SSL Cert. - daniel-hong-sicis/streaming GitHub Wiki

[Linux] SSL (μžκ°€ μ„œλͺ…)사섀 μΈμ¦μ„œ μƒμ„±ν•˜κΈ°

from [https://sh-safer.tistory.com/89]

1단계. κ°œμΈν‚€ 생성

인증 κΈ°κ΄€ κ°œμΈν‚€λ₯Ό λ§Œλ“œλŠ” λ‹¨κ³„μΈλ°μš”

사섀 μΈμ¦μ„œ(μžκ°€ μ„œλͺ… μΈμ¦μ„œ)λŠ” 인증 기관이 μ—†κΈ° λ•Œλ¬Έμ— 슀슀둜 μ„œλͺ…ν•˜μ—¬ μΈμ¦μ„œλ₯Ό λ§Œλ“­λ‹ˆλ‹€.

[root@k8s-worker-1 make_ssl]# openssl genrsa -des3 -out ssl_1.key 2048 Generating RSA private key, 2048 bit long modulus ....+++ ..........................................................+++ e is 65537 (0x10001) Enter pass phrase for ssl_1.key: Verifying - Enter pass phrase for ssl_1.key:

openssl genrsa -des3 -out ssl_1.key 2048

2단계. CSR(Certificate Sinning Request) 생성

μΈμ¦μ„œ λ°œκΈ‰μ— ν•„μš”ν•œ λ‚΄μš©μ„ λ‹΄κ³  μžˆλŠ” μš”μ²­μ„œμž…λ‹ˆλ‹€.

1λ‹¨κ³„μ—μ„œ μƒμ„±ν•œ keyλ₯Ό 가지고 μš”μ²­μ„œλ₯Ό μƒμ„±ν•©λ‹ˆλ‹€.

[root@k8s-worker-1 make_ssl]# openssl req -new -key ssl_1.key -out ssl_1.csr Enter pass phrase for ssl_1.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [XX]:KR State or Province Name (full name) []:Seoul Locality Name (eg, city) [Default City]:GangNam Organization Name (eg, company) [Default Company Ltd]:sh-safer Organizational Unit Name (eg, section) []:sh-safer Common Name (eg, your name or your server's hostname) []:sh-safer.com Email Address []:[email protected]

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:

3단계. κ°œμΈν‚€μ—μ„œ νŒ¨μŠ€μ›Œλ“œ 제거

ν˜„μž¬ μƒμ„±λœ κ°œμΈν‚€λ‘œ apacheλ‚˜ nginx에 μ μš©μ„ ν•˜λ©΄ 데λͺ¬μ„ ꡬ동할 λ•Œλ§ˆλ‹€ key νŒ¨μŠ€μ›Œλ“œλ₯Ό μž…λ ₯ν•΄ μ£Όμ–΄μ•Ό ν•©λ‹ˆλ‹€.

맀번 νŒ¨μŠ€μ›Œλ“œ μž…λ ₯ν•˜λŠ” 게 λ²ˆκ±°λ‘œμ›Œ νŒ¨μŠ€μ›Œλ“œλ₯Ό μ œκ±°ν•©λ‹ˆλ‹€.

[root@k8s-worker-1 make_ssl]# openssl rsa -in ssl_1.key -out ssl_1_nopass.key Enter pass phrase for ssl_1.key: writing RSA key

4단계. (μžκ°€ μ„œλͺ…) 사섀 μΈμ¦μ„œ 생성

μƒμ„±ν•œ key 및 csr 파일둜 μΈμ¦μ„œλ₯Ό μƒμ„±ν•©λ‹ˆλ‹€.

[root@k8s-worker-1 make_ssl]# openssl x509 -req -days 365 -in ssl_1.csr -signkey ssl_1_nopass.key -out ssl_1.crt Signature ok subject=/C=KR/ST=Seoul/L=GangNam/O=sh-safer/OU=sh-safer/CN=sh-safer.com/emailAddress=[email protected] Getting Private key

파일 ꡬ성 확인

[root@k8s-worker-1 make_ssl]# ll 합계 16 -rw-r--r--. 1 root root 1314 10μ›” 9 19:37 ssl_1.crt -rw-r--r--. 1 root root 1058 10μ›” 9 19:33 ssl_1.csr -rw-r--r--. 1 root root 1751 10μ›” 9 19:19 ssl_1.key -rw-r--r--. 1 root root 1679 10μ›” 9 19:35 ssl_1_nopass.key

μΆ”κ°€. μΈμ¦μ„œ λ‚΄μš© 확인

key λ‚΄μš© 확인

openssl rsa -text -in [key 파일λͺ…]

CSR μš”μ²­μ„œ λ‚΄μš© 확인

openssl req -in [scr 파일λͺ…] -noout -text

μΈμ¦μ„œ λ‚΄μš© 확인

openssl x509 -in [crt 파일λͺ…] -noout -text