apache ssl setup
- 인증서 만들기 -
root@turbine01:~/installPack/sslwork# cat mulder.run # ref http://artyst.egloos.com/2653406 # for apache ssl openssl genrsa -des3 -out ssl2010.key 1024 openssl req -new -key ssl2010.key -out ssl2010.csr openssl x509 -in ssl2010.csr -out ssl2010.crt -req -signkey ssl2010.key -days 3560 root@turbine01:~/installPack/sslwork#
root@turbine01:~# cd installPack/sslwork root@turbine01:~/installPack/sslwork# ls mulder.run ssl2010.crt ssl2010.csr ssl2010.key root@turbine01:~/installPack/sslwork# sh mulder.run Generating RSA private key, 1024 bit long modulus ........++++++ ......................++++++ e is 65537 (0x10001) Enter pass phrase for ssl2010.key: Verifying - Enter pass phrase for ssl2010.key: Enter pass phrase for ssl2010.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:KR State or Province Name (full name) [Some-State]:seoul Locality Name (eg, city) []:seoul Organization Name (eg, company) [Internet Widgits Pty Ltd]:seoul Organizational Unit Name (eg, section) []:seoul Common Name (eg, YOUR name) []:***.vps.phps.kr Email Address []:mulderu@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:*** An optional company name []:*** Signature ok subject=/C=KR/ST=seoul/L=seoul/O=seoul/OU=seoul/CN=***.vps.phps.kr/emailAddress=***@gmail.com Getting Private key Enter pass phrase for ssl2010.key: root@turbine01:~/installPack/sslwork#
-------------- 키작업 완료
edit & ucomment /usr/local/apache2/conf/httpd.conf
# Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf
-------------- apache httpd-ssl.conf 수정하기
more /usr/local/apache2/conf/extra/httpd-ssl.conf
~~~~~
<VirtualHost _default_:443> # General setup for the virtual host DocumentRoot "/usr/local/apache2/htdocs" ServerName ???.vps.phps.kr:443 ServerAdmin you@example.com ErrorLog "/usr/local/apache2/logs/error_log" TransferLog "/usr/local/apache2/logs/access_log" # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) # require an ECC certificate which can also be configured in # parallel. #SSLCertificateFile "/usr/local/apache2/conf/server.crt" SSLCertificateFile "/root/installPack/sslwork/ssl2010.crt" #SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt" #SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt"
~~~~~~~~~~~
vi end...
------------ 이제 apache 를 실행해 보자.
root@turbine01:~/installPack/sslwork# cd /usr/local/apache2 root@turbine01:/usr/local/apache2# bin/apachectl -k start Apache/2.4.3 mod_ssl (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server turbine01.vps.phps.kr:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. root@turbine01:/usr/local/apache2# root@turbine01:/usr/local/apache2#
설명이 너무 건조해서... 죄송하군요. 문의는 댓글로 남겨 주세요.
Apache SSL 을 자동으로 시작시킬려면 PassPhrase Dialog 입력을 자동으로 하도록 수정 해야 합니다.
httpd-ssl.conf 의 내용중 SSLPassPhraseDialog 의 내용을 builtin 에서 원하는 입력 script로 수정 합니다.
# /usr/local/apache2/conf/extra# vi httpd-ssl.conf
#SSLPassPhraseDialog builtin
SSLPassPhraseDialog exec:/usr/local/apache2/sslpwd.sh