Building a Secure RedHat Apache Server HOWTO

Sigle Richard

richard.sigle@equifax.com

¼­Á¤·æ

s_ryong@hotmail.com

¹ýÀû °øÁö
Â÷·Ê
1. ÁöħÀÇ ¸ñÀû/¹üÀ§
1.1. Secure Sockets Layer (SSL)¿¡ ´ëÇØ
1.2. Çǵå¹é
1.3. Copyrights and Trademarks
1.4. Acknowledgements and Thanks
2. Secure Sockets Layer/Private Key Infrastructure ¼Ò°³
2.1. SSL/PKIÀÇ Ã¥ÀÓ
2.2. ¾î¶»°Ô SSLÀÌ ÀÛµ¿Çϴ°¡
2.3. ¾î¶»°Ô PKI°¡ ÀÛµ¿Çϴ°¡
2.4. ÀÎÁõ¼­(x509 Standard)
2.5. µðÁöÅÐ ÀÎÁõ¼­ ºñ¹ÐŰ
2.6. µðÁöÅÐ ÀÎÁõ¼­ °ø°³Å°
2.7. ÀÎÁõ¼­ ¼­¸í ¿äû(Certificate Signing Request,CSR)
3. ÀÎÁõ¼­ °ü·Ã ÀÛ¾÷
3.1. ºñ¹ÐŰ »ý¼ºÇϱâ
3.2. CSR »ý¼ºÇϱâ
3.3. ÀÚÇÊ ¼­¸í ÀÎÁõ¼­ »ý¼ºÇϱâ
3.4. À¥¼­¹ö ÀÎÁõ¼­ ¼³Ä¡Çϱâ
4. ¾ÆÆÄÄ¡ ¼­¹ö ¼³Á¤Çϱâ
4.1. º¸¾È °¡»ó È£½ºÆ® Á¤ÀÇÇϱâ
4.2. ÀÎÁõ¼­ ¿¹
4.3. À¥ ¼­¹ö À籸µ¿Çϱâ
5. ¹®Á¦Çذá
5.1. ¼­¹ö´Â ±¸µ¿µÈ µí Çѵ¥, º¸¾È »çÀÌÆ®¿¡ ¾×¼¼½º ÇÒ ¼ö ¾ø´Ù(Server Appears to start, but you cannot access the secure site).
5.2. Ŭ¶óÀÌ¾ðÆ® ºê¶ó¿ìÀú¿¡¼­ ÀÎÁõ¼­ À̸§ üũ °æ°í°¡ ³ªÅ¸³­´Ù(Certificate Name Check Warning is issued by the client's browser).
5.3. Ŭ¶óÀÌ¾ðÆ® À¥ºê¶ó¿ìÀú°¡ "ÀÎÁõ¼­°¡ ½Å·ÚµÇÁö ¾Ê´Â CA¿¡ ÀÇÇØ ¼­¸íµÇ¾ú´Ù"¶ó´Â °æ°í¸¦ ³ªÅ¸³½´Ù(Certificate was Signed by an Untrusted Certificate Authority Warning is issued by the client's browser).
5.4. ¾ÆÆÄÄ¡¸¦ ±¸µ¿ÇÒ ¶§ SSLEngine on ÀÌ ÀνĵÇÁö ¾Ê´Â ¸í·É¾îÀÌ´Ù(SSLEngine on is an un-recognized command (when starting Apache)).
5.5. PEM passphrase¸¦ Àؾú´Âµ¥ À̸¦ Àç¼³Á¤ÇÏ´Â ¹æ¹ýÀ» ¾Ë°í ½Í´Ù(You have forgotten your "PEM Passphrase" and you would like to know how to reset it).
6. ¿ë¾î ÇØ¼³

ÀÌ ÁöħÀº PKI¿Í SSLÀÌ ÇÔ²² ÀÛµ¿ÇÏ´Â ¹æ¹ýÀ» ¼³¸íÇϱâ À§ÇÑ °ÍÀ¸·Î º¸¾È ¼­¹ö¸¦ ¼º°øÀûÀ¸·Î ¼³Ä¡Çϱâ À§Çؼ­´Â SSL ÇÁ·ÎÅäÄÝÀÇ ÀÛµ¿ ¿ø¸®¸¦ ÀÌÇØÇÏ´Â °ÍÀÌ ÇʼöÀûÀÌ´Ù.