CentOS 5.8 ssl 적용 문제 :: 2cpu, 지름이 시작되는 곳!

훈훈경매 more

검색 목록

쓰기

CentOS 5.8 ssl 적용 문제

제로섬

01-07

2024-01-07 10:30:21

조회 1428 추천 0

1901;팔리면 1656;문Ȣ16;1648; 맙시다. 소1473;한 Ǌ13;변 댓글1012; 삭1228;Ȣ16;ǉ16;,148; ǥ12;-124;러운 1068; 1077;니다 

현1116; idc 가상 서버에 올/140;1256; 1080;1648;만 centos 업그/112;1060;드 1116;설치가 불가Ȣ16;다ǉ16; Ǌ13;변1012; 0155;았습니다.

그래서 현1116; 상태에 ssl1012; 1201;용Ȣ16;/140;고 vm에 올/140;서 테스트를 해가면서 1064;1613;서 0156;급0155;아서

1060;1228; 다 됐구나 했ǉ16;데 에러가 0156;생Ȣ16;고 1080;습니다.

[info] Loading certificate & private key of SSL-aware server '도메1064;.kr:443'

[error] Init: Private key not found

[error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag

[error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

[error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

[error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

* Ȗ12; ᅆ1;/196; 0143; 권한1008; 모.160; 1221;상1077;니다.

* 1064;1613;서 1116;0156;급도 0155;아 봤습니다.

뭐가 문1228;1064;1648; 도움1012; 0155;고 ǳ10;습니다.

* 서버 구성 1221;보

[root@]# httpd -v

Server version: Apache/2.2.3

Server built:   Jul 23 2014 10:09:41

openssl 업그/112;1060;드

[root@]# openssl version

OpenSSL 1.0.2u  20 Dec 2019

curl 업그/112;1060;드

[root@]# curl -V

curl 7.76.1 (x86_64-pc-linux-gnu) libcurl/7.76.1 OpenSSL/1.0.2u zlib/1.2.3

Release-Date: 2021-04-14

Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp

Features: alt-svc AsynchDNS HTTPS-proxy Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

yum install mod_ssl

CA 1064;1613;서 번들 다운/196;드:

    curl -k --remote-name https://curl.se/ca/cacert.pem

다운/196;드한 CA 1064;1613;서 복사:

    cp cacert.pem /etc/pki/tls/certs/

curl -k https://get.acme.sh | sh

mkdir -p /var/www/html/.well-known/acme-challenge

acme.sh --set-default-ca --server letsencrypt

acme.sh --register-account -m 1060;메1068;@መ1;/197;

acme.sh --issue -d 도메1064;.kr -d www.도메1064;.kr -w /var/www/html

[root@localhost .acme.sh]# acme.sh --issue -d 도메1064;.kr -d www.도메1064;.kr -w /var/www/html

[Sun Jan  7 09:26:11 KST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory

[Sun Jan  7 09:26:11 KST 2024] Creating domain key

[Sun Jan  7 09:26:11 KST 2024] The domain key is here: /root/.acme.sh/도메1064;.kr_ecc/도메1064;.kr.key

[Sun Jan  7 09:26:11 KST 2024] Multi domain='DNS:도메1064;.kr,DNS:www.도메1064;.kr'

[Sun Jan  7 09:26:11 KST 2024] Getting domain auth token for each domain

[Sun Jan  7 09:26:17 KST 2024] Getting webroot for domain='도메1064;.kr'

[Sun Jan  7 09:26:17 KST 2024] Getting webroot for domain='www.도메1064;.kr'

[Sun Jan  7 09:26:17 KST 2024] 도메1064;.kr is already verified, skip http-01.

[Sun Jan  7 09:26:17 KST 2024] www.도메1064;.kr is already verified, skip http-01.

[Sun Jan  7 09:26:17 KST 2024] Verify finished, start to sign.

[Sun Jan  7 09:26:17 KST 2024] Lets finalize the order.

[Sun Jan  7 09:26:17 KST 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1502117196/234786164176'

[Sun Jan  7 09:26:21 KST 2024] Downloading cert.

[Sun Jan  7 09:26:21 KST 2024] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/040217d5eaa65b17f80f479037263aa1a571'

[Sun Jan  7 09:26:22 KST 2024] Cert success.

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

[Sun Jan  7 09:26:22 KST 2024] Your cert is in: /root/.acme.sh/도메1064;.kr_ecc/도메1064;.kr.cer

[Sun Jan  7 09:26:22 KST 2024] Your cert key is in: /root/.acme.sh/도메1064;.kr_ecc/도메1064;.kr.key

[Sun Jan  7 09:26:22 KST 2024] The intermediate CA cert is in: /root/.acme.sh/도메1064;.kr_ecc/ca.cer

[Sun Jan  7 09:26:22 KST 2024] And the full chain certs is there: /root/.acme.sh/도메1064;.kr_ecc/fullchain.cer

[root@localhost .acme.sh]# acme.sh --install-cert -d 도메1064;.kr -d www.도메1064;.kr \

>   --cert-file /etc/httpd/conf.d/sslkey/도메1064;.kr.cer \

>   --key-file /etc/httpd/conf.d/sslkey/도메1064;.kr.key \

>   --fullchain-file /etc/httpd/conf.d/sslkey/fullchain.cer

[Sun Jan  7 09:26:29 KST 2024] The domain '도메1064;.kr' seems to have a ECC cert already, lets use ecc cert.

[Sun Jan  7 09:26:29 KST 2024] Installing cert to: /etc/httpd/conf.d/sslkey/도메1064;.kr.cer

[Sun Jan  7 09:26:29 KST 2024] Installing key to: /etc/httpd/conf.d/sslkey/도메1064;.kr.key

[Sun Jan  7 09:26:29 KST 2024] Installing full chain to: /etc/httpd/conf.d/sslkey/fullchain.cer

/etc/httpd/conf.d/ssl.conf

DocumentRoot "/var/www/html"

ServerName 도메1064;.kr

SSLEngine on

SSLProtocol all -SSLv2

SSLCertificateFile /etc/httpd/conf.d/sslkey/도메1064;.kr.cer

SSLCertificateKeyFile /etc/httpd/conf.d/sslkey/도메1064;.kr.key

SSLCertificateChainFile /etc/httpd/conf.d/sslkey/fullchain.cer

    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \

         nokeepalive ssl-unclean-shutdown \

         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

service httpd restart

ssl_error.log