ÇØÄ¿Áî´º½º / ÇØÄ¿´ëÇÐ

Donation bitcoin(±âºÎ¿ë ºñÆ®ÄÚÀÎ ÁÖ¼Ò)

¡¡
1Pq3K39XM5xx4CifGKgppXeavtWNNHH7K4
¡¡
±âºÎÇϽŠºñÆ®ÄÚÀÎÀº "º¸¾È Ãë¾à °èÃþ"À» À§ÇØ »ç¿ëµÇ°í ÀÖ½À´Ï´Ù.
¡¡
¡¡

Donation bitcoin(±âºÎ¿ë ºñÆ®ÄÚÀÎ ÁÖ¼Ò)

¡¡
1Pq3K39XM5xx4CifGKgppXeavtWNNHH7K4
¡¡
±âºÎÇϽŠºñÆ®ÄÚÀÎÀº "º¸¾È Ãë¾à °èÃþ"À» À§ÇØ »ç¿ëµÇ°í ÀÖ½À´Ï´Ù.
¡¡

°øÁö

¡¡

1. MS ¿§Áö ºê¶ó¿ìÀú¿¡¼­ÀÇ °æ°íâÀº 'À©µµ¿ì µðÆæ´õ'¸¦ ²ô½Ã¸é µË´Ï´Ù.

             'À©µµ¿ì µðÆæ´õ ²ô±â'

2. Å©·Ò ºê¶ó¿ìÀú·Î Á¢¼Ó½Ã ³ª¿À´Â ¾Ç¼ºÄÚµå °æ°íâÀº ±¸±Û Å©·ÒÀÇ ¿¡·¯, Áï ¿ÀŽ(ŽÁö ¿À·ù)À̹ǷΠ¹«½ÃÇÏ½Ã¸é µË´Ï´Ù.

3. ÀÌ »çÀÌÆ®´Â ¾ÈÀüÇÏ¸ç ±ú²ýÇÏ´Ù´Â °ÍÀ» ¾Ë·Á µå¸³´Ï´Ù.

4. ¹«°íÇÑ »çÀÌÆ®µé¿¡ ´ëÇÑ °ø·æ ±â¾÷ ºê¶ó¿ìÀúµéÀÇ ¹«Â÷º°ÀûÀÎ 'ŽÁö ¿À·ù ȾÆ÷'°¡ »ç¿ëÀÚµéÀÇ Á¤º¸ °øÀ¯ÀÇ ÀÚÀ¯¸¦ ħÇØÇÏ°í ÀÖ½À´Ï´Ù. ÀÌ¿¡ ´ëÀÀÇÏ¿© ÀÌ ±â¾÷µéÀ» »ó´ë·Î ¼Ò¼ÛÀ» ÁغñÇÏ°í ÀÖ½À´Ï´Ù.

¡¡




¼³Ä¡
ÆÁ
ÀÚ·á½Ç

APACHE ÆÁ
À̸§: ÇØÄ¿Áî´º½º
apache + mod_ssl ÀÌ¿ëÇÏ±â  
================================================
apache + mod_ssl ÀÌ¿ëÇϱâ
================================================
ÀÛ¼ºÀÚ : ¹®ÅÂÁØ (http://tunelinux.pe.kr)
ÀÛ¼ºÀÏ : 2002. 12. 21
================================================

º» ÀÚ·á´Â º¸¾ÈÀ» À§ÇØ apache ¿Í mod_sslÀ» ÀÌ¿ëÇÏ´Â ¹æ¹ý¿¡ ´ëÇØ °£·«È÷ ¼³¸íÇÑ´Ù.

¤· Âü°íÀÚ·á ¹× »çÀÌÆ®:
http://www.openssl.org/
http://www.modssl.org/
mod_ssl ¼Ò½º µð·ºÅ丮ÀÇ INSTALL ¹®¼­

Certificate ServerÀÇ ¼³Ä¡ ¿Í ClientÀÎÁõ
http://kldp.org/KoreanDoc/html/OpenSSL-KLDP/OpenSSL-KLDP.html

SSL Certificates HOWTO
http://kldp.org/HOWTO/html/SSL-Certificates-HOWTO/

¸®´ª½º º¸¾È°ú ÃÖÀûÈ­ ¿Ïº® ¼Ö·ç¼Ç(ÇѺû¹Ìµð¾î ¿ª)

¤· openssl ¼³Á¤Çϱâ
redhat °è¿­¿¡¼­ opensslÀ» rpmÀ¸·Î ¼³Ä¡ÇÑ °æ¿ì °ü·ÃÆÄÀϵéÀÌ /usr/share/ssl¿¡ ¼³Ä¡µÈ´Ù.
/usr/share/ssl/openssl.conf ¸¦ ¸ÕÀú ¼³Á¤ÇÑ´Ù.
(** Âü°í·Î freebsd¿¡ ±âº» µé¾îÀÖ´Â ¼³Á¤ ¿¹Á¦ ÆÄÀϵµ ¾Æ·¡¿Í µð·ºÅ丮´Â ºñ½ÁÇÏ´Ù. freebsd¿¡¼­´Â apache ÆÐÅ°Áö¿Í´Â º°µµ·Î Æ÷Æ®¿¡ apache 1.3 + mod_ssl ÆÐÅ°Áö°¡ º°µµ·Î Á¸ÀçÇϹǷΠÀ̸¦ ÀÌ¿ëÇÏ¸é µÉ °ÍÀÌ´Ù)

[ CA_default ]

dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.

certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file

À§¿¡¼­´Â °ü·ÃÆÄÀÏÀ» ssl/demoCA ·Î ¼³Á¤ÇÏ°í ÀÖ´Ù. µð·ºÅ丮¸¦ »ý¼ºÇØÁÖ¾î¾ßÇÑ´Ù.
ÀÌ µð·ºÅ丮¹Ø¿¡ certs, crl, newcerts, private µð·ºÅ丮¸¦ »ý¼ºÇÑ´Ù.
±×¸®°í ÇÊ¿äÇÑ ÆÄÀÏÀ» ¾Æ·¡¿Í °°ÀÌ »ý¼ºÇÑ´Ù.

echo '01' > serial
touch index.txt

private key ´Â ÇØ´ç ¼­¹ö¿¡ ´ëÇÑ ºñ¹ÐÅ°ÀÌ´Ù.
certificate ´Â ÇØ´ç ¼­¹ö¿¡ ´ëÇÑ °ø°³Å°ÀÌ´Ù.

À§¿¡¼­ ¼³Á¤ÇÑ ³»¿ëÀº ÀÚüÀûÀ¸·Î CA ¼­¹ö¸¦ ¿î¿µÇϱâ À§Çؼ­ ÇÊ¿äÇϸç apache¿¡¼­ »ç¿ëÀ» Çϱâ À§Çؼ­ ¹Ýµå½Ã °ÅÃÄ¾ß ÇÏ´Â ³»¿ëÀº ¾Æ´Ï´Ù. apache¿Í mod_ssl¿¡¼­´Â opensslÀ» ÀÌ¿ëÇÏ¿© ¼­¹öÀÎÁõÀ» À§ÇÑ ÀÚü Å°¸¦ »ý¼ºÇÏ¸é µÈ´Ù. ±×·¯³ª ÀÚü CA¸¦ ÀÌ¿ëÇÏ¿© »çÀÎÀ» ÇÏ·Á°í ÇÑ´Ù¸é ÇÊ¿äÇÏ´Ù.

apache ¿¡¼­ ssl»ç¿ëÀ» À§Çؼ­ ºñ¹ÐÅ°¿Í °ø°³Å°¸¦ »ý¼ºÇØ ÁÖ¾î¾ß ÇÑ´Ù.
ÀÌ´Â ³ªÁß¿¡ apache¿¡¼­ »ç¿ëÀ» ÇÏ°Ô µÈ´Ù.

# openssl genrsa -des3 -out test.co.kr.key 1024
(¿©±â¼­ -des3 ¿É¼ÇÀ» ¾²°í apache¿¡¼­ È°¿ëÇÏ´Â °æ¿ì ºñ¹Ð¹øÈ£¸¦ ÀÔ·ÂÇØ¾ß ÇÑ´Ù. -des3 ¿É¼ÇÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é º¸¾È»ó ´õ À§ÇèÇØÁö±â´Â ÇÏÁö¸¸ ÀÌ·± ºÒÆíÀº ¾ø´Ù)

ÀÌÁ¦ ÀÎÁõ¿äû¼­(CSR)¸¦ »ý¼ºÇÑ´Ù.
# openssl req -new -key test.co.kr.key -out test.co.kr.csr

Common Name (eg, your name or your server's hostname) []:test.co.kr

¿©±â¿¡ Á¤È®ÇÑ È£½ºÆ®¸í(FQDN)À» ÀÔ·ÂÇؾßÇÑ´Ù.

¿©±â¼­ »ý¼ºÇÑ CSRÀ» ÀÌ¿ëÇÏ¿© °øÀÎ ÀÎÁõ±â°ü(CA)¿¡¼­ »çÀÎÀ» ¹Þ¾Æ ½ÇÁ¦ ÀÎÁõ¼­¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù.

±×·¸Áö¸¸ CA¸¦ ÀÌ¿ëÇÏÁö ¾Ê°í ÀÚüÀûÀ¸·Î CA ¼­¹ö¸¦ ¿î¿µÇÒ ¼ö ÀÖ´Ù. ¹°·Ð »ç¶÷µéÀÌ ÀÌ¿¡ ´ëÇÑ ½Å·Ú¼ºÀ» ¶³¾îÁö°ÚÁö¸¸.

ÀÚüÀûÀ¸·Î CA ¼­¹ö¸¦ ¿î¿µÇϱâ À§Çؼ­´Â ºñ¹ÐÅ°¸¦ »ý¼ºÇÏ°í ¿©±â¿¡ ÀÚ°¡ ¼­¸ÛÇϸç ÀÎÁõ¼­¸¦ ¸¸µé¸é µÈ´Ù. ±×·¯°í³ª¼­ ¾Õ¿¡¼­ ÀÚ½ÅÀÇ À¥»çÀÌÆ®¿¡ »ç¿ëÇÒ ¸ñÀûÀ¸·Î ¸¸µç CSRÀ» »çÀÎÇÏ¸é µÈ´Ù.

ºñ¹ÐÅ° »ý¼º
# openssl genrsa -des3 -out ca.key 1024

ÀÚ°¡¼­¸íµÈ ÀÎÁõ¼­ »ý¼º
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt


ÀÌÁ¦ ÀÚüÀûÀ¸·Î ¸¸µç CAÀÇ ÀÎÁõ¼­¸¦ ÀÌ¿ëÇÏ¿© CSR¿¡ »çÀÎÀ» ÇÏÀÚ.
¾Õ¿¡¼­ openssl.conf°¡ ÀûÀýÇÏ°Ô ¼³Á¤µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù.
ca.crt¿Í ca.keyÀ» ÇØ´ç µð·ºÅ丮·Î ¿Å±â°í conf ÆÄÀÏÀ» ¼öÁ¤ÇÑ´Ù.

certificate = $dir/certs/ca.crt # The CA certificate
private_key = $dir/private/ca.key # The private key


ÀÎÁõ¼­¿¡ »çÀÎÀ» ÇÏ°í È®ÀÎÀ» ÇÑ´Ù.

# openssl ca -policy policy_anything -out test.co.kr.crt -infiles test.co.kr.csr
# openssl verify -CAfile /usr/share/ssl/demoCA/certs/ca.crt test.co.kr.crt
test.co.kr.crt: OK

ÀÚü CA¸¦ ÀÌ¿ëÇÏÁö ¾Ê´Â °æ¿ì¿¡´Â À§¿¡¼­ »ý¼ºÇÑ test.co.kr.csrÀ» °øÀÎÀÎÁõ±â°ü¿¡ º¸³»¼­ ±×°÷¿¡¼­ test.co.kr.crt ÆÄÀÏÀ» ¹Þ°Ô µÉ °ÍÀÌ´Ù.

À§¿¡¼­ »ý¼ºÇÑ test.co.kr.key ¿Í test.co.kr.crt ÆÄÀϵµ ÀûÀýÇÏ°Ô ¿Å°ÜÁØ´Ù.

ÀÌ°ÍÀ» apacheÀÇ httpd.conf ÆÄÀÏ¿¡ µî·ÏÇÏ¿© ÁÖ¸é µÈ´Ù. ÀÌ ºÎºÐÀº ³ªÁß¿¡ ¼³¸í.

SSLCertificateFile /usr/share/ssl/demoCA/certs/test.co.kr.crt
SSLCertificateKeyFile /usr/share/ssl/demoCA/private/test.co.kr.key

csr ÆÄÀÏÀº Áö¿öµµ µÈ´Ù.

¤· apache ¹× mod_ssl ¼³Á¤
apache ¿Í mod_sslÀ» /usr/local/src¿¡ Ç®¾ú´Ù°í °¡Á¤ÇÑ´Ù.
mod_ssl ¼Ò½º µð·ºÅ丮·Î À̵¿ÇÑ´Ù.
# cd mod_ssl-xxx/
# ./configure \
--with-apache=../apache_1.3.x \
--with-crt=/usr/share/ssl/demoCA/certs/test.co.kr.crt \
--with-key=/usr/share/ssl/demoCA/private/test.co.kr.key

À̸¦ ÅëÇØ apache¿¡ mod_ssl °ü·ÃÇÑ ºÎºÐÀ» ÀÚµ¿À¸·Î Ãß°¡ÇØÁØ °ÍÀÌ´Ù. À§ °úÁ¤À» ÅëÇÏ¿© apache¿¡¼­ mod_sslÀ» »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ÆÐÄ¡ÇØÁØ´Ù.
(º°µµ·Î make , make install µîÀº ÇÊ¿äÇÏÁö ¾Ê´Ù)

# cd apache-xx
# SSL_BASE=SYSTEM \
./configure \
--prefix=/usr/local/apache \
--enable-module=ssl \
--enable-rule=SSL_SDBM \
--disable-rule=SSL_COMPAT

(** SSL_BASE ¿¡¼­ opensslÀ» ¼Ò½º·Î ¼³Ä¡Çß´Ù¸é ¼Ò½º°¡ ÀÖ´Â µð·ºÅ丮¸¦ ÁöÁ¤ÇÏ¸é µÈ´Ù. rpmÀ¸·Î ¼³Ä¡Çß´Ù¸é SYSTEMÀ¸·Î ÁöÁ¤Çصµ µÈ´Ù)
(** À§ÀÇ ¿É¼Ç¿¡ ´ëÇؼ­´Â INSTALL.SSL ÆÄÀÏ¿¡ ÀÚ¼¼ÇÑ ¼³¸íÀÌ µé¾îÀÖ´Ù)

# make
# make certificate
(** À§¿¡¼­ °ü·ÃµÈ Å°¸¦ »ý¼ºÇÏ¿© ÁÖ¾úÀ¸¹Ç·Î ¿©±â¼­´Â make certificate ´Â ½ÇÇàÇÒ ÇÊ¿ä°¡ ¾ø´Ù. make certificate ¸¦ ½ÇÇàÇϸé test cert¸¦ »ý¼ºÇϸç Å×½ºÆÿëÀ¸·Î »ç¿ëÇÒ ¼ö ÀÖ´Ù. ÀÌ¿¡ ´ëÇÑ ³»¿ëÀº configure¸¦ ÇÏ°í³ª¼­ »ý¼ºµÈ Makefile¿¡ ¼³¸íÀÌ ³ª¿ÍÀÖÀ¸¹Ç·Î Âü°íÇϱ⠹ٶõ´Ù. ±»ÀÌ ¾Õ¿¡¼­ openssl °ú °ü·ÃÇÑ ºÎºÐÀ» ¼³Á¤ÇÏÁö ¾Ê°í ¹Ù·Î apache¿Í mod_sslÀ» ÀÌ¿ëÇÏ°í½Í´Ù¸é »ç¿ëÇصµ µÈ´Ù. ÀÏ´Ü ÆíÇϴϱñ.)
# make install

ÀϹÝÀûÀÎ ¾ÆÆÄÄ¡ ¼³Ä¡¿Í´Â ´Ù¸£°Ô /usr/local/apache/conf µð·ºÅ丮¿¡ ssl °ü·Ã µð·ºÅ丮°¡ »ý±ä´Ù.

drwxr-xr-x 2 root root 4096 12¿ù 22 21:33 ssl.crl/
drwxr-xr-x 2 root root 4096 12¿ù 22 21:33 ssl.crt/
drwxr-xr-x 2 root root 4096 12¿ù 22 21:33 ssl.csr/
drwx------ 2 root root 4096 12¿ù 22 21:33 ssl.key/
drwxr-xr-x 2 root root 4096 12¿ù 22 21:33 ssl.prm/


/usr/local/apache/conf/httpd.conf ÆÄÀÏÀ» »ìÆ캸¸é

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

(¿©±â ÀÖ´Â ÆÄÀϵéÀº mod_ssl°ú ¿¬µ¿Çϸ鼭 ÀÚµ¿À¸·Î ¼³Ä¡°¡ µÇ´Â °ÍµéÀÌ´Ù. test¿ëÀ¸·Î¸¸ »ç¿ëÇØ¾ß ÇÒ °ÍÀÌ´Ù)

ÀÌ·¸°Ô µÇ¾îÀÖÀ¸¸ç ¿ì¸®°¡ Á÷Á¢ »ý¼ºÇÑ ÆÄÀÏÀ» ÀÌ¿ëÇÑ´Ù¸é
SSLCertificateFile /usr/share/ssl/demoCA/certs/test.co.kr.crt
SSLCertificateKeyFile /usr/share/ssl/demoCA/private/test.co.kr.key

ÀÌ·¸°Ô ¹Ù²Ù¾î ÁÖ¾î¾ß ÇÑ´Ù.

apache¸¦ ½ÇÇà½ÃÄѺ¸ÀÚ.
/usr/local/apache/bin/apachectl startssl

https://test.co.kr (ÀÌ°æ¿ì¿¡´Â /hosts ÆÄÀÏ¿¡ µî·ÏÇسõ°í ÇØ¾ß ÇÒ °ÍÀÌ´Ù)

°ü·ÃÀڷḦ º¸Áö ¾Ê°í Áö±Ý ³ª¿ÍÀÖ´Â ±Û¸¸ °¡Áö°í´Â ÀÌÇØÇϱâ Èûµé °ÍÀÌ´Ù. Á¦ÀÏ ¾Õ¿¡ °ü·ÃÀڷḦ Àû¾î³õ¾ÒÀ¸´Ï Âü°íÇÏ±æ ¹Ù¶õ´Ù.
À̱ÛÀº ³»°¡ Âü°í¿ëÀ¸·Î¸¸ º¸´Â °ÍÀ̱⿡.
                    ¼öÁ¤/»èÁ¦     ÀÌÀü±Û ´ÙÀ½±Û    
¹øÈ£Á¦ ¸ñ÷ºÎÁ¶È¸
24   WEB Server¿Í DB ¼­¹ö ºÐ¸®Çؼ­ ¿î¿µÇÏ±â    3705
23   IP ÁÖ¼Ò Á¢¼ÓÀ» µµ¸ÞÀÎ ÁÖ¼Ò·Î ¹Ù²Ù±â    3524
22   ¾ÆÆÄÄ¡ ÀÎÁõ»ç¿ëÀ¸·Î ƯÁ¤µð·ºÅ丮¿¡ ¾ÏÈ£...    2204
21   apache + mod_ssl ÀÌ¿ëÇÏ±â    2156
20   ApacheÀÇ chroot¿î¿µ ¹× Jail System    2136
19   µð·ºÅ丮°¡ ³ëÃâµÉ¶§    1992
18   ApacheÀÇ chroot¿î¿µ ¹× Jail System    2013
17   APM(Apache+PHP+MySQL)¿¬µ¿ È®ÀÎÇÏ±â    3109
16   ¾ÆÆÄÄ¡ http://localhost/index.html ...    3033
15   Apache ¿Í PHP ¾÷±×·¹À̵å ÇÏ±â    1804
14   ¾ÆÆÄÄ¡¼³Á¤À¸·Î ¸®´ª½º±â¹Ý ¾ÆÆÄÄ¡À¥¼­¹ö¿¡...    2386
13   PATH_INFO¿Í ForceTypeÀ» ÀÌ¿ëÇÑ °Ë»ö¿£Áø ...    2184

 
óÀ½ ÀÌÀü ´ÙÀ½       ¸ñ·Ï