본문 바로가기
개발/아파치

아파치 SSL 적용

워킹맘개발자 2020. 12. 24. 11:11

현재 아파치는 설치 및 설정이 끝나서 서비스가 가능한 상태이다.

하지만 실제 서비스를 하려면 SSL 적용이 필수이기 때문에 SSL 적용 방법을 기록하고자 한다.

 

환경

OS: CentOS 7

키파일: 유서트에서 1년짜리 구매

 

mod_ssl 설치

yum install mod_ssl

 mod_ssl 설치 확인

cd /etc/httpd/modules
ls -al
-rwxr-xr-x 1 root root 219456 2020-11-17 01:19 mod_ssl.so

ssl.conf 수정

<VirtualHost *:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/web/serviceWeb"
ServerName 도메인:443
DirectoryIndex main.apro

# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/serviceWeb-ssl_error_log
TransferLog logs/serviceWeb-ssl_access_log
LogLevel warn

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/httpd/conf.d/도메인_apache.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf.d/도메인_apache.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
SSLCertificateChainFile /etc/httpd/conf.d/도메인.ca-bundle

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/httpd/conf.d/도메인.root-bundle

아파치 재시작

systemctl restart httpd.service

완료

'개발 > 아파치' 카테고리의 다른 글

Ubuntu 18 + Apache 2.4 SSL 적용  (0) 2021.07.08

'개발/아파치' Related Articles

티스토리툴바