차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

--- tech:ssl_on_ubuntu [2016/07/12 00:56] – 바깥 편집 127.0.0.1
+++ tech:ssl_on_ubuntu [2018/01/31 01:52] (현재) – V_L
@@ 줄 2: / 줄 2: @@
 ======SSL on Ubuntu 8.10 Apache2======
+=====OpenSSL ROOT CA=====
-Setting up SSL with Ubuntu 8.10 is a simple process but it does have a few gotchas that you need to be aware of.  The setup has changed from 8.04.  One issue is that the +CompatEnvVars is no longer used as it created a bug in 8.10 and you will have to enable the default-ssl site to get everything working.
+웹서비스에 https 를 적용할 경우 SSL 인증서를 VeriSign 이나 Thawte, GeoTrust 등에서 인증서를 발급받아야 하지만 비용이 발생하므로 실제 운영 서버가 아니면 발급 받는데 부담이 될 수 있다.
+이럴때 OpenSSL 을 이용하여 인증기관을 만들고 Self signed certificate 를 생성하고 SSL 인증서를 발급하는 법을 정리해 본다.
-First, log on to your server  Install Apache:
+발급된 SSL 인증서는 apache httpd 등의 Web Server 에 설치하여 손쉽게 https 서비스를 제공할 수 있다.
-sudo apt-get install apache2
+ https://www.lesstif.com/pages/viewpage.action?pageId=6979614
-Change to the /etc/apache2/mods-available directory and look at the available modules.  Then change to the /etc/apache2/mods-enabled directory to see what modules are enabled:
+자체 인증서는 교류되는 정보를 암호화할 수는 있으나 구글크롬 등의 브라우져에서 경고화면이 먼저 나오므로 실제 적용하기에는 적합하지 않다.
-cd /etc/apache2/mods-available
-ls
-cd /etc/apache2/mods-enabled
-ls
-Now, install and enable SSL:
-sudo a2enmod ssl
-sudo /etc/init.d/apache2 force-reload
-Change to the default webserver directory, and create a simple web page:
-cd /var/www
-sudo vim index.html
-Add the following content:
-<html>
-<head>
-<title>Welcome to Your_Name’s Web Site</title>
-</head>
-<body>
-<p>This is the best web site in the whole wide world.     </p>
-</body>
-</html>
-Save and exit.  On your own local computer, open a tab or window for your web browser.  For the URL, enter:
-http://IP_address_of_my_server
-You should be able to view your web page.  Now, you’ll want to encrypt your site.    Create the server encryption keys:
-cd /etc/apache2
-sudo openssl genrsa -des3 -out server.key 1024
-Use this set of keys to create a certificate request:
-sudo openssl req -new -key server.key -out server.csr
-When asked to input data, use your imagination to create something appropriate.  Be sure to write down your passphrase.  Use this request to create your self-signed certificate:
-sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
-Install the key and certificate:
-sudo cp server.crt /etc/ssl/certs/
-sudo cp server.key /etc/ssl/private/
-Open the “defaults” file for editing:
-cd /etc/apache2/sites-available
-sudo vim default-ssl
-This file is basically set up but you will want to uncomment  the SSLOptions line and also change the SSLCertificate lines to reflect the location and name of your new information.
-SSLEngine on
-SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-SSLCertificateFile /etc/ssl/certs/server.crt
-SSLCertificateKeyFile /etc/ssl/private/server.key
-The port 443 is enabled when you use SSL so that is ready to go.
-Enable the default SSL site:
-sudo a2ensite default-ssl
-If you do not enable the default-ssl you will get this error:
-“ssl_error_rx_record_too_long apache”
-Restart Apache.
-sudo /etc/init.d/apache2 restart
-That should do it.
-  * 출처: [[http://beginlinux.com/blog/2009/01/ssl-on-ubuntu-810-apache2/|]]
-^  누구나 수정하실 수 있습니다.  문법은 [[wiki:syntax]]참조하세요. |