[Linux]openssl CSR 생성 및 VeriSign(베리사인) SSL 인증서 Tomcat 8 적용 환경설정
http://blog.naver.com/wizardkyn/220649935374
## 아파치 설치용으로 CSR을 생성하고, 발급받은 VeriSign(베리사인) SSL 인증서를 Tomcat 8 에 적용 CSR 생성 Domain Name : www.mycompany.com 1. 개인키 생성 openssl genrsa -des3 -out mycompany.key 2048 ............+++ ............+++ e is 65537 (0x10001) Enter pass phrase for mycompany.key:적당한패스워드
Verifying - Enter pass phrase for mycompany.key:적당한패스워드 확인 openssl rsa -noout -text -in mycompany.key // 위에서 입력한 패스워드 입력 2. CSR 생성 openssl req -new -key mycompany.key -out mycompany.com.csr Country Name (2 letter code) [XX]:KR State or Province Name (full name) []:Seoul Locality Name (eg, city) [Default City]:DongJakGu Organization Name (eg, company) [Default Company Ltd]:Mycompany Inc Organizational Unit Name (eg, section) []:Research Institute Common Name (eg, your name or your server's hostname) []:www.mycompany.com Email Address []:admin@mycompany.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: // Enter만 입력해서 다음 단계로 An optional company name []: // Enter만 입력해서 다음 단계로 확인 openssl req -noout -text -in mycompany.com.csr 제출 cat mycompany.com.csr -----BEGIN CERTIFICATE REQUEST----- MIIC8zCCAdsCAQAwga0xCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEQMA4G A1UEBwwHRG9uZ0phazEWMBQGA1UECgwNTXljb21wYW55IEluYzEkMCIGA1UECwwb UmVzZWFyY2ggUmVzZWFyY2ggSW5zdGl0dXRlMRowGAYDVQQDDBF3d3cubXljb21w YW55LmNvbTEiMCAGCSqGSIb3DQEJARYTYWRtaW5AbXljb21wYW55LmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOVAqlrYAdNX/pUgkpvC2CrnvDTI rSrwEUFrbDRBigfA8uNExmahOYeM92ZDnDKaXSPmcIrvxSHY5aNP206LQOKzVaZl VrJH7O4COUMurG0ykcR0WeDBN2sdVdOwizNzI9tz67FkLwY3D8dv9oMoQKmjTye2 5cn3SUwHnlu9AYYRIl0ZObDWOSETIxnmCaEQqZBKYgj60nnH0RPnHbUnYxuCan/s HQprB+wna6R+tyw1kI+DDXWPwG9rysPCHOqvWCQ8Yp5i79uSjebVhKzIPCj728kx pZvwwauFMaDWZ13ITy3Bsw7MxxjFtC1xgZ9i1r4zWqQCtl/6fvKxXrVlvcUCAwEA AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB/3ex7BXygvZt0/KFwG4gw8vsLeE0z2FI8 D+/tx0FmB2VS8Ghhv/u7DuLgUjLwslwBAX76YQUpQEXBo3Vxptz2o00cgp4YdFgh +uHmVnUN2oZ5x0iJtQp1cNqDoLOJmIuZgPiy2zhrmG2tw8swNGn23vSNHCGXCozx 18UCuLLYCxknT+n09/4P5q6mGJKz0OHSSzyRxn+Icmne8eDNkLLxK5msCuXW2eyU 3DNG/NXe3Rp14Qmn9VixSB1gBHvIQeWGbFXEAn804d63eE1gcqjVd/LWqeYhdemc vEk/7iEGubT5hLUBY7XYxiaBY2hj6gBTtq0EFg0ylDjRnWgr9fOo
-----END CERTIFICATE REQUEST----- VeriSign으로부터 발급받은 SSL 인증서를 Tomcat 8에 적용 1. 패스워드 구문 제거 mycompany.key를 그냥 사용하면 톰캣 시작시에 패스워드를 입력하라는 프롬프트가 나타나면서 기동이 정지된다. 따라서 패스워드 구문이 제거된 새로운 키 파일을 생성해서 톰캣에 적용한다. openssl rsa -in mycompany.key -out mycompany.key.nopass // 위에서 입력한 패스워드 입력 확인 openssl rsa -noout -text -in mycompany.key.nopass // 패스워드 입력 없이 출력되면 성공 2. server.xml 수정 <Connector URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11AprProtocol" port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/home/tomcat/conf/www_mycompany_com_cert.pem" SSLCertificateKeyFile="/home/tomcat/conf/mycompany.key.nopass" SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/> 참고 URL |