HTTPS 설정 방법

개인키 생성

[root@server ~]# openssl genrsa -out private.key 2048

[root@server ~]# cat private.key 

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAsFMFoVBQrVbhIcNsjgE+QtJKMsBhzW1YZ0o0JAbAJngt8HB6
hEjHnQoPqjVEU40Zv6ro/OwWccyQVbEe4PO2sWCTeaKhhLBT146mrxMsANo8NbxV
y3aL4QDE/bhkIs8/oiWy4O5gaKcmR2yHoFHR8h0P1M2yEu8pbRBTBGfKVee4zrne
zksI+f0PKU/B4nKG14/4EYqNZLcxXpmth5LswtaZ8obXk/DUuIQ4+TkwXweB/k+I
hOgraVxDG31GCw4SPzOKtV5B3MOqUQ5e5XpJE4w2+o6WWj2CVDtdfCjjLqGveQI2
0oTLyXrVRJtIOrEKy5/HM2I7zuTZ+cP39ArG/QIDAQABAoIBAEdckn7DHqPI8bzU
du7SGfy5V0ZLDkox4wGKyqd6A/KN2Snim/NF8WPhWo2smUanaLBl333dnwfXnuLP
mIu6l0oaqBUmePBW3Nf06AkbXUfLC2tEGgUKqXoa8Z8uLXjZIAvj7g2S7HnujFOD
3TBJbQrsMCgUR+nZ2Y5GeRLjXsR9I9RovcgirHRTZix+rL/d3MJp5JW5KQXICrUy
SO7GTVwzgfuyBZcK9/gF03jmUN/0rK8TGiEkMG+Qg6wTv2FHwaqt6JhFwsnB6wHT
U+ExpDb2kiG+AsKlAFiNXCevY4Rim/CUeGJDkJg2RvKd5PiwVU6cyyGa2kl9rzFX
Mwemu4ECgYEA4Kk10yJxRBFTqTyAAvDd7eTtKT1AGpecBGMVHD6CIwED6PRPK1lY
9ShNMn7lQUMiDCOPFmWqyEDSy78JZyt7qSzx4I9HfOPYQ1p4bLu8qx++LECfBuRM
EG9FmW0oYMqtxSVtlEd3NXlyUcdBexO8azXs2Qt4yu9BTjFBLxiOzakCgYEAyOut
fOVU11V01Jxsq2JdE0ArwUg1nO5f7eMvprOqZvo4AzGuEQ8UCp6PKz5ayfKShv+L
vHnTtLyBtrVyQR336s3tUPw3em2BJky7pej7mwMulhfJc20Q4WAFbuvMFt+WyxAh
ih4ROik0ueqPgc5NZi/fiun3w9Xy6hvDGXqaezUCgYEAueks4nh5FKPmAIFRSZ27
eXbdDyhhmN/nOvYnbQUJOiBH9QnfTfcVF2LvZx79ZiFA1pzCdv1Q84A5MGP5Swf/
wEKyMms+9Em0GCCQ0SIWgeG1xPcA4nofu+XoyYs8Q8TVQfS0FmWBb539jVD/jfMK
FAo+4mmM3xpYh3VZBLkky2kCgYBaFlo2evlch8OXpP+QpM0I2agExOTNFZDLsCbo
fvxzqdO9kuPyYCljTY7yG8ZHcE1E3IYCHznOewtKKfctvUsw695xhnU1nq3ex18H
1/wgl/+masn3yDpeY1hsUKu0wdHyAKyZKjwdMOakScjIsgDARczck2V1WJPPZl1H
KlLj1QKBgEHwv8QdLix6yc6GI/4hTFqpxqr9idh6qczfUxFlFJXpktFntKcwejMZ
ygrAOR26OJH41TW0oBN4x/7HQez5+PQ8ccWhSdYDUgEwzbRHf+nlWbAabEaslkTu
t1VEJv6h05pJG/O5VfRq3/znINMFU3XdYEVbxSaNvtOWk0e/7H8l
-----END RSA PRIVATE KEY-----

CSR 생성

[root@server ~]# openssl req -new -key private.key -out cert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:KR

State or Province Name (full name) []:Seoul

Locality Name (eg, city) [Default City]:Seoul

Organization Name (eg, company) [Default Company Ltd]:Linux

Organizational Unit Name (eg, section) []:Admin

Common Name (eg, your name or your server's hostname) []:server.example.com

Email Address []:admin@example.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:1234

An optional company name []:kim

[root@server ~]# ls -l cert.csr 

-rw-r--r--. 1 root root 1110 Apr 21 03:32 cert.csr

[root@server ~]# cat cert.csr 

-----BEGIN CERTIFICATE REQUEST-----
MIIC+zCCAeMCAQAwgYwxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEOMAwG
A1UEBwwFU2VvdWwxDjAMBgNVBAoMBUxpbnV4MQ4wDAYDVQQLDAVBZG1pbjEbMBkG
A1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBl
eGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBTBaFQ
UK1W4SHDbI4BPkLSSjLAYc1tWGdKNCQGwCZ4LfBweoRIx50KD6o1RFONGb+q6Pzs
FnHMkFWxHuDztrFgk3mioYSwU9eOpq8TLADaPDW8Vct2i+EAxP24ZCLPP6IlsuDu
YGinJkdsh6BR0fIdD9TNshLvKW0QUwRnylXnuM653s5LCPn9DylPweJyhteP+BGK
jWS3MV6ZrYeS7MLWmfKG15Pw1LiEOPk5MF8Hgf5PiIToK2lcQxt9RgsOEj8zirVe
QdzDqlEOXuV6SROMNvqOllo9glQ7XXwo4y6hr3kCNtKEy8l61USbSDqxCsufxzNi
O87k2fnD9/QKxv0CAwEAAaApMBIGCSqGSIb3DQEJAjEFDANraW0wEwYJKoZIhvcN
AQkHMQYMBDEyMzQwDQYJKoZIhvcNAQELBQADggEBAH2jY0uOuHeFiNMwS9sUhoSD
tGTC5HOd3TYrICIdjlRqryXNGHDlxAcggIl2SaC1d+Xoir0fXoE69aes+f5ym/cW
zXCCdn229gqexB689OzgYSgFXqTdcVbYsZRW4NSSoTu8jbvhYh0Zav8HDxv82ILX
SH9pzIQ80PpxX5WjydzVi+8sjVli4s7zRM2q5LABm3aJ354Wft7yM2NYllgrRcFt
0OeifwYPLB0JEYODOlBxMvAJxZmltLXVOArT8FOIchL4XkUeh48Q19AyjFEZcU2/
zodDgf+CHHjOzTUCRm24FF5LrwtuLsqMbYsnBQfJOvtjRu97wwC649epMgc1TUk=
-----END CERTIFICATE REQUEST-----

실제 사용할 인증서 생성

[root@server ~]# openssl x509 -req -signkey private.key -in cert.csr -out cert.crt
Signature ok

subject=/C=KR/ST=Seoul/L=Seoul/O=Linux/OU=Admin/CN=server.example.com/emailAddress=admin@example.com
Getting Private key

SSL, TLS 설정

[root@server ~]# yum -y install mod_ssl
[root@server ~]# vi /etc/httpd/conf.d/ssl.conf

<VirtualHost _default_:443>
     13 DocumentRoot "/var/www/html"
     14 ServerName www.example.com:443 
     15 SSLCertificateFile /etc/pki/tls/certs/cert.crt
     16 SSLCertificateKeyFile /etc/pki/tls/private/private.key 
</VirtualHost>