1. 일단 아래처럼 공개키/비밀키 쌍을 생성.
openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 \
-nodes -keyout server.key -out server.crt \
-subj '/O=Company/OU=Department/CN=www.example.com'
2. 아파치2 설정에서 아래처럼 공개키 비밀키의 경로 지정.
root@ubuntu:/etc/apache2/sites-enabled# cat default-ssl
<IfModule mod_ssl.c>
# =================================================
# SSL/TLS settings
# =================================================
NameVirtualHost *:443
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm
SSLSessionCacheTimeout 600
<VirtualHost *:443>
DocumentRoot "/var/www/ssl"
SSLEngine on
SSLOptions +StrictRequire
<Directory />
SSLRequireSSL
</Directory>
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLVerifyClient none
SSLProxyEngine off
<IfModule mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
http://www.onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html
여기있는걸 정리한건데, 문서에 Listen 80, 443 추가하라고한거 하면 오류남 --;
그리고 SSLRandomSeed 뭐 이런설정들 위치도 잘못되있었음
'Programming' 카테고리의 다른 글
| QEMU Internals (0) | 2014.01.02 |
|---|---|
| Secret of SET_FS and KERNEL_DS in Linux Kernel (0) | 2013.12.31 |
| Settingup ARMv7 environment with QEMU (3) | 2013.10.24 |
| How NX is implemented in x86 Linux (0) | 2013.10.22 |
| Preemptive kernel vs Non-preemptive kernel (0) | 2013.10.14 |
