HTTPS를 위해서 인증서 발급을 위해 openssl 을 이용해봤다..
https://sourceforge.net/projects/openssl/
여기 가서 다운 받아서 압축을 풀면 일단 설치는 완료된다. (윈도우 기준)
1. Private KEY 생성
명령어 : oepnssl genrsa -out [파일명] 2048
# openssl genrsa -out private.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................+++
.................+++
e is 65537 (0x10001)
private.key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzLTDf8Q50h4H+S7H8fGLOSxQa68YSN43SDdF4GEL7rEBTt26
n+sJ/MILYk/OoSoTW46jq5YebGzWO2mqw/lciy7hx3xmhMTLjUsSmihrUfQKKrFZ
PeTKVdk9VocnnM+PutWdojhByRhlbDuYGtMku7o3mGhOK7TecZAkg0XDCLJnxyK5
Sfcx7LL/ZxJZoDlQYUqODD48jA5Ao3NsiYgRnBSvPuo2EaNHAEl9Uk9b8KGh8KK7
X75ixAa/vwDFik4BXG6MDV3nerR6yFrhyV0jDWwhArFwfNVC4T376y8nKcl6dToW
njNLe37jqIw6np7CLCn0b7l3yAL9eSvJsnmWywIDAQABAoIBAQC4amzpUL0KZxWl
zhhBBer4Ac0dhetp0g+Zlnn0D1mxmnLkOurjINqpg6K/2cf79yzjQdh/P0l/Qnmp
oqM91AskNIMgtRiiqav7SVOj35/3f9Qc7BLKqLADsScKKc5s/aytk75kIyxY3wqX
/AQmvmsMWFG3kthBlbsEMehC/vkafgh9HKpjsZfQFr7O/yBQ2p9t4PyHWf0sPaqZ
/tKxb7jGij+Z9MhaGQc4Xn2nAHooHOOrrj1uPc6m26avalkMk0VzTg60kitTNa0H
lrKWlMSzEK8avE+Bus+PPcQmDBmyAdbAomOaOmmE7+9Bk7/ewfJ0HRlM5pj/8z01
TyhLrxbhAoGBAPyKcJVVIBGwBaB96UaLlzlgyh8zyrIucEsnaxJkJfrxZrn8ACww
XeTaVpSviCF1Sst8Km3f6Ncvla1Hfl2unVgTIunkbKrrzKWPrMxwiAvY6lB3/tGa
OsS8ohzhrpXKEKjDAc0tnnsNI1auWh210KpUGt4Whzk3rvEnmcEQKY+7AoGBAM+C
ljFld5xpcrJkb8r4G2nUbvUPRekqlVb2gSzff5/O12aQUF7YBDQmijDNNaA6I5eB
2McPfhOAPlE3ecQ0u2+g4CCaTorxNwzOsVfgfYZGqhqM9rG/GEhFztfcpUFwmX0L
AKjhZhqXjTxZBfz368jyR83oSb3PIkDOuOhMC/wxAoGAD4OJqwLRt4RytAtIG1dT
8OhrQkNyPkPwDg3b3ANe+e1+fAppEE3gVsC69ONbn4KPF7UG/jz1FtMLhNuRfbvO
WqzCRlAMBOv7ZGhRGzYGhYPL0Smt875fwdo8sz2B9h21rEhegfY9eB20gAyx6IVU
zkHgbKhBolgzXQkrvtp5UyUCgYEAlyCyJhOSA1ZA9G91g8sim/bdQJj4/5HF5ent
tjKoDklkUwwznH+SwDB5YIVz0tfE6CjnKkK8PZOezyOqCR2mjOwLj3MSVNrMjwVR
34Bdqxd395JGcLmOA8Tjmg7WREyvXIRQ3K4b4K4TbKohVFVzYYwig3HzkstyVOS5
gmUwLWECgYBE8CjpaFHvDiU3zpLXu6j3nn4OFrIj8CYwm6pyBTbWLy1hFz0aShZn
oXL9pLGsmNqWDwzk7PCoiqJLraGUnhycx6ylZIzlPssiezKL2S+QgN204fCwa34r
YRnr5og9+HyGukl3+d8zVxEd9NCL8Qh5hco0PjMn7aTVp+fhz6GT7g==
-----END RSA PRIVATE KEY-----
2. Public Key 생성
명령어 : openssl rsa -in [private key 파일명] -pubout -out [파일명]
# openssl rsa -in private.key -pubout -out public.key
writing RSA key
public.key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLTDf8Q50h4H+S7H8fGL
OSxQa68YSN43SDdF4GEL7rEBTt26n+sJ/MILYk/OoSoTW46jq5YebGzWO2mqw/lc
iy7hx3xmhMTLjUsSmihrUfQKKrFZPeTKVdk9VocnnM+PutWdojhByRhlbDuYGtMk
u7o3mGhOK7TecZAkg0XDCLJnxyK5Sfcx7LL/ZxJZoDlQYUqODD48jA5Ao3NsiYgR
nBSvPuo2EaNHAEl9Uk9b8KGh8KK7X75ixAa/vwDFik4BXG6MDV3nerR6yFrhyV0j
DWwhArFwfNVC4T376y8nKcl6dToWnjNLe37jqIw6np7CLCn0b7l3yAL9eSvJsnmW
ywIDAQAB
-----END PUBLIC KEY-----
3. CSR 생성 (Certificate Signing Request - 인증서 서명 요청)
- 인증서 발급을 위한 필요한 정보를 담고 있는 인증서 신청 형식 데이터 이다.
| 구분 | 작성 예 |
| Country Name (국가코드) | KR |
| State or Province Name (시/도의 전체이름) | Seoul |
| Locality Name (시/군/구 등의 이름) | Songpa-gu |
| Organization (회사이름) | XXXX |
| Organization Unit (부서명) | Server |
| Common Name (SSL 인증서를 설치할 서버의 Full Domain) | www.xxxx.com |
주의 사항
- Common Name 에는 인증서를 설치할 사이트의 도메인의 이름을 넣어야 한다. (ip, port, http, https 포함불가능)
명령어 : openssl req -new -key [private key 파일명] -out [파일명]
# openssl req -new -key private.key -out private.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Seoul
Organization Name (eg, company) [Internet Widgits Pty Ltd]:local
Organizational Unit Name (eg, section) []:local
Common Name (eg, YOUR name) []:local
Email Address []:test@test.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test
An optional company name []:test
중간중간 뭐라고 나오는 내용들이 많이 있다. 일단 테스트 이기 때문에 대충 넣었다.
private.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC3jCCAcYCAQAwbzELMAkGA1UEBhMCS1IxDjAMBgNVBAgTBUtvcmVhMQ4wDAYD
VQQHEwVTZW91bDENMAsGA1UEChMEdGVzdDENMAsGA1UECxMEdGVzdDENMAsGA1UE
AxMEdGVzdDETMBEGCSqGSIb3DQEJARYEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOAF/QjGmdafbFanuHg3MyUlABiBhPTavX1eGzqGD/oxLwMu
e8DHEAeLBQGwpIq8qqDd8hmjFUL7blt4bzAAaGTtRnK7y1kegFNE/qftv6Imx1x6
5V2Cnh/998a3O0NXCvkBu5RRKALVl1qHOl4PKFLeX+NyoGzhqInu8ZrWu86K0cRu
JqtRF9Qpd0r7/E3yGaFdPIVA0AtM8W8+ne9Y3mMHeC7Os6DvEH1H6ZwReQljDZKK
lPjqBZwN4pn2W9ws3U0N6iTn37gQDTCJFW3MwIFUk+wK4L95XfZXCx+x/L5khTkV
mVUFvSbEw6FYWK0xeQKKtol6qUOkqC+EvKggPkUCAwEAAaAqMBMGCSqGSIb3DQEJ
AjEGEwR0ZXN0MBMGCSqGSIb3DQEJBzEGEwR0ZXN0MA0GCSqGSIb3DQEBCwUAA4IB
AQCHP6rPvZWJx1w6MW+Te3WWlaGo6WCHaVv6nxYgvnCgX+BK2B2FY9MfaSagZabj
x4SVxctJlO8WfWz+vI+iOONxkDgfPXerIXSm6qDF2ITcYvWeU/6N12Ixf+mapygO
6dTfpqAsHePJmHgWah9s+uzYllYT+HlVJtSwooKOhsYER/oEttCbDc1NGnJVLO2S
cbpbVbuuqo12MtdrZ/ZrSPiHKU+gJzieUd8gUXVDEXbo6ljlRkONMe1LPPmeKvGy
6nfaE78/U0rBce1qPaxlPUVl16bHfnjjC5BTFjym0jcMnKbOuHiHVCAeuscTXoiF
YaRIlbEUh+D/5QhtMMKqJV0o
-----END CERTIFICATE REQUEST-----
4. CRT 인증서 만들기
명령어 : openssl req -x509 -days [기간] -key [private key 파일명] -in [csr 파일명] -out [파일명] -days [기간]
# openssl req -x509 -days 365 -key private.key -in private.csr -out mycommoncrt.crt -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Songpa-gu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
mycommoncrt.crt
-----BEGIN CERTIFICATE-----
MIID4zCCAsugAwIBAgIJAJ73VwJ+KNz9MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV
BAYTAktSMQ4wDAYDVQQIEwVTZW91bDESMBAGA1UEBxMJU29uZ3BhLWd1MSEwHwYD
VQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTgwODIzMDEwMzE3WhcN
MTkwODIzMDEwMzE3WjBUMQswCQYDVQQGEwJLUjEOMAwGA1UECBMFU2VvdWwxEjAQ
BgNVBAcTCVNvbmdwYS1ndTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
THRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKib3QSYnn5bGtIY
2DOQiPpieNNzpiyE8+Uhf9VufyBeMR8DGfaCuku0cjqF15Gqkgl2+3DavaGtyuNQ
e8Idz1jUHW/nLUlKLOzYf/a3W4n7EOjzhUv3H16KenqxhJcc1RFs6Zg+c/n76hId
/NrFbLq/kX4/xEPmRRe6O88SSUlcyBVQo59jMNH0IJOHZ8V1gKvTpQkUt3su7ojX
QfkmQv2Hps6pg2FRPnysDS6wDolaMt1f/Dd51l/Y29Dm5sjiPTHXZbYp/mD0Ka3T
TipnM60wMdDSdCQx9aT0hdVhXEHz0aSMezJP5SUvbIL4DHQPC1GHF2vYlsbivp/t
6Uu4kQIDAQABo4G3MIG0MB0GA1UdDgQWBBRRJxq/mdmqJswbHi1djbMaGnmQhzCB
hAYDVR0jBH0we4AUUScav5nZqibMGx4tXY2zGhp5kIehWKRWMFQxCzAJBgNVBAYT
AktSMQ4wDAYDVQQIEwVTZW91bDESMBAGA1UEBxMJU29uZ3BhLWd1MSEwHwYDVQQK
ExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQCe91cCfijc/TAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQADDWN84F8IdPmc43jGi2jOmhp3OwHoBvVp
DXJrXJNGjDYpJ8BZn+kf6K5D59qZfIW1cHhzaf/kylQsHF2cH8ZFU69kp0txIi/f
9hOu5W/OwxtyCmomaL99zJdHePfj4MFhu+aANCkaOcEFlE3kc+JTCdj2jPZxMIJr
dIBsbLJeEwX8q7RJ2t/pPn/LiYRVuEEj9qpXu4MOw01ccjSPHA/TgZ+FDOZb3U9y
ABXB64uoxbxr5zIAgYKoQUOoX3S0gwDo9omWcnAPU4fjtT7Es/3HNjtSet3TGW68
J7vbhPIovtusLqH1/AUKmEVspeUKkn9ero0Ee9ruuP5HALb8zstG
-----END CERTIFICATE-----
5. 인증서 Config 파일 (test.conf)
참고자료
https://www.comodossl.co.kr/certificate/ssl-installation-guides/Apache-csr-crt.aspx
'Development > Tech&Seminar' 카테고리의 다른 글
| Google Cloud Hackathon 간단한 후기 (0) | 2018.10.08 |
|---|---|
| TCC가 뭐지??? (0) | 2018.09.07 |
| #2 OpenID Connect Flow (0) | 2018.08.14 |
| #1 Open ID Connect 가 뭐야??? (0) | 2018.08.07 |
| Google Cloud Study Jams 후기 (0) | 2018.05.15 |
