connecter
        Include /etc/apache2/mods-enabled/jk_mount.conf
</VirtualHost>

apache2 재시작

# /etc/init.d/apache2 restart
 * Restarting web server apache2
Apache/2.2.12 mod_ssl/2.2.12 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server nerv-team.co.kr:443 (RSA)
Enter pass phrase:비밀번호입력
OK: Pass Phrase Dialog successful.
                                                                                             [ OK ]

테스트


반응형

'Server > Ubuntu' 카테고리의 다른 글

Openfire  (0) 2010.05.25
Webmin  (0) 2009.11.18
Squirrelmail  (0) 2009.11.12
SparkWeb  (0) 2009.11.12
Cacti  (0) 2009.11.12
Oracle Express Edition 10g  (0) 2009.11.11
Apache + Tomcat with Tomcat Connector  (0) 2009.11.11
Apache + PHP + MySQL  (0) 2009.11.11
bind9 - domain name service  (0) 2009.11.11
Ubuntu 9.10 Desktop  (0) 2009.11.11
//