1. 필요패Ȗ12;1648; 설치 (openssl과 mod_ssl1060; 필요Ȣ16;나 6.4 1060;후 버1204;1008; openssl1060; 설치.104;Ǻ12;1080;Ǻ12; mod_ssl만 설치)

yum -y install mod_ssl

2. self-signed certificate 0143; 개1064; Ȗ12; 생성 (openssl1012; 1060;용한 self-signed certificate생성)

openssl genrsa -out ca.key 1024

3. CSR (Certificate Signing Request) 생성 / Common Name1032; ᅆ1;우 추후 conf파1068; 설1221;에 필요

[root@localhost ~]# openssl genrsa -out ca.key 1024

Generating RSA private key, 1024 bit long modulus

.............++++++

.......................................++++++

e is 65537 (0x10001)

[root@localhost ~]# openssl req -new -key ca.key -out ca.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ".", the field will be left blank.

-----

Country Name (2 letter code) [XX]:82

State or Province Name (full name) []:korea

Locality Name (eg, city) [Default City]:Seoul

Organization Name (eg, company) [Default Company Ltd]:ehost

Organizational Unit Name (eg, section) []:park

Common Name (eg, your name or your server"s hostname) []:web02

Email Address []:*********@*******.net

Please enter the following "extra" attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

4. self signed key 생성

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

5. 생성.108; 파1068; 복사

[root@localhost ~]# cp ca.crt /etc/pki/tls/certs

[root@localhost ~]# cp ca.key /etc/pki/tls/private/ca.key

[root@localhost ~]# cp ca.csr /etc/pki/tls/private/ca.csr

6. SSL conf파1068; 수1221;

[root@localhost ~]# vi /etc/httpd/conf.d/ssl.conf

7. config 파1068; 내 virtualhost 추가

vi /etc/httpd/conf/httpd.conf

8. 443포트 추가 0143; 데몬 1116;시1089;

[root@localhost ~]# vi /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT <-추가

wq!

[root@localhost ~]# service iptables restart

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Flushing firewall rules: [ OK ]

iptables: Unloading modules: [ OK ]

iptables: Applying firewall rules: [ OK ]

[root@localhost ~]# service httpd restart

Stopping httpd: [ OK ]

Starting httpd: [ OK ]