apache2에 https 적용하기

apache2에 https 적용해보려고 합니다.

 

1. OpenSSL 설치

sud apt install openssl

 

2. 인증키 생성

openssl req -new -x509 -sha256 -days 3650 -nodes -out server.csr -keyout server.key

ㅇ new: 새 인증서 요청 RSA 키를 생성합니다. 기본은 2048비트입니다.d

ㅇ -x509: X.509 인증서를 생성

ㅇ -sha256: 265비트 SHA(Secure Hash Algorithm) 사용

ㅇ -days 3650: 인증서 사용 기간

ㅇ -nodes: 암호 없이 키 생성

ㅇ -out server.csr: 새로 만든 인증서를 쓸 파일 이름 지정

ㅇ -keyout server.key: 새로 만든 개인 키를 쓸 파일 이름을 지정

root@test:~# openssl req -new -x509 -sha256 -days 3650 -nodes -out server.csr -keyout server.key
.......+........+...+.......+...+.....+....+..+..............................+.........+............+.........+.+..+.......+........+..........+.....+...+...+...............+......+......+...+.+...+...+..+...+....+...+..+......+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+....+..............+....+..+...+.+...........+......+...+..........+.........+..+.+...+........................+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+..+...+.......+...............+...+..+.+...............+.....+................+........+.......+...+..+.+..............+...............+...+.+..+.......+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+............+...+............+................+...+...............+.........+......+......+...........+....+...+..+...+..................+.......+.....+...+...+....+..+.........+....+..+......+.........+....+.....+.+...............+.....+..........+......+..+.+..+.......+.....+...+....+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:security
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
root@test:~# ls
server.csr  server.key
root@test:~# ls -al
합계 16
drwx------ 2 root root 4096  4월 11 10:44 .
drwxr-xr-x 9 root root 4096  4월 11 10:11 ..
-rw-r--r-- 1 root root 1285  4월 11 10:44 server.csr
-rw------- 1 root root 1704  4월 11 10:42 server.key
root@test:~#

 

# Country Name (2 letter code) [AU]: 국가이름

# State or Province Name (full name) [Some-State]: 시/도 이름

# Locality Name (eg, city) []: 지역 이름 (도시)

# Organization Name (eg, company) [Internet Widgits Pty Ltd]: 조직 이름 (회사)

# Organizational Unit Name (eg, section) []: 조직 단위 (팀)

# Common Name (e.g. server FQDN or YOUR name) []: 도메인 이름

# Email Address []: 이메일 주소

 

3. apache2 설치

sudo apt install apache2 libapache2-mod-wsgi-py3

 

4. apache SSL 모듈 활성화

sudo a2enmod ssl
sudo a2enmod rewrite

 

5. apache 파일 수정

mkdir /etc/apache2/ssl
cp ~/server.* /etc/apache2/ssl

vi /etc/apache2/site-available/default-ssl.conf

# 아래의 내용 주석 해제 및 수정
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.csr
SSLCertificateKeyFile /etc/apache2/ssl/server.key

 

6. apache 실행

sudo systemctl start apache2.service