Skip to content

Instantly share code, notes, and snippets.

@oeegee

oeegee/Apache-2.4.4, SSL인증서 설치

Last active December 17, 2015 00:28
Show Gist options
  • Save oeegee/5520772 to your computer and use it in GitHub Desktop.
Save oeegee/5520772 to your computer and use it in GitHub Desktop.
Download ZIP
[AA+ Reference Document] for Apache-2.4.4 installation
Raw
Apache-2.4.4, SSL인증서 설치
#### Apache-2.4.4 installation ####
[컴파일 및 설치 대상]
apache-apr.1.4.6
apache-apr-util.1.5.1
apache-httpd-2.4.4
[APR 이란?]
APR - 여러 플랫폼에 적용가능하도록 하나의 api를 사용해서 compile 하도록 구성함.
APR-UTIL - 여러 편리한 API를 제공
APR기능
� UUID Internet generation
� Filename canonicalization
� Random data generation
� Global lock management
� Threads and process management
� Dynamic library loading routines
� Memory mapped and shared memory
[apr 다운로드 및 설치]
Base Source DownLoad Director : /home/ubuntu/down/
Base Install Directory : /project/AA+/servers/httpd-2.4.4
$ wget http://apache.mirror.cdnetworks.com//apr/apr-1.4.6.tar.gz
--2013-05-04 23:24:27-- http://apache.mirror.cdnetworks.com//apr/apr-1.4.6.tar.gz
Resolving apache.mirror.cdnetworks.com (apache.mirror.cdnetworks.com)... 61.110.198.174
Connecting to apache.mirror.cdnetworks.com (apache.mirror.cdnetworks.com)|61.110.198.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 982243 (959K) [application/x-gzip]
Saving to: `apr-1.4.6.tar.gz.1'
100%[=======================================================================>] 982,243 344K/s in 2.8s
2013-05-04 23:24:31 (344 KB/s) - `apr-1.4.6.tar.gz.1' saved [982243/982243]
# 압축해제
$ root@ip-10-161-5-236:/home/ubuntu/down# tar xvfz apr-1.4.6.tar.gz
$ ./configure --prefix=/project/AA+/servers/httpd-2.4.4 --datadir=/project/AA+/servers/httpd-2.4.4/workspaces --enable-shared
[configure exception]
http://system.neulwon.com/xe/linux_os/2472
1. apr 컴파일 오류 발생시
config.status: executing libtool commands
rm: cannot remove `libtoolT': No such file or directory
config.status: executing default commands
config.status: include/apr.h is unchanged
config.status: include/arch/unix/apr_private.h is unchanged
(위와 같은 에러 출력시 아래처럼 파일을 복사해주고 진행을 계속 합니다.)
$ cp -arp libtool libtoolT
$ make
$ make install
[apr-util 다운로드 및 설치]
$ root@ip-10-161-5-236:/home/ubuntu/down# wget http://apache.mirror.cdnetworks.com//apr/apr-util-1.5.2.tar.gz
--2013-05-04 23:25:44-- http://apache.mirror.cdnetworks.com//apr/apr-util-1.5.2.tar.gz
Resolving apache.mirror.cdnetworks.com (apache.mirror.cdnetworks.com)... 61.110.198.174
Connecting to apache.mirror.cdnetworks.com (apache.mirror.cdnetworks.com)|61.110.198.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 867573 (847K) [application/x-gzip]
Saving to: `apr-util-1.5.2.tar.gz'
100%[=======================================================================>] 867,573 339K/s in 2.5s
2013-05-04 23:25:47 (339 KB/s) - `apr-util-1.5.2.tar.gz' saved [867573/867573]
# 압축해제
$ root@ip-10-161-5-236:/home/ubuntu/down# tar xvfz apr-util-1.5.2.tar.gz
$ ./configure --prefix=/project/AA+/servers/httpd-2.4.4 --infodir=/project/AA+/servers/httpd-2.4.4/info --mandir=/project/AA+/servers/httpd-2.4.4/man --sysconfdir=/project/AA+/servers/httpd-2.4.4/conf --datadir=/project/AA+/servers/httpd-2.4.4/var --with-apr=/project/AA+/servers/httpd-2.4.4
$ make && make install
[openssl update]
## httpd compile 시 오류가 발생한다면...
checking for OpenSSL version >= 0.9.7... FAILED
configure: WARNING: OpenSSL version is too old
참고 : https://help.ubuntu.com/community/OpenSSL
$ apt-cache search libssl | grep SSL
$ apt-get upgrade openssl
libssl0.9.8 - SSL shared libraries
[openssl-10.0.1e source 개별 파일 다운 & compile]
참고 : http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html
100%[=======================================================================>] 4,459,777 770K/s in 6.8s
2013-05-05 17:25:54 (638 KB/s) - `openssl-1.0.1e.tar.gz' saved [4459777/4459777]
[compile]
$ ./config --prefix=/usr \
--openssldir=/etc/ssl \
shared \
zlib-dynamic &&
*** openssl compile 중 오류발생 ***
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o c_zlib.o c_zlib.c
c_zlib.c:25:18: fatal error: zlib.h: No such file or directory
compilation terminated.
make[2]: *** [c_zlib.o] Error 1
make[2]: Leaving directory `/home/ubuntu/down/openssl-1.0.1e/crypto/comp'
make[1]: *** [subdirs] Error 1
make[1]: Leaving directory `/home/ubuntu/down/openssl-1.0.1e/crypto'
make: *** [build_crypto] Error 1
[해결방법: ssl lib점검 & zlib 설치]
$ apt-cache search ssl
$ apt-get install zlib1g-dev
[compile 재시도!]
$ ./config --prefix=/usr \
--openssldir=/etc/ssl \
shared \
zlib-dynamic &&
$ make && make install
[httpd-2.4.4 다운로드 및 구성]
$ cd /home/ubuntu/down/
$ root@ip-10-161-5-236:/home/ubuntu/down# wget http://mirror.apache-kr.org//httpd/httpd-2.4.4.tar.gz
$ 압축해제
$ root@ip-10-161-5-236:/home/ubuntu/down# tar xvfz apr-util-1.5.2.tar.gz
$ ./configure --prefix=/project/AA+/servers/httpd-2.4.4 --enable-mpms-shared=all --with-mpm=event --enable-static-support --enable-mods-shared=reallyall --enable-proxy=shared --enable-proxy-ajp=shared --enable-proxy-balancer=shared --enable-proxy-connect=shared --enable-proxy-ftp=shared --enable-proxy-http=shared --enable-vhost-alias --enable-rewrite --enable-ssl --with-ssl=/etc/ssl/ --with-apr=/project/AA+/servers/httpd-2.4.4 --with-apr-util=/project/AA+/servers/httpd-2.4.4 && make
---------------------------
<-- 성공(--enable-so 제거)
$ ./configure --prefix=/project/AA+/servers/httpd-2.4.4 --enable-mpms-shared=all --with-mpm=event --enable-static-support --enable-mods-shared=reallyall --enable-proxy=shared --enable-proxy-ajp=shared --enable-proxy-balancer=shared --enable-proxy-connect=shared --enable-proxy-ftp=shared --enable-proxy-http=shared --enable-vhost-alias --enable-rewrite --enable-ssl --with-ssl=/etc/ssl/ --enable-so --with-apr=/project/AA+/servers/httpd-2.4.4 --with-apr-util=/project/AA+/servers/httpd-2.4.4 && make && make install
---------------------------
<-- 실패
[SSL 인증서 생성 및 설치]
참조 : http://jmnote.com/wiki/%EA%B0%9C%EC%9D%B8%EC%84%9C%EB%AA%85_SSL_%EC%9D%B8%EC%A6%9D%EC%84%9C_%EC%83%9D%EC%84%B1
1. server.key 생성(개인키)
$ root@ip-10-161-5-236:mkdir -p /home/ubuntu/ssl
$ root@ip-10-161-5-236:cd /home/ubuntu/ssl
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
............................................+++
...+++
e is 65537 (0x10001)
Enter pass phrase for server.key: aaplus
Verifying - Enter pass phrase for server.key: aaplus
2. 암호 제거
$ root@ip-10-161-5-236:/home/ubuntu/ssl# cp server.key server.key.org
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
3. server.csr 파일 생성 (인증요청서)
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl req -new -key server.key.org -out server.csr
Enter pass phrase for server.key.org:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Gangnamgu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AA+
Organizational Unit Name (eg, section) []:AA+
Common Name (e.g. server FQDN or YOUR name) []:aaplus.pe.kr
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
4. server.crt 생성(인증서)
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=KR/ST=Seoul/
5. ssl 인증서 httpd 에 복사
$ cp -R ./ssl/ /project/AA+/servers/httpd-2.4.4/conf/
[인증서 handshake]
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# openssl s_client -connect 127.0.0.1:443 | openssl x509
depth=0 C = KR, ST = Seoul, L = Gangnamgu, O = "AA+", OU = "AA+", CN = aaplus.pe.kr
verify error:num=18:self signed certificate
verify return:1
depth=0 C = KR, ST = Seoul, L = Gangnamgu, O = "AA+", OU = "AA+", CN = aaplus.pe.kr
verify return:1
-----BEGIN CERTIFICATE-----
MIIDRDCCAiwCCQDL41YNyCjsNTANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJL
UjEOMAwGA1UECAwFU2VvdWwxEjAQBgNVBAcMCUdhbmduYW1ndTEMMAoGA1UECgwD
QUErMQwwCgYDVQQLDANBQSsxFTATBgNVBAMMDGFhcGx1cy5wZS5rcjAeFw0xMzA1
MDYxNDQxMjlaFw0xNDA1MDYxNDQxMjlaMGQxCzAJBgNVBAYTAktSMQ4wDAYDVQQI
DAVTZW91bDESMBAGA1UEBwwJR2FuZ25hbWd1MQwwCgYDVQQKDANBQSsxDDAKBgNV
BAsMA0FBKzEVMBMGA1UEAwwMYWFwbHVzLnBlLmtyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA3Ue471A/W/qthTizqWxK+7F8Emi4JStCfZD16PnvQ/V2
8kdqrO9Smb9lg1f5OwLYK/1ik2Wu5JoCu3Y1TqM8CqcPScfiqx9AawnX6JYuyA51
qDaGsVzhg2CJd/1R7mEvrsX2iYh1wG+7ZNw3+9PYPgOUx4pvcH9y3y7Jc9Qu5Cy2
PnKQtQvCnU/DVaQnoZUTzFV+St2CVjYYkW6O/SW30rLI6EG2ofJlb7mEMB3d+jPi
WfoblQ1BJtaDzsz3SUd8KK4XvJP8Z02N8H80RGmu4J4dbexKZB+yagOYAvwtQ3e5
tIIjxPfPJYY/wkmHChzxLOplpl8W3yL2MFwzZ1U3OwIDAQABMA0GCSqGSIb3DQEB
BQUAA4IBAQCbnAF6z1ePyFHOnPFHw7SuJ7MZ445ccoJDC6f5nbKmXtmJqYehYifE
zI9cE5U7HYPCmOOlOZwmrAunH65c/MIw5XW7skOGjq/moqWkXYPKBXIiSN8UsPtz
MUKQqQEtfhOnJSy/080vMuAcS0scrthyylyCu9i5jAw33PxkMzbPgGtSSKcmAYDs
JB5XneWUmKHqYW9x9yjzW5lLUm2XnbIKtlC9XVXMC3Pp3hEvPVOdBqVvOrPSKNyU
djiI0xTIUhgnJMfFM/JeILgLB+Hrv0DZ11TP4bc9HfDB1LN1RMswLCV14qqofQaH
cDu6Qhefk2xJ3np+C/hfdjoNlns4MDCR
-----END CERTIFICATE-----
^C
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin#
[인증서 만료일 확인]
root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# openssl s_client -connect localhost:443 < /dev/null 2>&1 | openssl x509 -noout -enddate
notAfter=May 6 14:41:29 2014 GMT
6. Httpd.conf 수정
$ vi /project/AA+/servers/httpd-2.4.4/conf/httpd.conf
----------------------------
Listen 80
LoadModule ssl_module modules/mod_ssl.so #추가
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #추가
Include conf/extra/httpd-ssl.conf #주석풀기
----------------------------
7. httpd-vhosts.conf 수정
참고 : http://httpd.apache.org/docs/2.4/vhosts/examples.html
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/conf/extra# vi httpd-vhosts.conf
-------------------------------------------------------------------------
# NameVirtualHost *:80 : 제거 (2.4.4 에서는 의미가 없음)
<VirtualHost _default_:80>
ServerAdmin [email protected]
DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aaplus"
ServerName *
ErrorLog "logs/default-error_log"
CustomLog "logs/default-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aaplus"
ServerName www.aaplus.pe.kr
ErrorLog "logs/www-error_log"
CustomLog "logs/www-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aa1"
ServerName aa1.aaplus.pe.kr
ErrorLog "logs/aa1-error_log"
CustomLog "logs/aa1-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aa2"
ServerName aa2.aaplus.pe.kr
ErrorLog "logs/aa2-error_log"
CustomLog "logs/aa2-access_log" common
</VirtualHost>
-------------------------------------------------------------------------
$ vi httpd-ssl.conf
-------------------------------------------------------------------------
## SSL Virtual Host Context
Listen 443
<VirtualHost _default_:443>
ServerAdmin [email protected]
DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aaplus"
ServerName www.aaplus.pe.kr
ErrorLog "logs/default-ssl-error_log"
#CustomLog "logs/default-ssl-access_log" common
TransferLog "logs/default-ssl-access_log"
#CustomLog logs/default-ssl-error "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLCertificateFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.crt
SSLCertificateKeyFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aaplus"
ServerName www.aaplus.pe.kr
ErrorLog "logs/www-ssl-error_log"
#CustomLog "logs/www-ssl-access_log" common
TransferLog "logs/www-ssl-access_log"
#CustomLog logs/www-ssl-error "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLCertificateFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.crt
SSLCertificateKeyFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aa1"
ServerName aa1.aaplus.pe.kr
ErrorLog "logs/aa1-ssl-error_log"
#CustomLog "logs/aa1-ssl-access_log" common
TransferLog "logs/aa1-ssl-access_log"
#CustomLog logs/aa1-ssl-error "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLCertificateFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.crt
SSLCertificateKeyFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aa2"
ServerName aa2.aaplus.pe.kr
ErrorLog "logs/aa2-ssl-error_log"
#CustomLog "logs/aa2-ssl-access_log" common
TransferLog "logs/aa2-ssl-access_log"
#CustomLog logs/default-ssl-error "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLCertificateFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.crt
SSLCertificateKeyFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
-------------------------------------------------------------------------
[document root 생성]
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4# mkdir docs
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4# cd docs/
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/docs# mkdir aaplus
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/docs# mkdir aa1
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/docs# mkdir aa2
[apache 시작]
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# ./apachectl start
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# ps -elf| grep httpd
[httpd 기동 점검]
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# ps -elf| grep httpd
1 S root 9379 1 0 80 0 - 19737 poll_s 16:27 ? 00:00:00 /project/AA+/servers/httpd-2.4.4/bin/httpd -k start
5 S daemon 9380 9379 0 80 0 - 91978 pipe_w 16:27 ? 00:00:00 /project/AA+/servers/httpd-2.4.4/bin/httpd -k start
5 S daemon 9381 9379 0 80 0 - 91978 pipe_w 16:27 ? 00:00:00 /project/AA+/servers/httpd-2.4.4/bin/httpd -k start
5 S daemon 9382 9379 0 80 0 - 91978 pipe_w 16:27 ? 00:00:00 /project/AA+/servers/httpd-2.4.4/bin/httpd -k start
0 S root 9465 29843 0 80 0 - 2026 pipe_w 16:27 pts/1 00:00:00 grep --color=auto httpd
[httpd 서비스 점검]
1. listening port 확인
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# netstat -apn | grep LISTEN | grep tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 24650/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 24175/httpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 24175/httpd
tcp6 0 0 :::22 :::* LISTEN 24650/sshd
2. port 동작 확인
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> q
Connection closed.
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> q
Connection closed.
3. Apache ssl handshake
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl s_client -host localhost -port 443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = KR, ST = Seoul, L = Gangnamgu, O = "AA+", OU = "AA+", CN = aaplus.pe.kr
verify error:num=18:self signed certificate
verify return:1
depth=0 C = KR, ST = Seoul, L = Gangnamgu, O = "AA+", OU = "AA+", CN = aaplus.pe.kr
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=KR/ST=Seoul/L=Gangnamgu/O=AA+/OU=AA+/CN=aaplus.pe.kr
i:/C=KR/ST=Seoul/L=Gangnamgu/O=AA+/OU=AA+/CN=aaplus.pe.kr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRDCCAiwCCQDL41YNyCjsNTANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJL
UjEOMAwGA1UECAwFU2VvdWwxEjAQBgNVBAcMCUdhbmduYW1ndTEMMAoGA1UECgwD
QUErMQwwCgYDVQQLDANBQSsxFTATBgNVBAMMDGFhcGx1cy5wZS5rcjAeFw0xMzA1
MDYxNDQxMjlaFw0xNDA1MDYxNDQxMjlaMGQxCzAJBgNVBAYTAktSMQ4wDAYDVQQI
DAVTZW91bDESMBAGA1UEBwwJR2FuZ25hbWd1MQwwCgYDVQQKDANBQSsxDDAKBgNV
BAsMA0FBKzEVMBMGA1UEAwwMYWFwbHVzLnBlLmtyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA3Ue471A/W/qthTizqWxK+7F8Emi4JStCfZD16PnvQ/V2
8kdqrO9Smb9lg1f5OwLYK/1ik2Wu5JoCu3Y1TqM8CqcPScfiqx9AawnX6JYuyA51
qDaGsVzhg2CJd/1R7mEvrsX2iYh1wG+7ZNw3+9PYPgOUx4pvcH9y3y7Jc9Qu5Cy2
PnKQtQvCnU/DVaQnoZUTzFV+St2CVjYYkW6O/SW30rLI6EG2ofJlb7mEMB3d+jPi
WfoblQ1BJtaDzsz3SUd8KK4XvJP8Z02N8H80RGmu4J4dbexKZB+yagOYAvwtQ3e5
tIIjxPfPJYY/wkmHChzxLOplpl8W3yL2MFwzZ1U3OwIDAQABMA0GCSqGSIb3DQEB
BQUAA4IBAQCbnAF6z1ePyFHOnPFHw7SuJ7MZ445ccoJDC6f5nbKmXtmJqYehYifE
zI9cE5U7HYPCmOOlOZwmrAunH65c/MIw5XW7skOGjq/moqWkXYPKBXIiSN8UsPtz
MUKQqQEtfhOnJSy/080vMuAcS0scrthyylyCu9i5jAw33PxkMzbPgGtSSKcmAYDs
JB5XneWUmKHqYW9x9yjzW5lLUm2XnbIKtlC9XVXMC3Pp3hEvPVOdBqVvOrPSKNyU
djiI0xTIUhgnJMfFM/JeILgLB+Hrv0DZ11TP4bc9HfDB1LN1RMswLCV14qqofQaH
cDu6Qhefk2xJ3np+C/hfdjoNlns4MDCR
-----END CERTIFICATE-----
subject=/C=KR/ST=Seoul/L=Gangnamgu/O=AA+/OU=AA+/CN=aaplus.pe.kr
issuer=/C=KR/ST=Seoul/L=Gangnamgu/O=AA+/OU=AA+/CN=aaplus.pe.kr
---
No client certificate CA names sent
---
SSL handshake has read 1531 bytes and written 448 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 8C3888593AC2E6FFE9F9ED0B288681D57F251210CA610751E0AB9298E0DA1331
Session-ID-ctx:
Master-Key: 1D8ECDBD58CDD91065B4BB6320E73BB6E1A870484E2F345C80983A2B7B89857155DB9340DD58D32604275FF092DD7B63
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 2b ee c2 be ba a5 ea 6c-5e ac cf bb d3 9d 20 af +......l^..... .
0010 - f2 5b 53 4e 2c 11 b0 65-f8 5a 7d e4 1a 5c f8 b0 .[SN,..e.Z}..\..
0020 - 76 e7 12 23 18 82 eb 95-fc fe 2d 59 10 86 74 aa v..#......-Y..t.
0030 - f1 5b fe a5 6d 48 8a 0a-bd 5c 6b 76 bb a6 dd 48 .[..mH...\kv...H
0040 - a5 41 d2 79 8b b4 19 d4-26 8f 57 c1 9c 31 31 15 .A.y....&.W..11.
0050 - 2c c0 49 27 6c 83 e5 af-2a c8 ec f2 35 ca 4a 67 ,.I'l...*...5.Jg
0060 - b1 4d 0c 78 10 e8 a8 d9-63 54 aa c9 79 7b c6 0c .M.x....cT..y{..
0070 - 82 ca c4 36 12 25 b0 52-a1 06 ba ed cc e0 e7 78 ...6.%.R.......x
0080 - fa 8c d8 92 d6 0e d0 3b-73 59 49 e6 f0 37 4f bc .......;sYI..7O.
0090 - 75 c5 69 ed 17 cc c8 d7-28 79 0c 7f cf 80 ea 08 u.i.....(y......
00a0 - f9 d2 d4 ad b6 a6 ba bf-d1 2c 3d b5 06 98 9b a0 .........,=.....
00b0 - c7 ef 40 69 da 9e 10 8a-3d b3 bb 5d 5c 39 0f b9 ..@i....=..]\9..
Start Time: 1367853128
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
4. virtual host별 Access log 출력 확인
[/etc/hosts DNS 추가]
$ vi /etc/hosts
--------------------------
#### AA+ DNS ####
127.0.0.1 localhost
127.0.0.1 www.aaplus.pe.kr
127.0.0.1 aa1.aaplus.pe.kr
127.0.0.1 aa2.aaplus.pe.kr
--------------------------
############ [Reference] ################
0. apache
http://httpd.apache.org/docs/2.4/install.html
1. configure, make, make install, make clean ...
http://kldp.org/node/21959
2. apache, jboss 설치
http://www.openlogic.com/blog/bid/247607/JBoss-AS7-Clustering-Using-mod_cluster-and-http-2-4-Part-1
3. apache + openssl 설치
http://jmnote.com/wiki/%EA%B0%9C%EC%9D%B8%EC%84%9C%EB%AA%85_SSL_%EC%9D%B8%EC%A6%9D%EC%84%9C_%EC%83%9D%EC%84%B1
http://linuxism.tistory.com/470
http://stackoverflow.com/questions/8188158/building-and-configuring-apr-util-and-httpd-to-use-apr-iconv-on-linux
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment