http://seoeun25.tistory.com/405
ssl module 사용
# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
private key 생성
# cd /etc/apache2/conf.d
/etc/apache2/conf.d# openssl genrsa -rand rand.dat -des3 -out ssl.nerv-team.key
218 semi-random bytes loaded
Generating RSA private key, 512 bit long modulus
.....++++++++++++
.......................................++++++++++++
e is 65537 (0x10001)
Enter pass phrase for ssl.nerv-team.key:비밀번호입력
Verifying - Enter pass phrase for ssl.nerv-team.key:비밀번호입력
csr 생성
/etc/apache2/conf.d# openssl req -new -key ssl.nerv-team.key -out ssl.nerv-team.csr
Enter pass phrase for ssl.nerv-team.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:SEOUL
Locality Name (eg, city) []:SEOUL
Organization Name (eg, company) [Internet Widgits Pty Ltd]:nerv-team
Organizational Unit Name (eg, section) []:nerv
Common Name (eg, YOUR name) []:antop
Email Address []:antop@nerv-team.co.kr
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
csr 파일 확인
/etc/apache2/conf.d# openssl req -noout -text -in ssl.nerv-team.csr
crt 생성
/etc/apache2/conf.d# openssl req -new -x509 -days 365 -key ssl.nerv-team.key -out ssl2009.crt
Enter pass phrase for ssl.nerv-team.key:비밀번호입력
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:SEOUL
Locality Name (eg, city) []:SEOUL
Organization Name (eg, company) [Internet Widgits Pty Ltd]:nerv-team
Organizational Unit Name (eg, section) []:nerv
Common Name (eg, YOUR name) []:antop
Email Address []:antop@nerv-team.co.kr
파일 백업 / 이동
/etc/apache2/conf.d# rm rand.dat # 불필요한 파일 삭제
/etc/apache2/conf.d# mv ssl.nerv-team.* /opt/ssl # 백업
# cp /opt/ssl/ssl.nerv-team.crt /etc/ssl/certs # csr 파일 위치
# cp /opt/ssl/ssl.nerv-team.key /etc/ssl/private # private key 파일 위치
apache2 ssl 설정
# vi /etc/apache2/mods-enabled/ssl.conf
<IfModule mod_ssl.c>
....
# 추가
SSLCertificateFile /etc/ssl/certs/ssl.nerv-team.crt
SSLCertificateKeyFile /etc/ssl/private/ssl.nerv-team.key
</IfModule>
# vi /etc/apache2/sites-enabled/000-default
# 추가
# https
<VirtualHost *:443>
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combinded
SSLEngine on
SSLCertificateFile "/etc/ssl/certs/ssl.nerv-team.crt"
SSLCertificateKeyFile "/etc/ssl/private/ssl.nerv-team.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/lib/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# tomcat connecter
Include /etc/apache2/mods-enabled/jk_mount.conf
</VirtualHost>
apache2 재시작
# /etc/init.d/apache2 restart
* Restarting web server apache2
Apache/2.2.12 mod_ssl/2.2.12 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server nerv-team.co.kr:443 (RSA)
Enter pass phrase:비밀번호입력
OK: Pass Phrase Dialog successful.
[ OK ]
테스트