comodo ssl 세팅
받은 파일을 apache
디렉토리안에 ssl 디렉토리를 만들어
그 안에서 압축을 푼다.
cd /usr/local/apache
mkdir ssl
mv kbedu.or.kr.zip /usr/local/apache/ssl
unzip kbedu.or.kr.zip
root@localhost ssl2]# ll
total 20
-rw-r--r-- 1 root root 1544 Oct 24 12:58 AddTrust_External_CA_Root.cer
-rw-r--r-- 1 root root 3452 Oct 24 12:58 Comodo_PositiveSSL.ca-bundle
-rw-r--r-- 1 root root 1887 Oct 24 12:58
www.iwav.or.kr.crt-rw-r--r-- 1 root root 1679 Oct 24 12:58
www.iwav.or.kr.key-rw-r--r-- 1 root root 4 Oct 24 12:58 패스워드.txt
ssl.conf 등에서 아래 4곳을 변경하면 된다.
=========================================================================
SSLCertificateFile "/usr/local/apache2/ssl/www.iwav.or.kr.crt"
SSLCertificateKeyFile "/usr/local/apache2/ssl/www.iwav.or.kr.key"
SSLCertificateChainFile /usr/local/apache2/ssl/Comodo_PositiveSSL.ca-bundle
SSLCACertificateFile /usr/local/apache2/ssl/AddTrust_External_CA_Root.cer
=========================================================================
1. apache 컴파일
# #./configure ./configure --prefix=/usr/local/apache2/
--enable-so --enable-rewrite --enable-expires --enable-modules=ssl --enable-ssl
(설치 경로 확인 및 ssl 옵션추가 )
# make
# make install
2. 디렉토리 생성후 인증서 파일 업로드 3개
apache2/certificate/
- www_kbedu_or_kr_cert.pem
- SignGATESSTrust.cer
- KISA_RootCA_3.cer
3. httpd.conf 파일 수정 ( SSL 관련 부분 활성화)
- Include conf/extra/httpd-ssl.conf ( #주석 제거)
- <IfModule mod_ssl.c>
SSL RandomSeed startup bulltin
SSL RandomSeed connect bulltin
</IfModule>
4. /apache2/conf/extra/httpd_ssl.conf 수정
- Listem 443 유무확인후 추가
가상호스팅 확인
- <VirtualHost (인증서 적용 도메인):(SSL적용포트)>
# General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs"
ServerName (인증서 적용 도메인):(SSL적용포트)
ServerAdmin
root@(domain)
ErrorLog /usr/local/apache/logs/ssl_error_log
TransferLog /usr/local/apache/logs/ssl_access_log
5. httpd_ssl.conf 수정 개인키 및 인증키 설정 ( VirtualHost 설정 안에)
- 인증서 설정 : SSLCertificateFile /(인증서 저장 경로)/(domain name)_cert.pem
- 개인키 설정 : SSLCertificateKeyFile /(개인키 저장 경로)/key.pem
- 중개인증서 설정 : SSLCertificateChainFile /(저장경로)/SignGATESSTrust.cer
- 루트인증서 설정 : SSLCACertificateFile /(저장경로)/KISA_ROOTCA_3.cer
6. 웹서버 재기동
- httpd.conf 파일에 오류가 없는지 확인
- /usr/local/apache/bin/apachectl ?t
Syntax OK 확인
- /usr/local/apache/bin/apachectl stop ( 기존 서버실행 중지)
- /usr/local/apache/bin/apachectl start ( apache 1.xx 버전은 apachectl startssl 실행 )
7. ETC
- 웹서버인 Httpd 데몬이 실행 중인지 확인하는 명령어
ps ?ef | grep http
- http(80)과 https(SSL적용 포트번호, default 443) 두 서비스가 실행중인지 확인하는 명령어
netstat ?na | grep 80
netstat ?na | grep 443
===========================================
NameVirtualHost 222.231.49.1:80
<VirtualHost 222.231.49.1:80>
DocumentRoot /aaaa
ServerName
www.aaa.com</VirtualHost>
ssl.conf
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/home/aaa/aaa"
ServerName
www.aaa.com:443 SSLCertificateFile "/usr/local/apache2/ssl/www_aaaa_cert.pem"
SSLCertificateKeyFile "/usr/local/apache2/ssl/www_aaaa_key.pem"
[root@sansung20100107 httpd-2.2.17]# rpm -qa | grep openssl
openssl-0.9.8e-12.el5_4.6
[root@sansung20100107 httpd-2.2.17]# yum -y install openssl-devel
./configure --prefix=/home/apache2 --enable-so --enable-rewrite --enable-expires --enable-ssl
httpd-vhosts.conf 설정시 80 포트를 명확이 명시
NameVirtualHost 222.231.49.33:80
<VirtualHost 222.231.49.33:80>
DocumentRoot /home/kbedu2/www.kbedu.or.kr
ServerName
www.aaa.com</VirtualHost>
httpd-ssl.conf 설정
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/home/ins_news3/public_html"
ServerName
www.ccdailynews.com:443ErrorLog "/home/apache2/logs/error_log"
TransferLog "/home/apache2/logs/access_log"
SSLCertificateFile "/home/apache2/conf/server.crt"
SSLCertificateFile "/home/apache2/ssl/www_ccdailynews_com_cert.pem"
SSLCertificateKeyFile "/home/apache2/conf/server.key"
SSLCertificateKeyFile "/home/apache2/ssl/key.pem"
unzip RootCA_ChainCAs_Basic.zip
Archive: RootCA_ChainCAs_Basic.zip
inflating: ChainCA.cer
inflating: RootCA.cer
#SSLCertificateChainFile "/home/apache2/conf/server-ca.crt"
SSLCertificateChainFile "/home/apache2/ssl/ChainCA.cer"
#SSLCACertificateFile "/home/apache2/conf/ssl.crt/ca-bundle.crt"
SSLCACertificateFile "/home/apache2/ssl/RootCA.cer"
여행
윈도우서버 
