본문 바로가기
OS & Server/Linux

[Centos7] Apache SSL 설정

by 주리니e 2022. 7. 19.
728x90

[Centos7] Apache SSL 설정

Apache HTTP Server

 

  • OpenSSL 설치
# openSSL 설치 확인
$ find / -name openssl

# openSSL 설치
$ yum install openssl

 

  • mod_SSL 설치
$ yum -y install mod_ssl

 

  • 개인키 생성 > CSR 생성 > 자체적으로 서명한 crt파일
# httpd 홈 디렉토리로 이동
$ cd /etc/httpd

# ssl 디렉토리 생성
$ mkdir ssl

# ssl 디렉토리로 이동
$ cd ssl

# 개인키 생성 
$ openssl genrsa -aes256 -out playground.key 2048
Generating RSA private key, 2048 bit long modulus
..................................+++
.........+++
e is 65537 (0x10001)
Enter pass phrase for playground.key: (비밀번호)
Verifying - Enter pass phrase for playground.key:(비밀번호)


# CSR 생성
openssl req -new -key playground.key -out playground.csr
Enter pass phrase for playground.key: (비밀번호)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:kr
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:Mapo
Organization Name (eg, company) [Default Company Ltd]:playground
Organizational Unit Name (eg, section) []:dev
Common Name (eg, your name or your server's hostname) []:www.playground.co.kr
Email Address []:playground@playground.co.kr

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: (엔터)
An optional company name []: (엔터)

# 자체서명 CRT 생성
$ openssl x509 -req -days 365 -in playground.csr -signkey playground.key -out playground.crt
Signature ok
subject=/C=kr/ST=Seoul/L=Mapo/O=playground/OU=dev/CN=playground/emailAddress=playground
Getting Private key
Enter pass phrase for playground.key: (비밀번호)

# 인증서 확인
$ ls -al
total 16
drwxr-xr-x. 2 root root   69 Jul 19 14:37 .
drwxr-xr-x. 6 root root 4096 Jul 19 14:37 ..
-rw-r--r--. 1 root root 1265 Jul 19 14:37 playground.crt
-rw-r--r--. 1 root root 1037 Jul 19 14:37 playground.csr
-rw-r--r--. 1 root root 1751 Jul 19 14:37 playground.key

 

  • SSL 인증서 및 Tomcat 연결 설정
$ cd /etc/httpd/conf.d
$ vi ssl.conf

# 해당 값을 다음과 같이 설정
SSLCertificateFile /etc/httpd/ssl/playground.crt
SSLCertificateKeyFile /etc/httpd/ssl/playground.key
SSLCACertificateFile /etc/httpd/ssl/playground.crt

# 맨 하단 </VirtualHost>전에 JkMountFile conf.d/uriworkermap.properties 추가
JkMountFile conf.d/uriworkermap.properties
</VirtualHost>

 

  • 서비스 재시작
$ service httpd restart
Redirecting to /bin/systemctl restart httpd.service
Enter TLS private key passphrase for 127.0.0.1:443 (RSA) : ********

 

  • 접속이 안되면.. 방화벽 확인
# 방화벽 정책 확인
$ cat /etc/firewalld/zones/public.xml 

# 443 포트 추가
$ firewall-cmd --permanent --zone=public --add-port=443/tcp

# 서비스 재시작
$ firewall-cmd --reload

 

자체 서명한 인증서라 오류가 발생한다. 해당 오류를 없애가 실제 운영서버에 적용 시에는 공인된 기관에서 신뢰받은 인증서를 발급받아 적용하도록 하자.

 

Apache 재시작 시 비밀번호 검증 제거 : 2022.07.19 - [OS & Server/Linux] - [Centos7] Apache SSL 인증서 비밀번호 검증 없애기

 

[Centos7] Apache SSL 인증서 비밀번호 검증 없애기

[Centos7] Apache SSL 인증서 비밀번호 검증 없애기 2022.07.19 - [OS & Server/Linux] - [Centos7] Apache SSL 설정  CSR 생성 > 자체적.." data-og-host="jiurinie.tistory.com" data-og-source-url="..

jiurinie.tistory.com

 

HTTP 접근 시 HTTPS 로 리다이렉트 : 2022.07.19 - [OS & Server/Linux] - [Centos7] Apache HTTP -> HTTPS로 리다이렉트

 

[Centos7] Apache HTTP -> HTTPS로 리다이렉트

[Centos7] Apache HTTP -> HTTPS로 리다이렉트 2022.07.19 - [OS & Server/Linux] - [Centos7] Apache SSL 설정  CSR 생성 > 자체적.." data-og-host="jiurinie.tistory.com" data-og-source-url="https..

jiurinie.tistory.com

 

728x90

댓글