|
|
|
|
 |
Apache (mod_ssl) |
 |
|
¡Ø CSR(Certificate Signing Request) »ý¼º ÀýÂ÷
[STEP#1] °³ÀÎÅ° »ý¼ºÇϱâ.
[STEP#2] CSR »ý¼ºÇϱâ.
[STEP#3] »ý¼ºµÈ CSR·Î ½ÅûÇϱâ.
|
|
| ¨ç ¾ÆÆÄÄ¡ Å°¸¦ »ý¼ºÇÕ´Ï´Ù. |
 |
Apache ¿¡ SSLÀ» ¼³Ä¡Çϱâ À§Çؼ´Â mod_ssl ¸ðµâÀÌ ¼³Ä¡µÇ¾î ÀÖ¾î¾ß ÇÕ´Ï´Ù. |
|
|
¼³Ä¡ ȯ°æ Á¤º¸
OS : CentOS 5.4
Web Server : Apache 2.2.16 |
|
 |
|
[root@localhost httpd]# openssl sha1 * > rand.dat
[root@localhost httpd]# openssl genrsa -rand rand.dat -des3 2048 > [°³ÀÎÅ°¸í] # °³ÀÎÅ° »ý¼º #
(»ý¼º¿¹)# openssl genrsa -rand rand.dat -des3 2048 > www.innocert.co.kr.key
Generating RSA private key, 2048 bit long modulus
...................++++++
......++++++
e is 65537 (0x10001)
Enter pass phrase: [Æнº¿öµåÀÔ·Â]
Verifying - Enter pass phrase: [Æнº¿öµåÀÔ·Â]
¡Ø ÁÖÀÇ: ÇØ´ç Æнº¿öµå´Â ¾ÆÆÄÄ¡ µ¥¸ó ±¸µ¿½Ã ¿ä±¸ÇÏ´Â Æнº¿öµåÀ̹ǷΠ¹Ýµå½Ã ±â¾ïÇϽʽÿÀ.
|
|
|
 |
|
Window ¿ë Apache ÀÇ °æ¿ì, 2.2.9 ¹öÀü ÀÌÈÄÀÇ mod_ssl ÀÌ Àû¿ëµÈ ¹öÀü¸¸ SSLÀÌ ¼³Ä¡ °¡´ÉÇÕ´Ï´Ù. |
|
|
¼³Ä¡ ȯ°æ Á¤º¸
Windows 2003 Server
Apache 2.2.14-openssl-0.9.8 ¹öÀü ( ¼³Ä¡°æ·Î : C:\Apache2.2 ) |
|
|
|
[root@localhost httpd]# openssl genrsa -out [°³ÀÎÅ°¸í] 2048 # °³ÀÎÅ° »ý¼º #
(»ý¼º¿¹)# openssl genrsa -out www.innocert.co.kr.key 2048
Generating RSA private key, 2048 bit long modulus
...................++++++
......++++++
e is 65537 (0x10001)
|
|
|
|
|
| |
| ¨è ¾ÆÆÄÄ¡ Å°¸¦ ÀÌ¿ëÇÏ¿© CSRÀ» »ý¼ºÇÕ´Ï´Ù. |
|
|
[root@localhost httpd]# openssl req -new -key [°³ÀÎÅ°] -out [CSRÆÄÀϸí] # CSR »ý¼º #
(»ý¼º¿¹)openssl req -new -key www.innocert.co.kr.key -out www.innocert.co.kr.csr
Enter pass phrase for www.innocert.co.kr.key: [Æнº¿öµåÀÔ·Â]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: KR # ±¹°¡ ÄÚµå #
State or Province Name (full name) [Berkshire]: Seoul # Áö¿ª #
Locality Name (eg, city) [Newbury]: Yeoksamdong # Áö¿ª #
Organization Name (eg, company) [My Company Ltd]: KOINOS Co.,Ltd. # ¾÷ü¸í #
Organizational Unit Name (eg, section) []: CERT TEAM # ºÎ¼ #
Common Name (eg, your name or your server's hostname) []: www.innocert.co.kr # µµ¸ÞÀÎ #
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [Enter]
An optional company name []: [Enter]
À§¿Í °°ÀÌ »ý¼º µÈ CSRÀ» À̳ë¼Æ® À̸ÞÀÏ(info@innocert.co.kr)·Î Àü´Þ ÇØ ÁÖ½Ã¸é µË´Ï´Ù. |
|
|
|
|
|
[root@localhost httpd]# openssl req -new -key [°³ÀÎÅ°] -out [CSRÆÄÀϸí] -config C:\Apache2.2\conf\openssl.cnf # CSR »ý¼º #
(»ý¼º¿¹)openssl req -new -key www.innocert.co.kr.key -out www.innocert.co.kr.csr -config C:\Apache2.2\conf\openssl.cnf
Country Name (2 letter code) [GB]: KR # ±¹°¡ ÄÚµå #
State or Province Name (full name) [Berkshire]: Seoul # Áö¿ª #
Locality Name (eg, city) [Newbury]: Yeoksamdong # Áö¿ª #
Organization Name (eg, company) [My Company Ltd]: KOINOS Co.,Ltd. # ¾÷ü¸í #
Organizational Unit Name (eg, section) []: CERT TEAM # ºÎ¼ #
Common Name (eg, your name or your server's hostname) []: www.innocert.co.kr # µµ¸ÞÀÎ #
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [Enter]
An optional company name []: [Enter]
À§¿Í °°ÀÌ »ý¼º µÈ CSRÀ» À̳ë¼Æ® À̸ÞÀÏ(info@innocert.co.kr)·Î Àü´Þ ÇØ ÁÖ½Ã¸é µË´Ï´Ù. |
|
|
|
|
|
|
|
|
Windows2000 Server (IIS 5.0) |
|
| ¨ç ½ÃÀÛ¹öÆ° > ÇÁ·Î±×·¥ > °ü¸®µµ±¸ > ÀÎÅÍ³Ý ¼ºñ½º °ü¸®ÀÚ¸¦ ½ÇÇàÇÕ´Ï´Ù. |
|
| ¨è ÀÎÁõ¼¸¦ »ç¿ëÇÒ »çÀÌÆ®¸¦ ¼±ÅÃÇÑ ÈÄ ¸¶¿ì½º ¿À¸¥ÂÊ ¹öÆ°À» Ŭ¸¯Çؼ "µî·Ï Á¤º¸" À» º¾´Ï´Ù. |
|
 |
|
| ¨é "µð·ºÅ͸® º¸¾È" ÅÇÀ» ¼±Åà ÇÑ ÈÄ "¼¹ö ÀÎÁõ¼" ¹öÆ°À» ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨ê IIS ÀÎÁõ¼ ¸¶¹ý»ç¸¦ ½ÃÀÛÇÕ´Ï´Ù. |
|
| ¨ë "»õ ÀÎÁõ¼¸¦ ¸¸µì´Ï´Ù" ¸¦ ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨ì "¿äûÀ» Áö±Ý ÁغñÇÏÁö¸¸ ³ªÁß¿¡ º¸³À´Ï´Ù" ¸¦ ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨í ÀÎÁõ¼ À̸§(µµ¸ÞÀÎÁÖ¼Ò)À» ÀÔ·ÂÇÏ°í ºñÆ®±æÀÌ "1024" ȤÀº "2048" ¸¦ ¼±ÅÃÇÑ ÈÄ ´ÙÀ½À» ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨î "Á¶Á÷"¿¡´Â ȸ»ç À̸§À», "Á¶Á÷ ±¸¼º ´ÜÀ§"¿¡´Â ºÎ¼¸íÀ» ÀÔ·Â ÇÕ´Ï´Ù. |
|
 |
|
| ¨ï ÀÎÁõ¼¸¦ »ç¿ëÇÒ µµ¸ÞÀÎ ÁÖ¼Ò¸¦ ÀÔ·Â ÇÕ´Ï´Ù. |
|
 |
|
| ¨ð Áö¿ª Á¤º¸(±¹°¡ ÄÚµå, ¿µ¹® ½Ã/µµ, ¿µ¹® ±¸/±º)¸¦ ÀÔ·Â ÇÕ´Ï´Ù. |
|
 |
|
| ¨ñ CSR ÆÄÀÏÀ» ÀúÀåÇÒ °æ·Î¸¦ ÁöÁ¤ÇØ ÁÝ´Ï´Ù. (¿¹) C:\www.innocert.co.kr.txt) |
|
 |
|
| ¨ò ÁöÁ¤ÇÑ °æ·Î·Î CSR ÆÄÀÏÀÌ »ý¼ºµÇ¸ç, À¥ ¼¹ö ÀÎÁõ¼ ¸¶¹ý»ç¸¦ ¿Ï·áÇÕ´Ï´Ù. |
|
 |
|
| À§¿Í °°ÀÌ »ý¼º µÈ CSRÀ» À̳ë¼Æ® À̸ÞÀÏ(info@innocert.co.kr)·Î Àü´Þ ÇØ ÁÖ½Ã¸é µË´Ï´Ù. |
|
|
|
|
Windows2003 Server (IIS 6.0) |
 |
| ¨ç ½ÃÀÛ¹öÆ° > ÇÁ·Î±×·¥ > °ü¸®µµ±¸ > ÀÎÅÍ³Ý ¼ºñ½º °ü¸®ÀÚ¸¦ ½ÇÇàÇÕ´Ï´Ù. |
|
| ¨è ÀÎÁõ¼¸¦ »ç¿ëÇÒ »çÀÌÆ®¸¦ ¼±ÅÃÇÑ ÈÄ ¸¶¿ì½º ¿À¸¥ÂÊ ¹öÆ°À» Ŭ¸¯Çؼ "¼Ó¼º" À» º¾´Ï´Ù. |
|
 |
|
| ¨é "µð·ºÅ͸® º¸¾È" ÅÇÀ» ¼±Åà ÇÑ ÈÄ "¼¹ö ÀÎÁõ¼" ¹öÆ°À» ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨ê À¥¼¹ö ÀÎÁõ¼ ¸¶¹ý»ç¸¦ ½ÃÀÛÇÕ´Ï´Ù. |
|
| ¨ë "»õ ÀÎÁõ¼¸¦ ¸¸µì´Ï´Ù" ¸¦ ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨ì "¿äûÀ» Áö±Ý ÁغñÇÏÁö¸¸ ³ªÁß¿¡ º¸³À´Ï´Ù" ¸¦ ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨í ÀÎÁõ¼ À̸§(µµ¸ÞÀÎÁÖ¼Ò)À» ÀÔ·ÂÇÏ°í ºñÆ®±æÀÌ "1024" ȤÀº "2048" ¸¦ ¼±ÅÃÇÑ ÈÄ ´ÙÀ½À» ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨î "Á¶Á÷"¿¡´Â ȸ»ç À̸§À», "Á¶Á÷ ±¸¼º ´ÜÀ§"¿¡´Â ºÎ¼¸íÀ» ÀÔ·Â ÇÕ´Ï´Ù. |
|
 |
|
| ¨ï ÀÎÁõ¼¸¦ »ç¿ëÇÒ µµ¸ÞÀÎ ÁÖ¼Ò¸¦ ÀÔ·Â ÇÕ´Ï´Ù. |
|
 |
|
| ¨ð Áö¿ª Á¤º¸(±¹°¡ ÄÚµå, ¿µ¹® ½Ã/µµ, ¿µ¹® ±¸/±º)¸¦ ÀÔ·Â ÇÕ´Ï´Ù. |
|
 |
|
| ¨ñ CSR ÆÄÀÏÀ» ÀúÀåÇÒ °æ·Î¸¦ ÁöÁ¤ÇØ ÁÝ´Ï´Ù. (¿¹) C:\www.mydomain.com.csr) |
|
 |
|
 |
|
| ¨ò ÁöÁ¤ÇÑ °æ·Î·Î CSR ÆÄÀÏÀÌ »ý¼ºµÇ¸ç, À¥ ¼¹ö ÀÎÁõ¼ ¸¶¹ý»ç¸¦ ¿Ï·áÇÕ´Ï´Ù. |
|
 |
|
| À§¿Í °°ÀÌ »ý¼º µÈ CSRÀ» À̳ë¼Æ® À̸ÞÀÏ(info@innocert.co.kr)·Î Àü´Þ ÇØ ÁÖ½Ã¸é µË´Ï´Ù. |
|
|
|
|
Windows2008 Server (IIS 7.0) |
|
| ¨ç ½ÃÀÛ¹öÆ° > ÇÁ·Î±×·¥ > °ü¸®µµ±¸ > ÀÎÅÍ³Ý Á¤º¸ ¼ºñ½º¸¦ ½ÇÇàÇÕ´Ï´Ù. |
|
 |
|
| ¨èÀÎÁõ¼¸¦ ¼³Ä¡ÇÒ ¼¹ö À̸§À» ¼±Åà ÇÏ°í, ¿À¸¥ÂÊÀÇ "¼¹ö ÀÎÁõ¼"¸¦ ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨é "ÀÛ¾÷" ¸Þ´º¿¡¼ "ÀÎÁõ¼ ¿äû ¸¸µé±â"¸¦ ¼±Åà ÇÕ´Ï´Ù. |
|
 |
|
| ¨ê CSR »ý¼º¿¡ ÇÊ¿äÇÑ Á¤º¸¸¦ ÀÔ·Â ÇÕ´Ï´Ù. |
|
 |
|
| ¨ë "¾ÏÈ£È ¼ºñ½º °ø±ÞÀÚ ¼Ó¼º" â¿¡¼, "Microsoft RSA SChannel Cryptographic Provider" ¹× "1024 bit" ·Î ¼±ÅÃ. |
|
 |
|
| ¨ì CSR ÆÄÀÏÀ» ÀúÀåÇÒ °æ·Î¸¦ ÁöÁ¤ÇØ ÁÝ´Ï´Ù. |
|
 |
|
| À§¿Í °°ÀÌ »ý¼º µÈ CSRÀ» À̳ë¼Æ® À̸ÞÀÏ(info@innocert.co.kr)·Î Àü´Þ ÇØ ÁÖ½Ã¸é µË´Ï´Ù. |
|
|
|
|
Tomcat 5.x / 6.x |
|
| ¨ç Å°½ºÅä¾î¸¦ »ý¼ºÇÕ´Ï´Ù. |
|
|
[root@localhost httpd]# keytool -genkey -alias innocert -keyalg RSA -keysize 1024 \
-keystore /usr/local/tomcat/ssl/TomcatKeyStore
keystore ¾ÏÈ£¸¦ ÀÔ·ÂÇϽʽÿä: [Æнº¿öµåÀÔ·Â]
À̸§°ú ¼ºÀ» ÀÔ·ÂÇϽʽÿä.
[Unknown]: www.innocert.co.kr # µµ¸ÞÀθí #
Á¶Á÷ ´ÜÀ§ À̸§À» ÀÔ·ÂÇϽʽÿÀ.
[Unknown]: CERT TEAM # ºÎ¼¸í #
Á¶Á÷ À̸§À» ÀÔ·ÂÇϽʽÿÀ.
[Unknown]: KOINOS Co.,Ltd. # ȸ»ç¸í #
±¸/±º/½Ã À̸§À» ÀÔ·ÂÇϽʽÿÀ
[Unknown]: Gangnamgu # Áö¿ª¸í #
½Ã/µµ À̸§À» ÀÔ·ÂÇϽʽÿÀ.:
[Unknown]: Seoul # Áö¿ª¸í #
ÀÌ Á¶Á÷ÀÇ µÎ ÀÚ¸® ±¹°¡ Äڵ带 ÀÔ·ÂÇϽʽÿÀ.
[Unknown]: KR # ±¹°¡ÄÚµå #
CN=www.innocert.co.kr, OU=CERT TEAM,
O=KOINOS Co.,Ltd, L=Gangnamgu, ST=Seoul, C=KRÀÌ(°¡) ¸Â½À´Ï±î?
[¾Æ´Ï¿À]: Y
¿¡ ´ëÇÑ Å° ¾ÏÈ£¸¦ ÀÔ·ÂÇϽʽÿä
(keystore ¾ÏÈ£¿Í °°Àº °æ¿ì RETURNÀ» ´©¸£½Ê½Ã¿À): [Enter]
¡Ø ÁÖÀÇ: ÇØ´ç Æнº¿öµå´Â Tomcat ¼ÂÆýà ¿ä±¸ÇÏ´Â Æнº¿öµåÀ̹ǷΠ¹Ýµå½Ã ±â¾ïÇϽʽÿÀ.
|
|
|
|
|
| |
| ¨è Å°½ºÅä¾î¸¦ ÀÌ¿ëÇÏ¿© CSRÀ» »ý¼ºÇÕ´Ï´Ù. |
|
|
[root@localhost ssl]# keytool -certreq -alias innocert -file /usr/local/tomcat/ssl/www.innocert.co.kr.csr
-keystore /usr/local/tomcat/ssl/TomcatKeyStore
keystore ¾ÏÈ£¸¦ ÀÔ·ÂÇϽʽÿÀ: [Æнº¿öµåÀÔ·Â]
À§¿¡ »ý¼º µÈ CSRÀ» À̳ë¼Æ® À̸ÞÀÏ(info@innocert.co.kr)·Î Àü´Þ ÇØ ÁÖ½Ã¸é µË´Ï´Ù.
|
|
|
|
|
|
|
|
|
 |
|
