Ubuntu 18 + Apache 2.4 SSL 적용

얼마전에도 비슷한 일을 하긴 했었는데...

이번엔 서버가 Ubuntu 라 비슷한 듯 좀 달라서 다시 작성해본다.

 

환경

OS: Ubuntu 18

Apache version: Apache/2.4.29 (Ubuntu)

키파일: 유서트에서 1년짜리 구매

 

openssl 설치여부 확인 

# openssl version
OpenSSL 1.1.1  11 Sep 2018

설치가 안되어 있다면 설치부터

# apt-get update
# apt-get install openssl

아파치 모듈 활성화

$ sudo a2enmod ssl
$ sudo a2enmod rewrite

ssl.conf 설정

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /app/www/public

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/apache2/ssl-key/File_[도메인].crt
                SSLCertificateKeyFile /etc/apache2/ssl-key/KeyFile_[도메인].key

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                SSLCertificateChainFile /etc/apache2/ssl-key/ChainFile_ALPHASSL_CA__SHA256__G2.crt

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                SSLCACertificateFile /etc/apache2/ssl-key/CA_GLOBALSIGN_ROOT_CA.crt