우분투 openssl

1. 개인키(비밀키) 생성

 # mkdir /root/ssl
 # cd /root/ssl
개인키(비밀키) 생성
 # openssl genrsa -des3 -out joy2009.key 1024
  패스워드 입력
개인키 확인
 # openssl rsa -noout -text -in joy2009.key
CSR 생성
 # openssl req -new -key joy2009.key -out joy2009.csr
 
Using configuration from /etc/ssl/openssl.cnf
Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR (국가코드)
State or Province Name (full name) [Some-State]:Seoul  (시/도)
Locality Name (eg, city) []:guro (구/군)
Organization Name (eg, company) [Internet Widgits Pty Ltd]:servergroup Corp.,Ltd (회사명)
Organizational Unit Name (eg, section) []:Digital Certificate Team (부서명)
Common Name (eg, YOUR name) []:www.joy.to (인증 받을 도메인 주소)
Email Address []:kalrielra@korea.com
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: 
An optional company name []:

A challenge password와 An optional company name은 입력하지 말고 Enter

CSR 확인
 # openssl req -noout -text -in joy2009.csr

개인키 백업
 # cp -arv /root/ssl/joy2009.key /root/
CRT 생성 (자신의 서버가 인증서버로 만들기 위한 테스트용)
 # cd /root/ssl/
 # openssl x509 -in joy2009.csr -out joy2009.crt -req -signkey joy2009.key -days 365

인증서 카피
 # cp -arv /root/ssl/joy2009.key /etc/certs/key/
 # cp -arv /root/ssl/joy2009.csr /etc/certs/csr/
 # cp -arv /root/ssl/joy2009.crt /etc/certs/crt/

SSL 설정파일 수정
 # vi /etc/ssl/ssl.conf
 
  SSLCertificateFile    certs/crt/joy2009.crt
  SSLCertificateKeyFile certs/key/joy2009.key

Apache 재시작
 # /etc/ined.t/apache2 restart
  패스워드 입력

웹사이트 접속 확인
 # https://192.168.xxx,xx

Apache 문장구문 에러 확인
 # httpd -t

Apache 모듈 확인 (DSO 모듈은 나타나지 않고, 고정 모듈만 나타난다.)
 # httpd -l