1) openssl 확인 할 것
rpm -qa | grep openssl
openssl-devel-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
openssl-0.9.7a-43.17.el4_6.1
openssl096b-0.9.6b-22.46
2) 개인키 생성
openssl genrsa -des3 -out 파일명.key 1024
(패스워드 대충 치기)
3) 개인키 확인
openssl rsa -noout -text -in 파일.key
4) CSR 파일 생성
openssl req -new -key ssl_2008_pubids.nodes.key -out ssl_2008_pubids.csr
5) 인증서 받기
http://www.verisign.com 에 접속하여 FREE SSL Trial 을 클릭합니다.
원래는 돈주고 사야 하나.. 14 일짜리 trial을 신청하고, 이메일을 통해서 인증서를 받는다.
다른 것은 대충 써도 되나, 이메일만큼은 정확하게 쓸 것!!
After testing your Trial SSL Certificate, you will need to purchase a full-service Secure Site SSL Certificate.
As VeriSign has a full range of products to choose from, a sales representative will contact you to assist in
implementing an appropriate security solution specific to your business requirements. Should you wish to contact
our sales person immediately, please dial (866) 893-6565 option 3 or send an email to internet-sales@verisign.com.
Thank you for your interest in VeriSign!
6) 메일의 인증서를 복사하고 사용
임의의파일명.crt 의 파일명을 만든다.
cat > 파일명.crt
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
7) 아파치 설정 추가
<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache/logs/ssl_mutex
</IfModule>
<VirtualHost *:443>
DocumentRoot /usr/local/tomcat/webapps/ROOT
Servername *.google.com
.....
<IfModule mod_ssl.c>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key
SSLCACertificateFile /usr/local/apache/conf/ssl.intermediate
<Directory "/usr/local/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
</VirtualHost>
8) 아파치 리스타트