## 설정 가이드 ##
yum install openssl
yum install mod_ssl
mkdir /usr/local/apache/conf/ssl
cd /usr/local/apache/conf/ssl
openssl genrsa -out domain .key 1024
openssl req -new -key domain.key -out domain .csr
openssl req -x509 -key domain .key -in domain .csr > domain .crt
openssl pkcs12 -export -in domain .crt -inkey domain .key -out .keystore -name tomcat
### apache 적용 예시 ###
<VirtualHost *:443>
# DocumentRoot /var/www/html
ServerName ssl.domain.net
SSLEngine On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA:AES256-SHA:3DES-EDE:!RC4:HIGH:!MD5:!aNULL:!EDH
SSLCertificateFile /usr/local/apache/conf/ssl/ca.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl/ca.key
ErrorLog "|/usr/local/apache/bin/rotatelogs -l /usr/local/apache/logs/api/error.%Y%m%d.log 86400"
CustomLog "|/usr/local/apache/bin/rotatelogs -l /usr/local/apache/logs/api/access.%Y%m%d.log 86400" combined
JkMount /* api1
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/data/www/"
ServerName ssl.domain.net
ServerAlias dev.domain.net www. domain .net
SSLEngine On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA:AES256-SHA:3DES-EDE:!RC4:HIGH:!MD5:!aNULL:!EDH
SSLCertificateFile /etc/httpd/ssl/ssl. domain .net.crt
SSLCertificateKeyFile /etc/httpd/ssl/ssl. domain .net.key
SSLCertificateChainFile /etc/httpd/ssl/chainca.crt
</VirtualHost>
'Linux' 카테고리의 다른 글
| tomcat pid 를 이용한 startup/shutdown (0) | 2025.03.10 |
|---|---|
| java / Tomcat / Connector 설치 (0) | 2025.03.10 |
| GeoIP 설치 (0) | 2025.03.10 |
| local disk 추가 (0) | 2025.03.10 |
| firewalld 설치, 관리 (0) | 2025.03.09 |