์ƒˆ์†Œ์‹

์ธ๊ธฐ ๊ฒ€์ƒ‰์–ด

๐Ÿ’ป Linux

CentOS7 HTTPS ๋ณด์•ˆ

  • -
๋ฐ˜์‘ํ˜•

Apache๋ฅผ Https๋กœ ๋ณด์•ˆ

# ์ธ์ฆ์„œ ๋„ฃ์„ ํŒŒ์ผ๋กœ ์ด๋™
cd /etc/pki/tls/certs/
# ํ‚ค ์ƒ์„ฑ
openssl genrsa -out http.key 2048
# csr ํŒŒ์ผ ์ƒ์„ฑ
openssl req -new -key http.key -out http.csr
# crt ํŒŒ์ผ ์ƒ์„ฑ
openssl x509 -req -days 365 -in http.csr -signkey http.key -out http.crt

# sslํŒŒ์ผ ์„ค์น˜
yum -y install mod_ssl
# ssl ์„ค์ • ํŒŒ์ผ ์ˆ˜์ •
vim /etc/httpd/conf.d/ssl.conf
#   Server Certificate:
 96 # Point SSLCertificateFile at a PEM encoded certificate.  If
 97 # the certificate is encrypted, then you will be prompted for a
 98 # pass phrase.  Note that a kill -HUP will prompt again.  A new
 99 # certificate can be generated using the genkey(1) command.
100 SSLCertificateFile /etc/pki/tls/certs/http.crt
101 
102 #   Server Private Key:
103 #   If the key is not combined with the certificate, use this
104 #   directive to point at the key file.  Keep in mind that if
105 #   you've both a RSA and a DSA private key you can configure
106 #   both in parallel (to also allow the use of DSA ciphers, etc.)
107 SSLCertificateKeyFile /etc/pki/tls/certs/http.key

# httpd ์žฌ ๊ตฌ๋™
systemctl restart httpd

# http, https ํ™•์ธ
netstat -natlp | grep http

<https://192.168.111.100>

Tomcat์„ Https๋กœ ๋ณด์•ˆ

# ํ‚ค ์ƒ์„ฑ
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/pki/keystore
# ํ‚ค ํ™•์ธ
cd /etc/pki
# ํŒŒ์ผ ํ™•์ธ
file keystore

# ํŒŒ์ผ ์ˆ˜์ •
vim /usr/share/tomcat/conf/server.xml

 87     <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
 88                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
 89                clientAuth="false" sslProtocol="TLS"
 90                keystoreFile="/etc/pki/keystore" keystorePass="p@ssw0rd" />

# tomcat ์žฌ ๊ตฌ๋™
systemctl restart tomcat

# tomcat ํ™•์ธ
lsof -i tcp:8443

<https://192.168.111.100:8443>
๋ฐ˜์‘ํ˜•
Contents

ํฌ์ŠคํŒ… ์ฃผ์†Œ๋ฅผ ๋ณต์‚ฌํ–ˆ์Šต๋‹ˆ๋‹ค

์ด ๊ธ€์ด ๋„์›€์ด ๋˜์—ˆ๋‹ค๋ฉด ๊ณต๊ฐ ๋ถ€ํƒ๋“œ๋ฆฝ๋‹ˆ๋‹ค.