● 버전 확인
  openssl version

 

● 개인키 생성
  openssl genrsa -des3 -out server.key 2048

● 인증요청서 생성
  openssl req -new -key server.key -out server.csr

 

  Country Name (2 letter code) [XX]: 국가코드(kr)

  State or Province Name (full name) []: 시 이름(Seoul)

  Locality Name (eg, city) [Default City]: 시/군/구(Ansan)

  Organization Name (eg, company) [Default Company Ltd]:회사명(jcompany)

  Organizational Unit Name (eg, section) []: 부서명(mod)

  Common Name (eg, your name or your server's hostname) []: 서비스 도메인명 ( sample.com )

  Email Address []:이메일 주소 (sample@naver.com)

 

● (Optional) 개인키에서 패스워드 제거
  cp server.key server.key.origin
  openssl rsa -in server.key.origin -out server.key
 

  writing RSA key 라고 나오면 완료됨

● 인증서 생성
  openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

● 확인
  ▶개인키
    cat server.key | head -3

  ▶사설인증서
    cat server.crt | head -3

● 개인키와 인증서 설치
  cp server.key /etc/httpd/ssl/
  cp server.crt /etc/httpd/ssl/

● httpd.conf 설정
  # SSL Virtual host add
  NameVirtualHost *:443

  # SSL Virtual host add
  <VirtualHost sample.com:443>
      SSLEngine on
      SSLCertificateFile /etc/httpd/ssl/server.crt
      SSLCertificateKeyFile /etc/httpd/ssl/server.key
      ServerAdmin  master@host.sample.com
      DocumentRoot /home/sample/public_html
      ServerName sample.com
      ErrorLog logs/ssl_sample.com-error_log
      CustomLog logs/ssl_sample.com-access_log common
  </VirtualHost>

  #Redirect
  <VirtualHost *:80>
      ServerAdmin master@host.sample.com
      DocumentRoot /home/sample/public_html
      ServerName sample.com
      ServerAlias www.sample.com

      RewriteEngine On
      RewriteCond %{HTTPS} !on
      RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
      ErrorLog logs/host.sample.com-error_log
      CustomLog logs/host.sample.com-access_log common
  </VirtualHost>

Posted by 꼬장e
,