2011년 11월 29일 화요일
[Linux] SSL 설정
정식 SSL은 돈주고 사야한다.
[root@localhost kim]# yum install mod_ssl
Loaded plugins: presto, refresh-packagekit
fedora/metalink | 2.7 kB 00:00
updates/metalink | 2.6 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.i686 1:2.2.15-1.fc12.2 set to be updated
--> Processing Dependency: openssl >= 1.0.0-1 for package: 1:mod_ssl-2.2.15-1.fc12.2.i686
--> Processing Dependency: libnal.so.1 for package: 1:mod_ssl-2.2.15-1.fc12.2.i686
--> Processing Dependency: libdistcache.so.1 for package: 1:mod_ssl-2.2.15-1.fc12.2.i686
--> Running transaction check
---> Package distcache.i686 0:1.4.5-21 set to be updated
---> Package openssl.i686 0:1.0.0b-1.fc12.1 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
mod_ssl i686 1:2.2.15-1.fc12.2 updates 84 k
Installing for dependencies:
distcache i686 1.4.5-21 fedora 108 k
Updating for dependencies:
openssl i686 1.0.0b-1.fc12.1 updates 1.4 M
Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 1 Package(s)
Total download size: 1.6 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Download delta size: 640 k
openssl-1.0.0-0.10.beta3.fc12_1.0.0b-1.fc12.1.i686.drpm | 640 kB 00:04
Finishing rebuild of rpms, from deltarpms
<delta rebuild> | 1.4 MB 00:03
Presto reduced the update size by 55% (from 1.4 M to 640 k).
Package(s) data still to download: 193 k
(1/2): distcache-1.4.5-21.i686.rpm | 108 kB 00:00
(2/2): mod_ssl-2.2.15-1.fc12.2.i686.rpm | 84 kB 00:02
--------------------------------------------------------------------------------
Total 48 kB/s | 193 kB 00:03
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB has been altered since the last yum transaction.
Updating : openssl-1.0.0b-1.fc12.1.i686 1/4
Installing : distcache-1.4.5-21.i686 2/4
Installing : 1:mod_ssl-2.2.15-1.fc12.2.i686 3/4
Cleanup : openssl-1.0.0-0.10.beta3.fc12.i686 4/4
Installed:
mod_ssl.i686 1:2.2.15-1.fc12.2
Dependency Installed:
distcache.i686 0:1.4.5-21
Dependency Updated:
openssl.i686 0:1.0.0b-1.fc12.1
Complete!
예전 증명서백업
[root@localhost kim]# cd /etc/pki/tls/certs
[root@localhost certs]# mv localhost.crt localhost.crt.bak
테스트 증명서 만들기
[root@localhost certs]# make testcert
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:OSAKA
Locality Name (eg, city) [Default City]:JYOUTOU-KU
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.aaa.co.jp
Email Address []:aaa@naver.com
방화벽설정
[root@localhost certs]# iptables -I INPUT -p tcp -m tcp --dport https -j ACCEPT
[root@localhost certs]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@localhost certs]# /etc/rc.d/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
[root@localhost certs]#
피드 구독하기:
댓글 (Atom)
댓글 없음:
댓글 쓰기