Apache À¥¼¹ö¸¦ »ç¿ëÇϽô °æ¿ì¿¡´Â Apache À¥¼¹ö¿¡ SSL¸¦ Àû¿ëÇϴµ¥¿¡ ¸î°¡Áö È®ÀÎÇØ º¸¾Æ¾ß ÇÒ ºÎºÐÀÌ ÀÖ½À´Ï´Ù.
openssl ¾ÏÈ£È ¶óÀ̺귯¸® ¼³Ä¡ ¿©ºÎ¿Í Apache À¥¼¹ö¿¡ mod_ssl ¸ðµâÀÌ ¼³Ä¡µÇ¾îÀÖ¾î¾ß ÇÕ´Ï´Ù.
´ÙÀ½À¸·Î ¼¹ö °³ÀÎÅ°(ºñ¹ÐÅ°)¸¦ »ý¼ºÇÏ°í, »ý¼ºµÈ °³ÀÎÅ°¸¦ Åä´ë·Î CSR(Certificate Signing Request)À» »ý¼ºÇÕ´Ï´Ù.
»ý¼ºµÈ CSR ÆÄÀÏÀ» ¾Ö´Ï¼Æ®·Î º¸³»Áֽøé, ·çÆ®±â°ü¿¡¼ ¹ßÇàÇÏ´Â Á¤½ÄÀÎÁõ¼ ¹ß±Þ ÀýÂ÷¸¦ ¹â°Ô µË´Ï´Ù.
±× ÈÄ¿¡ Á¤½Ä ÀÎÁõ¼°¡ ¹ß±ÞµÇ°í À¥¼¹ö¿¡ ¼³Ä¡µÇ¸é À¥¼¹ö SSL ¼³Á¤Àº ¸¶ÃÄÁö°Ô µË´Ï´Ù.
¡Ø CSR(Certificate Signing Request) »ý¼º ¼ø¼
1. openssl ¼³Ä¡ È®ÀÎ
2. Apache À¥¼¹ö mod_ssl ¸ðµâ ¼³Ä¡ È®ÀÎ
3. °³ÀÎÅ°(ºñ¹ÐÅ°) »ý¼º
4. °³ÀÎÅ° È®ÀÎ
5. CSR »ý¼º
6. CSR È®ÀÎ
7. °³ÀÎÅ° ¹é¾÷
8. ¾Ö´Ï¼Æ®¿¡ CSR Á¢¼ö
9. ³×Æ®¿÷ È®ÀÎ »çÇ× - SSL Àû¿ë¿¡ µû¸¥ ¹æȺ®, L4 switch ¼³Á¤ È®ÀÎ
10. ¾Ö´Ï¼Æ® CSR ÆÄÀÏ ´ä½Å È®ÀÎ
1. openssl ¼³Ä¡ È®ÀÎ
¸ÕÀú openssl ¶óÀ̺귯¸®°¡ ¼³Ä¡µÇ¾î ÀÖ¾î¾ß ÇÕ´Ï´Ù.
¢Ã
[root@web1 root]# find / -name openssl
...
/usr/bin/openssl
...
/usr/local/openssl/bin/openssl
[root@web1 root]#
ÀϹÝÀûÀ¸·Î À§ÀÇ °á°ú¿¡¼ /usr/bin/openssl Àº rpm ¼³Ä¡µÈ °ÍÀ̸ç(redhat 8.0 ÀÌ»ó), /usr/local/openssl/bin/openssl Àº openssl ¼Ò½º ¼³Ä¡µÈ °ÍÀÔ´Ï´Ù.
openssl ÀÌ rpm ¼³Ä¡µÈ °ÍÀ̶ó¸é, openssl-devel ¶óÀ̺귯¸®µµ rpm ¼³Ä¡µÇ¾îÀÖ´ÂÁö È®ÀÎÇÕ´Ï´Ù.
¢Ã
[root@web1 root]# rpm -q openssl
openssl-0.9.7a-2
[root@web1 root]# rpm -q openssl-devel
openssl-devel-0.9.7a-2
[root@web1 root]#
Âü°íÀûÀ¸·Î openssl ¸ðµâÀº ¾ÏÈ£Èó¸® µ¶¸³ ¸ðµâ·Î ÃֽŹöÁ¯À» µû·Î ¼³Ä¡ÇÏ´Â °ÍÀ» ÃßõÇØ µå¸³´Ï´Ù.
openssl ¼³Ä¡µÇÁö ¾ÊÀ¸¼Ì´Ù¸é, openssl ¼³Ä¡ °¡À̵带 Âü°íÇØ Áֽñ⠹ٶø´Ï´Ù. (openssl ¼³Ä¡ °¡ÀÌµå º¸±â)
2. Apache À¥¼¹ö mod_ssl ¸ðµâ ¼³Ä¡ È®ÀÎ
Apache À¥¼¹ö ¹öÁ¯À» ¼±ÅÃÇØ Áֽñ⠹ٶø´Ï´Ù.
Apache 1.3.xx Apache 2.0.xx
Apache 1.3.xx À¥¼¹ö¿¡ mod_ssl ¸ðµâ ¼³Ä¡ È®ÀÎÇÕ´Ï´Ù.
Apache À¥¼¹ö´Â µÎ°¡Áö ¹æ½ÄÀÇ ¸ðµâ ¼³Ä¡¸¦ Áö¿øÇϹǷΠstatically linking module, DSO(Dynamic Shared Objects) module ·Î ¼³Ä¡µÈ ¸ðµâÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.
- $APACHE º¯¼ö´Â ¾ÆÆÄÄ¡ ¼³Ä¡ µð·ºÅ丮¸¦ °¡¸£Åµ´Ï´Ù.
1. statically linking module ·Î ¼³Ä¡µÈ mod_ssl ¸ðµâÈ®ÀÎ
¢Ã
[root@web1 root]# $APACHE/bin/httpd -l
Compiled-in modules:
...
mod_ssl.c
...
[root@web1 root]#
À¥¼¹ö¿¡ ¼³Ä¡µÈ ¸ðµâÁß¿¡ mod_ssl.c À» È®ÀÎÇÕ´Ï´Ù.
2. DSO module ·Î ¼³Ä¡µÈ mod_ssl ¸ðµâÈ®ÀÎ
¢Ã
[root@web1 root]# $APACHE/bin/httpd -l
Compiled-in modules:
...
mod_so.c
...
[root@web1 root]# ls $APACHE/module
(1.3.29 ÀÌÀü ¹öÀüÀº $APACHE/libexec È®ÀÎ)
mod_ssl.so ...
[root@web1 root]#
À¥¼¹ö¿¡ ¼³Ä¡µÈ ¸ðµâÁß¿¡ mod_so.c À» ¸ÕÀú È®ÀÎÇÕ´Ï´Ù. ±×¸®°í DSO module·Î ¼³Ä¡µÈ ¸ðµâÁß¿¡ mod_ssl.so À» È®ÀÎÇÕ´Ï´Ù.
¸¸¾à¿¡ mod_ssl ¸ðµâÀÌ ¼³Ä¡µÇ¾îÀÖÁö ¾Ê´Ù¸é, Apache 1.3.xx + mod_ssl ¼³Ä¡ °¡À̵å Âü°íÇϽðí Apache À¥¼¹ö mod_ssl ¸ðµâÀ» ¼³Ä¡ÇØ ÁÖ½Ã¸é µË´Ï´Ù. (Apache 1.3.xx + mod_ssl ¼³Ä¡ °¡ÀÌµå º¸±â)
Âü°íÀûÀ¸·Î ¼º´ÉÀÌ Çâ»óµÇ°í, mod_sslÀ» ³»ÀåÇÑ Apache 2.0.xx ¼³Ä¡¸¦ ÃßõÇØ µå¸³´Ï´Ù.
Apache 2.0.xx À¥¼¹ö¿¡ mod_ssl ¸ðµâ ¼³Ä¡ È®ÀÎÇÕ´Ï´Ù.
Apache À¥¼¹ö´Â µÎ°¡Áö ¹æ½ÄÀÇ ¸ðµâ ¼³Ä¡¸¦ Áö¿øÇϹǷΠstatically linking module, DSO(Dynamic Shared Objects) module ·Î ¼³Ä¡µÈ ¸ðµâÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.
- $HTTPD º¯¼ö´Â ¾ÆÆÄÄ¡ ¼³Ä¡ µð·ºÅ丮¸¦ °¡¸£Åµ´Ï´Ù.
1. statically linking module ·Î ¼³Ä¡µÈ mod_ssl ¸ðµâÈ®ÀÎ
¢Ã
[root@web1 root]# $HTTPD/bin/httpd -l
Compiled-in modules:
...
mod_ssl.c
...
[root@web1 root]#
À¥¼¹ö¿¡ ¼³Ä¡µÈ ¸ðµâÁß¿¡ mod_ssl.c À» È®ÀÎÇÕ´Ï´Ù.
2. DSO module ·Î ¼³Ä¡µÈ mod_ssl ¸ðµâÈ®ÀÎ
¢Ã
[root@web1 root]# $HTTPD/bin/httpd -l
Compiled-in modules:
...
mod_so.c
...
[root@web1 root]# ls $HTTPD/module
mod_ssl.so ...
[root@web1 root]#
À¥¼¹ö¿¡ ¼³Ä¡µÈ ¸ðµâÁß¿¡ mod_so.c À» ¸ÕÀú È®ÀÎÇÕ´Ï´Ù. ±×¸®°í DSO module·Î ¼³Ä¡µÈ ¸ðµâÁß¿¡ mod_ssl.so À» È®ÀÎÇÕ´Ï´Ù.
¸¸¾à¿¡ mod_ssl ¸ðµâÀÌ ¼³Ä¡µÇ¾îÀÖÁö ¾Ê´Ù¸é, Apache 2.0.xx enable-ssl ¿É¼Ç ¼³Ä¡ °¡À̵å Âü°íÇϽðí Apache À¥¼¹ö mod_ssl ¸ðµâÀ» ¼³Ä¡ÇØ ÁÖ½Ã¸é µË´Ï´Ù. (Apache 2.0.xx enable-ssl ¿É¼Ç ¼³Ä¡ °¡ÀÌµå º¸±â)
¸ðµâ ¼³Ä¡ È®ÀÎÀÌ µÇ¾úÀ¸¸é, ´ÙÀ½À¸·Î CSR ÆÄÀÏÀ» »ý¼ºÇÕ´Ï´Ù.
CSR ÆÄÀÏ »ý¼º°úÁ¤¿¡´Â Apache À¥¼¹ö SSL ¸ðµâ ¼³Ä¡ ¿©ºÎ¿Í´Â °ü°è¾øÀÌ, openssl ¼³Ä¡µÈ °ÍÀ¸·Î »ý¼ºÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù.
ÇÏÁö¸¸, ÀÎÁõ¼°¡ ¹ßÇàµÈ ´ÙÀ½¿¡ ¼³Ä¡¿¡¼ ¹®Á¦°¡ µÇ±â ¶§¹®¿¡ »çÀü¿¡ À¥¼¹öÀÇ SSL ¾ÏÈ£È ¸ðµâÀ» È®ÀÎÇØ µÎ´Â °ÍÀÔ´Ï´Ù.
3. °³ÀÎÅ°(ºñ¹ÐÅ°) »ý¼º
Solaris 8 Release 12/02 ÀÌÇÏ ¹öÀü¿¡¼ Apache À¥¼¹ö¸¦ ¿î¿µÇϽŴٸé,
[random ¿É¼Ç»ç¿ë]À» ¼±ÅÃÇØ Áֽñ⠹ٶø´Ï´Ù.
ÀϹÝÀûÀÎ Å° »ý¼º(random ÀåÄ¡»ç¿ë) random ¿É¼Ç»ç¿ë
- $SSL_KEY_STORE º¯¼ö´Â ssl °³ÀÎÅ°¸¦ º¸°üÇÏ´Â µð·ºÅ丮¸¦ °¡¸£Åµ´Ï´Ù.
¢Ã
[root@web1 root]# cd $SSL_KEY_STORE
[root@web1 ssl]# openssl genrsa -des3 -out ssl2007.key 1024
Generating RSA private key, 1024 bit long modulus
.............++++++
...++++++
e is 65537 (0x10001)
Enter pass phrase for ssl2007.key: ******
Verifying - Enter pass phrase for ssl2007.key: ******
[root@web1 ssl]#
¼Ö¶ó¸®½ºÀÇ °æ¿ì¿¡´Â Solaris 8 Release 12/02 ÀÌÇÏ ¹öÀü¿¡¼ /dev/random ÀåÄ¡°¡ ±¸¼ºµÇÁö ¾Ê½À´Ï´Ù.
[¼Ö¶ó¸®½º °í°´Áö¿øÀÇ ·£´ý device ¾È³»¹®¼]
openssl À¯Æ¿¸®Æ¼´Â /dev/random ÀåÄ¡¸¦ ÀÌ¿ëÇؼ °³ÀÎÅ°(ºñ¹ÐÅ°) »ý¼ºÇÏ°Ô µÇ¹Ç·Î,
/dev/random ÀåÄ¡¸¦ ÀÌ¿ëÇÒ ¼ö ¾ø´Â Solaris 8 Release 12/02 ÀÌÇÏ ¹öÀü¿¡¼´Â
´ÙÀ½°ú °°Àº openssl rand ¿É¼ÇÀ¸·Î
/dev/random ÀåÄ¡¸¦ ´ë½ÅÇÏ´Â ·£´ýµ¥ÀÌŸ¸¦ ÀÔ·ÂÇÕ´Ï´Ù.
- rand.dat ÆÄÀÏÀº [·£´ýµ¥ÀÌŸ seed] ÆÄÀÏ·Î ¼¹ö»óÀÇ ·Î±×ÆÄÀÏ º¹»çº»À¸·Î ¸¸µå½Ã¸é µË´Ï´Ù.
- $SSL_KEY_STORE º¯¼ö´Â ssl °³ÀÎÅ°¸¦ º¸°üÇÏ´Â µð·ºÅ丮¸¦ °¡¸£Åµ´Ï´Ù.
¢Ã
[root@web1 root]# cd $SSL_KEY_STORE
[root@web1 ssl]# cp [¼¹ö·Î±×ÆÄÀÏÀúÀå°æ·Î]/error_log rand.dat
[root@web1 ssl]# openssl genrsa -rand rand.dat -des3 -out ssl2007.key 1024
34523 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.................................++++++
.......++++++
e is 65537 (0x10001)
Enter pass phrase for ssl2007.key: ******
Verifying - Enter pass phrase for ssl2007.key: ******
[root@web1 ssl]#
Æнº¿öµå¸¦ ¼³Á¤Ç϶ó´Â ¸Þ½ÃÁö°¡ ³ª¿À¸é ¿øÇÏ´Â Æнº¿öµå¸¦ ÀÔ·ÂÇÕ´Ï´Ù. ÀÌ Æнº¿öµå´Â ³ªÁß¿¡ ÀÎÁõ¼¸¦ ¼³Ä¡ÇÒ ¶§ ÇÊ¿äÇϹǷΠ¹Ýµå½Ã ±â¾ïÇØµÎ¼Å¾ß ÇÕ´Ï´Ù.
ÀÔ·ÂÀ» ¸¶Ä¡¸é 1024ºñÆ® RSA Å°°¡ »ý¼ºµÇ¾î ssl2007.key¶ó´Â À̸§À¸·Î ÀúÀåµË´Ï´Ù. ssl2007.key´Â ´Ù¸¥ Àû´çÇÑ À̸§À¸·Î ¹Ù²Ù¾îµµ ¹«¹æÇÕ´Ï´Ù.
4. °³ÀÎÅ° È®ÀÎ
- À§ÀÇ ÀÛ¾÷°ú °è¼Ó ¿¬°üµÈ ÀÛ¾÷À» ÁøÇàÇÕ´Ï´Ù.
¢Ã
[root@web1 ssl]# openssl rsa -noout -text -in ssl2007.key
Enter pass phrase for ssl.key: ******
Private-Key: (1024 bit)
modulus:
00:da:bf:f3:39:d7:c6:1f:bd:6f:a7:b8:aa:67:f2:
...
coefficient:
6b:26:51:9e:fb:77:cf:7e:d4:2a:a6:d2:7f:21:fa:
42:e4:7c:54:2e:5e:e9:fb:03:a6:25:d0:6a:fc:e9:
e1:1b:45:82:61:c0:35:a9:50:25:0a:75:2a:f8:cc:
87:10:30:9d:bd:36:8e:4b:f6:55:0d:08:30:e8:55:
e4:00:3b:ec
[root@web1 ssl]#
Æнº¿öµå¸¦ ÀÔ·ÂÇ϶ó´Â ¸Þ½ÃÁö°¡ ³ª¿À¸é °³ÀÎÅ°¿¡ ¼³Á¤ÇÑ Æнº¿öµå¸¦ ÀÔ·ÂÇÕ´Ï´Ù. ±×·¯¸é À§¿Í °°ÀÌ »ý¼ºµÈ °³ÀÎÅ°¸¦ È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.
5. CSR »ý¼º
ÀÎÁõ¼¸¦ ½ÅûÇϱâ À§ÇÑ Á¤º¸¸¦ ÀÔ·ÂÇÕ´Ï´Ù.
<ÁÖÀÇ»çÇ×>°ú <ÀԷ¿¹>¸¦ ¹Ýµå½Ã ÀоîÁֽðí ÀÌ¿¡ µû¶ó¼ Á¤º¸¸¦ ÀÔ·ÂÇϽñ⠹ٶø´Ï´Ù.
<ÁÖÀÇ»çÇ×>
¨ç Organization(¿µ¹®È¸»ç¸í)¿¡´Â < > ~ ! @ # $ % ^ * / \ ( ) ? µîÀÇ Æ¯¼ö ¹®ÀÚ¸¦ ³ÖÀ» ¼ö ¾ø½À´Ï´Ù. »ç¾÷ÀÚ µî·ÏÁõ¿¡ ±âÀçµÈ ȸ»ç¸í°ú ÀÏÄ¡ÇÏ´Â ¿µ¹®È¸»ç¸íÀ» ³Ö¾î Áֽñ⠹ٶø´Ï´Ù. (¿¹: »ç¾÷ÀÚ µî·ÏÁõ¿¡ '´å³×ÀÓ ÄÚ¸®¾Æ'À̸é dotname korea À¸·Î ³Ö¾îÁÖ¼Å¾ß ÇÕ´Ï´Ù. dotname¸¸ ³ÖÀ¸½Ã¸é ¾ÊµË´Ï´Ù.)
¶ÇÇÑ, ÀÎÁõ¼¸¦ ¼³Ä¡ÇÒ Common Name(ÀÎÁõ ¹ÞÀ» µµ¸ÞÀÎ ÁÖ¼Ò)¿¡ ÇØ´çÇÏ´Â µµ¸ÞÀÎÀÇ µî·ÏÁ¤º¸¸¦ ¹Ýµå½Ã ÂüÁ¶Çϼż ÇØ´ç µî·ÏÁ¤º¸¿¡ ±âÀçµÈ ȸ»ç¸íÀ» Âü°í ÇÏ½Ç ¼ö ÀÖ°Ú½À´Ï´Ù.
¿µ¹® ȸ»ç¸íÀº ¼ÒÀ¯ÇÏ°í °è½Å µµ¸ÞÀÎÀÌ com/net/orgÀÎ °æ¿ì¿¡´Â Network Solutions¿¡¼, krÀÎ °æ¿ì¿¡´Â KRNIC¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.
¨è Common Name(ÀÎÁõ ¹ÞÀ» µµ¸ÞÀÎ ÁÖ¼Ò)¿¡´Â IP ÁÖ¼Ò, Æ÷Æ®¹øÈ£, °æ·Î¸í, http:// µîÀ» Æ÷ÇÔÇÒ ¼ö ¾ø½À´Ï´Ù.
¨é Á¤º¸ÀÔ·Â °úÁ¤¿¡¼ ¸¶Áö¸·¿¡ ³ª¿À´Â Extra Attributes, Áï A challenge password¿Í An optional company nameÀº ÀÔ·ÂÇÏÁö ¸¶½Ã°í EnterÅ°¸¸ ´·¯ÁÖ¼Å¾ß ÇÕ´Ï´Ù. µÎ Ç׸ñ¿¡ ³»¿ëÀ» ÀÔ·ÂÇÏ½Ç °æ¿ì À߸øµÈ CSRÀÌ »ý¼ºµÉ ¼ö ÀÖ½À´Ï´Ù.
<ÀÔ·Â ¿¹>
Country Name (±¹°¡ÄÚµå) : KR
State or Province Name (½Ã/µµ) : Seoul
Locality Name (±¸/±º) : Songpa
Organization Name (ȸ»ç¸í) : Dotname Korea
Organizational Unit Name (ºÎ¼¸í) : Digital Certificate Team
Common Name (ÀÎÁõ ¹ÞÀ» µµ¸ÞÀÎ ÁÖ¼Ò) : www.anycert.co.kr
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name : anycert
- À§ÀÇ ÀÛ¾÷°ú °è¼Ó ¿¬°üµÈ ÀÛ¾÷À» ÁøÇàÇÕ´Ï´Ù.
¢Ã
[root@web1 ssl]# openssl req -new -key ssl2007.key -out ssl2007.csr
Enter pass phrase for ssl.key: ******
...
Country Name (2 letter code) [KR]:kr
State or Province Name (full name) [Berkshire]:Seoul
Locality Name (eg, city) [Newbury]:Songpa
Organization Name (eg, company) [My Company Ltd]:Dotname Korea
Organizational Unit Name (eg, section) []:Digital Certificate Team
Common Name (eg, your name or your server's hostname) []:www.anycert.co.kr
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ******
An optional company name []:anycert
[root@web1 ssl]#
(°³ÀÎÅ° ÆÄÀÏÀÎ ssl2007.key ·ÎºÎÅÍ CSR ÆÄÀÏÀÎ ssl2007.csrÀÌ »ý¼ºµË´Ï´Ù. ssl2007.csrÀº ´Ù¸¥ À̸§À¸·Î ¹Ù²Ù¾îµµ µË´Ï´Ù.)
6. CSR È®ÀÎ
- À§ÀÇ ÀÛ¾÷°ú °è¼Ó ¿¬°üµÈ ÀÛ¾÷À» ÁøÇàÇÕ´Ï´Ù.
¢Ã
[root@web1 ssl]# openssl req -noout -text -in ssl2007.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=kr, ST=Seoul, L=Songpa, O=Dotname Korea,
OU=Digital Certificate Team, CN=www.anycert.co.kr
...
[root@web1 ssl]#
»ý¼ºµÈ CSR ÆÄÀÏÀ» È®ÀÎÇØ º¼ ¼ö ÀÖ½À´Ï´Ù.
7. °³ÀÎÅ° ¹é¾÷
- À§ÀÇ ÀÛ¾÷°ú °è¼Ó ¿¬°üµÈ ÀÛ¾÷À» ÁøÇàÇÕ´Ï´Ù.
¢Ã
[root@web1 ssl]# cp ssl2007.key /root/ssl2007.key
[root@web1 ssl]# sftp xxx.xx.xx.xx
> put ssl2007.key
¾ÈÀüÇÑ °÷¿¡ °³ÀÎÅ°¸¦ ¹é¾÷ º¹»ç¸¦ ÇØ ³õ½À´Ï´Ù.
¡Ø °³ÀÎÅ°(ssl.key)ÆÄÀÏ°ú Æнº¿öµå´Â °áÄÚ ÀÒ¾î¹ö¸®½Ã¸é ¾È µË´Ï´Ù. ¾ÈÀüÇÑ Àå¼Ò¿¡ ¹é¾÷Çصνñ⠹ٶø´Ï´Ù.
8. ¾Ö´Ï¼Æ®¿¡ CSR Á¢¼ö
»ý¼ºµÈ CSRÆÄÀÏÀ» Ãâ·ÂÇغ¸¸é ´ÙÀ½°ú °°Àº base64 Çü½ÄÀÇ ¹®¼¸¦ º¼ ¼ö ÀÖ½À´Ï´Ù.
- À§ÀÇ ÀÛ¾÷°ú °è¼Ó ¿¬°üµÈ ÀÛ¾÷À» ÁøÇàÇÕ´Ï´Ù.
¢Ã
[root@web1 ssl]# cat ssl2007.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
MIISDOIUlkmlsRRlkSllskjauASKJlalOSISLKjwBgNV
BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBU
b3duMRQwEgYDVQQKEwtPcHBvcnR1bml0aTEYMBYGA1UE
CxMPT25saW5lIFNlcnZpY2VzMRowGAYDVQQDExF3d3cu
Zm9yd2FyZC5jby56YTBaMA0GCSqGSIb3DQEBAQUAAAkl
mLKSuljSOIjsfBWu5WLHD/G4BJ+PobiC9d7S6pDvAjuy
C+dPAnL0d91tXdm2j190D1kgDoSp5ZyGSgwJh2V7diuu
PlHDAgEDoAAwDQYJKoZIhvcNAQEEBQADQQBf8LSLKknl
sklSSLlworrr334ZmXD1AvUjuDPCWzFupReiq7UR8Z0w
JUUsllkfq/IuuIlz6oCq6htdH7/tvKhh
-----END NEW CERTIFICATE REQUEST-----
[root@web1 ssl]#
ÀÌ CSR ¹®¼¸¦ ¹Ýµå½Ã ùÁÙ(-----BEGIN CERTIFICATE REQUEST-----)°ú ³¡ÁÙ(-----END CERTIFICATE REQUEST-----)ÀÌ Æ÷ÇԵǵµ·Ï º¹»çÇÏ¿© ¸Þ¸ðÀå¿¡ ºÙ¿©³Ö±â ÇÕ´Ï´Ù.
ÀÌ CSRÀ» ¾Ö´Ï¼Æ® ¸ÞÀÏ ·Î ÷ºÎÇØ Áֽñ⠹ٶø´Ï´Ù.
9. ³×Æ®¿÷ È®ÀÎ »çÇ× - SSL Àû¿ë¿¡ µû¸¥ ¹æȺ®, L4 switch ¼³Á¤ È®ÀÎ
°í°´´Ô À¥¼¹ö¿¡ SSL À» Àû¿ëÇÏ°Ô µÇ¸é, http:// (±âº» 80 Æ÷Æ®)Åë½Å°ú https:// (±âº» 443 Æ÷Æ®) Åë½Å¸¦ »ç¿ëÇÏ°Ô µË´Ï´Ù.
±×·¯¹Ç·Î, À¥¼¹ö¿¡ ¼³Á¤µÈ ¹æȺ®À̳ª L4 switchÀÇ ¼³Á¤À» ±âÁ¸ 80 Æ÷Æ® ¼³Á¤°ú °°ÀÌ 443 Æ÷Æ®µµ Ãß°¡ ¼³Á¤ÇØ ÁÖ¼Å¾ß ÇÕ´Ï´Ù.
Á¤½Ä ÀÎÁõ¼¸¦ ¹ßÇàÇϱâ±îÁö À¥¼¹öÀÇ ³×Æ®¿÷ ȯ°æ¼³Á¤¿¡ 443 Æ÷Æ®¸¦ ¿¾îÁֽô °èȹÀ» ¼¼¿öÁֱ⠹ٶø´Ï´Ù.
10. ¾Ö´Ï¼Æ® CSR ÆÄÀÏ ´ä½Å È®ÀÎ
¾Ö´Ï¼Æ®¿¡ Á¢¼öµÈ CSR ÆÄÀÏÀÌ ¿Ã¹Ù¸¥Áö ȸ½ÅÀ» µå¸³´Ï´Ù. ȸ½ÅÀ» È®ÀÎÇϽñ⠹ٶø´Ï´Ù.
±×¸®°í ¾Ö´Ï¼Æ®¿¡¼´Â º¸³»ÁֽŠCSR(Certificate Signing Request) ÆÄÀÏÀ» Åä´ë·Î Á¤½Ä ÀÎÁõ¼¸¦ ¹ß±ÞÇÏ°Ô µË´Ï´Ù.
Á¤½Ä ÀÎÁõ¼ ¹ß±Þ°ú ÇÔ²² ÀÎÁõ¼ ¼³Ä¡ ¹®¼¸¦ ¾È³»ÇØ µå¸³´Ï´Ù.