HTTPS HTTP

SSL 인증 방법 (HTTPS 구성)

cert => 인증서
csr  => 인증서 신청서
key  => 암호화

 

yum install openssl mod_ssl 
mkdir -p /cert/key
cd /cert/key

[1. 키생성]
openssl genrsa -out sevas.key 2048

[2. 신청서작성 ]
openssl req -new -key sevas.key > sevas.csr

Country Name [xx]  : 어디나라?  KR
state or province name  :  지역   Seoul
locality Name     :  도시   Gangnam
organization Name  :  WebSecure
organizational Unit Name :  sevas
common Name(hostname)     : http://www.sevas10.com
email address : root@sevas10.com

[3. 최종인증서생성]
openssl x509 -req -days 365 -in sevas.csr -signkey sevas.key -out sevas.crt


[확인]
 openssl x509 -text -in sevas.crt -noout

sevas.key  sevas.csr   sevas.crt  잘확인할것 

[4. vi /etc/httpd/conf.d/ssl.conf ]

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
100: #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /cert/key/sevas.crt   <<<<<<요부분

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /cert/key/sevas.key <<<<<<<<요부분

**데몬시작전 hostname 확인해서 바꿔준다 **
hostnamectl set-hostname http://www.sevas10.com
service httpd restart

[5.방화벽 설정]
firewall-cmd --permanent --add-port 443/tcp
firewall-cmd --reload

https:// 로 들어가서 확인 (고급)

---

HTTP -> HTTPS 자동 접속 설정

방법 2가지 

1. 리다이렉트 

2. 리라이트 

 

1. 80을 열어놓고 rewrite를 통해서 자동으로 https로 접속

[ vi /etc/httpd/conf/httpd.conf ]
rewriteengine on
rewritecond %{https} off
rewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URL} [R,L]

 

service httpd restart

 

 Rewrite 엔진 활성화 / URL 재작성

%{HTTPS} 를 사용하여 HTTPS인지 확인하고, 아니면 HTTPS로 리디렉션

^(.*)$  ==> 보내질주소 (redirect 할주소)

사용예시) 
RewriteEngine On
RewriteCond %{HTTP_HOST}  !^http://www.sevas10.com [nocase]
RewriteRule ^(.*)$   http://www.naver.com$1 [L,R]




[응용]

rewriteengine on
rewritecond %{https} off
RewriteCond %{HTTP_HOST}  !^http://www.sevas10.com [nocase]
RewriteRule ^(.*)$        http://www.naver.com$1 [L,R]
rewritecond %{https} off
rewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URL} [R,L]



RewriteEngine On
RewriteCond % !=on
RewriteRule ^(.*)$ https://10.10.10.10 [R,L]


/etc/httpd/conf/httpd.conf

NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile      /cert/key/sevas.crt
        SSLCertificateKeyFile   /cert/key/sevas.key
    ServerAdmin root@sevas10.com
    DocumentRoot /home/sevas/html
    ServerName http://www.sevas10.com
    ErrorLog logs/ssl_error.log
    CustomLog logs/ssl_access.log common
</VirtualHost>