Apache๋ฅผ Https๋ก ๋ณด์
# ์ธ์ฆ์ ๋ฃ์ ํ์ผ๋ก ์ด๋
cd /etc/pki/tls/certs/
# ํค ์์ฑ
openssl genrsa -out http.key 2048
# csr ํ์ผ ์์ฑ
openssl req -new -key http.key -out http.csr
# crt ํ์ผ ์์ฑ
openssl x509 -req -days 365 -in http.csr -signkey http.key -out http.crt
# sslํ์ผ ์ค์น
yum -y install mod_ssl
# ssl ์ค์ ํ์ผ ์์
vim /etc/httpd/conf.d/ssl.conf
# Server Certificate:
96 # Point SSLCertificateFile at a PEM encoded certificate. If
97 # the certificate is encrypted, then you will be prompted for a
98 # pass phrase. Note that a kill -HUP will prompt again. A new
99 # certificate can be generated using the genkey(1) command.
100 SSLCertificateFile /etc/pki/tls/certs/http.crt
101
102 # Server Private Key:
103 # If the key is not combined with the certificate, use this
104 # directive to point at the key file. Keep in mind that if
105 # you've both a RSA and a DSA private key you can configure
106 # both in parallel (to also allow the use of DSA ciphers, etc.)
107 SSLCertificateKeyFile /etc/pki/tls/certs/http.key
# httpd ์ฌ ๊ตฌ๋
systemctl restart httpd
# http, https ํ์ธ
netstat -natlp | grep http
<https://192.168.111.100>
Tomcat์ Https๋ก ๋ณด์
# ํค ์์ฑ
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/pki/keystore
# ํค ํ์ธ
cd /etc/pki
# ํ์ผ ํ์ธ
file keystore
# ํ์ผ ์์
vim /usr/share/tomcat/conf/server.xml
87 <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
88 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
89 clientAuth="false" sslProtocol="TLS"
90 keystoreFile="/etc/pki/keystore" keystorePass="p@ssw0rd" />
# tomcat ์ฌ ๊ตฌ๋
systemctl restart tomcat
# tomcat ํ์ธ
lsof -i tcp:8443
<https://192.168.111.100:8443>