서버에 SSL 인증서 붙이기

Sangyeong Je·2023년 1월 16일
0

서버설정

목록 보기
1/6
  1. 인증서파일(certificate.cnf,ca_bundle.crt)과 암호파일을(private.key) 준비

  2. 리눅스 서버에 openssl 패키지를 설치

    • rpm -qa openssl
    • yum install openssl
    • yum -y install openssl-devel
  3. 암호파일 패스워드 벗겨내고 (※암호 파일 백업필수) 암호파일을 사용하기위해 권한 777로 설정

    • openssl rsa -in private.key -out private.key.nopass
    • ※ 패스워드 벗겨낼때 비번입력 해야 할 수 도 있음.
  4. /etc/httpd/conf.d/ssl.conf 로 닼뤁 설정

Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLCryptoDevice builtin

<VirtualHost *:443>
  ServerName naver.com
  ServerAlias naver.com
  DocumentRoot /
  
  <Directory "/">
    AllowOverride FileInfo
    Require all granted
    DirectoryIndex index.php
  </Directory>
  
  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
 
  SSLCertificateFile /certificate.crt
  SSLCertificateKeyFile /private.key
  SSLCACertificateFile /ca_bundle.crt
 
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
        </Files>
        <Directory "/var/www/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn
  CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<VirtualHost *:443>
  ServerName naver.com
  ServerAlias naver.com
  DocumentRoot /
  
  <Directory "/">
    AllowOverride FileInfo
    Require all granted
    DirectoryIndex index.php
  </Directory>
  
  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
 
  SSLCertificateFile /certificate.crt
  SSLCertificateKeyFile /private.key
  SSLCACertificateFile /ca_bundle.crt
 
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
        </Files>
        <Directory "/var/www/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn
  CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
  1. 노드서버 있을시 서버설정에서 ssl 붙이기
    /UseAll.js
var fs = require('fs');
//익스프레스,바디파스,포스트 받기,JSON 까찌 다 되는 형태
var options = {
    key: fs.readFileSync('/nopassprivate.key'),
    cert: fs.readFileSync('/certificate.crt'),
    ca: fs.readFileSync('/erp/KIC_IN/SSL/ca_bundle.crt')
};
var express = require('/node_modules/express');
var socketio = require('/node_modules/socket.io');
var request = require('/node_modules/request');
var app = express();
var server = require('https').createServer(options,app);
var io = require('socket.io')(server);

var port = process.env.PORT || 30000;
var bodyParser = require('body-parser');
app.use(bodyParser.json());

server.listen(port, function () {
    console.log('New client');
});

0개의 댓글