2017. 6. 3. 05:05 Linux Server/apache
[apache] ssl 키 발급 및 적용
[ openssl 키발급 ]
# openssl genrsa -des3 -out leeeunseok.xyz.key 2048
# openssl req -new -key leeeunseok.xyz.key -out leeeunseok.xyz.csr
Country Name ( 국가코드) [] : KR
State or Province Name ( 지역 ) [] : Seoul
Locality Name ( 시/군/구 ) [] : Seocho
Organization Name ( 회사명 ) [] : Hanbiro Inc
Organizational Unit Name ( 부서명 ) [] : Linux Team
Common Name ( 서비스도메인명 ) [] : www.hanbiro.com
Email Address [] : hanbiro@hanbiro.com
[ ssl 적용 ]
apache 2.4버전
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is an internal
# terminal dialog) has to provide the pass phrase on stdout.
#SSLPassPhraseDialog builtin
SSLPassPhraseDialog exec:/usr/local/apache/conf/ssl_pass.sh
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:/usr/local/apache/logs/ssl_scache"
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
##
## SSL Virtual Host Context
<VirtualHost _default_:443>
# General setup for the virtual host
ServerAdmin joyjts@naver.com
DocumentRoot /home/les/public_html
ServerName leeeunseok.com:443
ErrorLog "/usr/local/apache/logs/leeeunseok.com_SSL_error_log"
TransferLog "/usr/local/apache/logs/leeeunseok.com_SSL_access_log"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile "/usr/local/apache/conf/SSL_2017/leeeunseok.com_cert.pem"
SSLCertificateKeyFile "/usr/local/apache/conf/SSL_2017/leeeunseok.com.key"
SSLCertificateChainFile "/usr/local/apache/conf/SSL_2017/leeeunseok.com_ChainCA.crt"
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
#SSLMutex "file:/usr/local/apache/logs/ssl_mutex"
<VirtualHost int.empel.co.kr:443>
DocumentRoot "/home/les/public_html"
ServerName int.les.co.kr:443
ServerAlias int.les.co.kr
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/apache/conf/extra/SSL/empel/int.les.co.kr.crt"
SSLCertificateKeyFile "/usr/local/apache/conf/extra/SSL/empel/int.les.co.kr.key"
SSLCertificateChainFile "/usr/local/apache/conf/extra/SSL/empel/int.les.co.kr.Chain.crt"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/usr/local/apache/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
'Linux Server > apache' 카테고리의 다른 글
| [apache] ip 접속 제어 (0) | 2018.02.09 |
|---|---|
| [apache] letsencrypt 설치 및 설정 (2) | 2017.08.03 |
| [php 언어셋 문제] (0) | 2017.05.09 |
| [apache] cband 모듈설치 (0) | 2017.04.27 |
| [apache] rewrite 모듈을 이용한 http -> https 포워딩 (0) | 2017.04.26 |
