1. 필요한 소프트웨어
SSL 암호화를 위해 OpenSSL과 mod_ssl이 필요합니다.
openssl이 자동 설치되지만 확인차 다시 설치 합니다.
]# yum install mod_ssl openssly
2. self-signed certificate 생성
OpenSSL을 이용해 self-signed certificate를 생성하는 과정입니다.
private key 생성
]# openssl genrsa -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
.....++++++
......++++++
e is 65537 (0x10001)
]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ., the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Kyeonggi
Locality Name (eg, city) [Default City]:Suwon
Organization Name (eg, company) [Default Company Ltd]:moa
Organizational Unit Name (eg, section) []:moa
Common Name (eg, your name or your servers hostname) []:landmoa.net
Email Address []:myid@gmail.com
Please enter the following extra attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
========================================================
4.Self signed key 생성
]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
다음 위치에 파일들을 복사합니다..
]# cp ca.crt /etc/pki/tls/certs
]# cp ca.key /etc/pki/tls/private/ca.key
]# cp ca.csr /etc/pki/tls/private/ca.csr
=====
5.서버에 적용
]# vi /etc/nginx/conf.d/default443.conf
server {
#listen 8080;
listen 443;
server_name landmoa.net *.landmoa.net www.landmoa.net;
root /home/test;
index index.php index.html index.htm;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
=> 아래 부분 추가
ssl on;
ssl_certificate /etc/pki/tls/certs/ca.crt;
ssl_certificate_key /etc/pki/tls/private/ca.key;
]# systemctl restart nginx
[테스트]
https://test.landmoa.net/
ssl 설치를 하여 테스트해 본 페이지 입니다.