unix SSL 설치 (Apache)

2012.04.19 10:11

엘카 조회 수:12860

참고 문서  

준비물

  1. 개인 키 생성

    # cd /home/elkha/ssl
    # openssl genrsa -des3 -out server.key 2048
    	- 비밀번호 입력
    # openssl req -new -key server.key -out server.csr
    # openssl rsa -in server.key -out server.key.insecure
    	- 비밀번호 입력
    # mv server.key server.key.secure
    # mv server.key.insecure server.key
    
  2. server.csr 파일을 ssl 기관에 제출

    csr.jpg

  3. ssl 기관에서 발급받은 키 (server.crt)

    -----BEGIN CERTIFICATE-----
    jo1pRooPTACnbDR4JP4d+aqlJdhug4SEN3jTyhKYaTNj/T0IHPLNd9P4BTtDWCWV
    ...
    cnBvc2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0
    -----END CERTIFICATE-----
  4. Apache

    # vi /usr/local/apache/conf/httpd.conf Listen 443 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so <ifmodule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLOptions +StrictRequire SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 </ifmodule> <virtualhost *:443> ServerAdmin m@elkha.kr DocumentRoot /home/elkha/public_html ServerName elkha.kr ServerAlias *.elkha.kr php_admin_value doc_root /home/elkha php_admin_value upload_max_filesize 100M php_admin_value user_dir /home/elkha/public_html # php_admin_value open_basedir / AddType application/x-httpd-php .html .php ### SSL ### SSLEngine on SSLCertificateFile "/home/elkha/ssl/server.crt" SSLCertificateKeyFile "/home/elkha/ssl/server.key" </virtualhost>

    문서