20.8. ÀÚü ¼­¸í ÀÎÁõ¼­(Self-Signed Certificate) »ý¼ºÇϱâ

¿©·¯ºÐÀº ½º½º·Î ÀÚü ¼­¸íÇÑ ÀÎÁõ¼­¸¦ ÀÛ¼ºÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù. ÀÚü ¼­¸í ÀÎÁõ¼­´Â CA-¼­¸í ÀÎÁõ¼­¿Í °°Àº º¸¾È º¸ÁõÀ» Á¦°øÇÏÁö ¾Ê´Â´Ù´Â Á¡¿¡ À¯ÀÇÇØ ÁֽʽÿÀ. ÀÎÁõ¼­¿¡ ´ëÇÑ º¸´Ù »ó¼¼ÇÑ Á¤º¸¸¦ ¿øÇϽŴٸé, 20.5 ÀýÀ» ÂüÁ¶ÇϽñ⠹ٶø´Ï´Ù.

ÀÚü ¼­¸í ÀÎÁõ¼­¸¦ »ý¼ºÇϱâ À§Çؼ­´Â ¿ì¼± 20.6 Àý¿¡ ³ª¿Â Áö½Ã¿¡ µû¶ó ÀÓÀÇÅ°¸¦ »ý¼ºÇÏ¼Å¾ß ÇÏ´Ï´Ù. Å°¸¦ »ý¼º ÈÄ /usr/share/ssl/certs µð·ºÅ丮·Î À̵¿ÇÏ¿© ´ÙÀ½ ¸í·ÉÀ» ÀÔ·ÂÇØ ÁֽʽÿÀ:

make testcert

´ÙÀ½°ú °°Àº Ãâ·Â °á°ú°¡ ³ªÅ¸³ª¸ç ¾ÏÈ£ ÀÔ·ÂÀÌ ¿äûµÉ °ÍÀÔ´Ï´Ù (¾ÏÈ£¾øÀÌ Å°¸¦ »ý¼ºÇÑ °æ¿ì Á¦¿Ü):

umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key 
-x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Using configuration from /usr/share/ssl/openssl.cnf
Enter PEM pass phrase:

¾ÏÈ£¸¦ ÀÔ·ÂÇϽŠÈÄ (¶Ç´Â ¾ÏÈ£¾øÀÌ Å°¸¦ »ý¼ºÇÑ °æ¿ì ¾ÏÈ£¸¦ ÀÔ·ÂÇÒ ÇÊ¿ä°¡ ¾øÀÌ), º¸´Ù ¸¹Àº Á¤º¸¸¦ À§ÇÑ ÀÏ·ÃÀÇ Áú¹® »çÇ×µéÀÌ ³ªÅ¸³¯ °ÍÀÔ´Ï´Ù. ÄÄÇ»ÅÍÀÇ Áú¹® »çÇ×µé°ú ¿¹½Ã ´äº¯Àº ´ÙÀ½°ú °°ÀÌ ³ªÅ¸³³´Ï´Ù. (ȸ»ç¿Í È£½ºÆ®¿¡ ´ëÇÑ ¿Ã¹Ù¸¥ Á¤º¸¸¦ ÀÔ·ÂÇϽʽÿÀ):

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US      
State or Province Name (full name) [Berkshire]:North Carolina
Locality Name (eg, city) [Newbury]:Raleigh
Organization Name (eg, company) [My Company Ltd]:My Company, Inc.
Organizational Unit Name (eg, section) []:Documentation
Common Name (your name or server's hostname) []:myhost.example.com
Email Address []:myemail@example.com

¿Ã¹Ù¸¥ ÀÔ·ÂÁ¤º¸°¡ ä¿öÁö¸é, ÀÚü ¼­¸í ÀÎÁõ¼­°¡ »ý¼ºµÇ¾î /etc/httpd/conf/ssl.crt/server.crt¿¡ ÀúÀåµË´Ï´Ù. ÀÎÁõ¼­¸¦ »ý¼ºÇϽŠÈÄ ´ÙÀ½°ú °°Àº ¸í·ÉÀ» »ç¿ëÇÏ¿© º¸¾È ¼­¹ö¸¦ Àç½ÃÀÛÇÏ¼Å¾ß ÇÕ´Ï´Ù:

/sbin/service httpd restart