SSL \ub77c\uc774\ube0c\ub7ec\ub9ac\uc758 \ud65c\uc6a9<\/p>\n
SSL \ub77c\uc774\ube0c\ub7ec\ub9ac\uc758 \uac00\uc7a5 \uc911\uc694\ud55c \uae30\ub2a5\uc740 \uc554\ud638\ud654 \ucc44\ub110\uc744 \ud1b5\ud55c \ud1b5\uc2e0\uc774\ub2e4. \uc774\ub97c \uc704\ud574\uc11c \uac01\uac01\uc758 \ud1b5\uc2e0\uc740 \uc778\uc99d\uc11c\ub97c \ud544\uc694\ud55c \uacbd\uc6b0\uac00 \uc788\uc73c\uba70, \uc2e4\uc81c \uc804\uc790\uc0c1\uac70\ub798\ub098 \uc99d\uad8c \uac70\ub798 \ub4f1\uc5d0\uc11c \uc774\uc6a9\ud558\ub294 \uc778\uc99d\uc11c\uc778 \uacbd\uc6b0 \uacf5\uc778 \uc778\uc99d\uae30\uad00\uc5d0\uc11c \ubc1c\uae09\ubc1b\ub294\ub2e4.<\/p>\n
\ud558\uc9c0\ub9cc \uc81c\ud55c\uc801\uc778 \ubc94\uc704 \ub0b4\uc5d0\uc11c\ub294 \uc790\uccb4\uc801\uc73c\ub85c \uc778\uc99d\uc11c\ub97c \uc0dd\uc131\ud558\uc5ec \uc774\uc6a9\ud560 \uc218 \uc788\uc73c\uba70, \uc774\ub7ec\ud55c \uae30\ub2a5\uc740 openssl \ub77c\uc774\ube0c\ub7ec\ub9ac\uc5d0\uc11c \uae30\ubcf8\uc801\uc778 \uba85\ub839\uc73c\ub85c \uc81c\uacf5\ud55c\ub2e4.<\/p>\n
1) \uc778\uc99d\uc11c \ub9cc\ub4e4\uae30
\uc778 \uc99d\uc11c(Certificate)\ub294 \uc11c\ubc84\uc640 \ud074\ub77c\uc774\uc5b8\ud2b8 \uac04\uc5d0 \ud1b5\uc2e0\uc744 \uc218\ud589\ud558\ub294 \uacfc\uc815\uc5d0\uc11c \uc11c\ub85c\uc758 \uc2e0\uc6d0\uc744 \ubcf4\uc99d\ud558\ub294 \uc77c\uc885\uc758 \ubcf4\uc99d\uc11c \uc5ed\ud560\uc744 \ud55c\ub2e4. \uc740\uc99d\uc11c\ub294 \uacf5\uc778\ub41c \uc778\uc99d\uae30\uad00\uc5d0\uc11c \uac1c\uc778\uc758 \uc2e0\uc6d0 \ud655\uc778\uc744 \uac70\uccd0\uc11c \ubc1c\uae09\ud558\uba70 \uc8fc\uc2dd\uac70\ub798, \uc804\uc790\uc0c1\uac70\ub798 \uac19\uc740 \uae08\uc735 \uac70\ub798\uc5d0\uc11c \uc8fc\ub85c \uc774\uc6a9\ud55c\ub2e4. \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud558\ub294 \uae30\uad00\uc744 CA(Certificate Authority)\ub77c\uace0 \ud558\uba70, \uc774\ub7ec\ud55c \uae30\uad00\uc5d0\uc11c \ubc1c\uae09\ud55c \uc778\uc99d\uc11c\ub294 \uae30\ubcf8\uc801\uc73c\ub85c \ub2e4\uc74c\uacfc \uac19\uc740 \uc815\ubcf4\ub97c \ud3ec\ud568\ud55c\ub2e4.<\/p>\n
– \uc18c\uc720\uc790 \uc774\ub984 : \uc8fc\ubbfc\ub4f1\ub85d\uc99d\uc758 \uc774\ub984\uacfc \ub3d9\uc77c\ud55c \uae30\ub2a5
– \uc77c\ub828 \ubc88\ud638 : \uc8fc\ubbfc\ub4f1\ub85d\uc99d\uc5d0 \ube44\uad50\ud560 \ub54c \uc8fc\ubbfc\ub4f1\ub85d\ubc88\ud638\uc758 \uc5ed\ud560
– \uc18c\uc720\uc790\uc758 \uacf5\uac1c \ud0a4 : \ud574\ub2f9 \uc778\uc99d\uc11c\ub97c \uc18c\uc720\ud55c \uc0ac\ub78c\uc758 \uacf5\uac1c \ud0a4
– \uc778\uc99d \uae30\uad00\uc758 \uc804\uc790 \uc11c\uba85 : \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud55c \uae30\uad00\uc758 \uc804\uc790 \uc11c\uba85<\/p>\n
\ud558 \uc9c0\ub9cc \uac1c\ubc1c\uc790 \uc785\uc7a5\uc5d0\uc11c \uc81c\ud55c\ub41c \uc2dc\uc2a4\ud15c\uacfc \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc744 \ub300\uc0c1\uc73c\ub85c \ud558\ub294 \uacbd\uc6b0\uc5d0\ub294 \uc790\uccb4\uc801\uc778 \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud558\uace0 \uc774\ub97c \uc774\uc6a9\ud558\uc5ec \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc5d0\uc11c \uc774\uc6a9\ud560 \uc218\ub3c4 \uc788\ub294\ub370, \uc774\ub7ec\ud55c \uae30\ub2a5\uc744 \uc218\ud589\ud558\ub294 \uc2dc\uc2a4\ud15c\uc744 ‘self-signed’ \uc11c\ubc84\ub77c\uace0 \ud55c\ub2e4. \uc774\ub97c \uc704\ud574 openssl\uc740 \uae30\ubcf8\uc801\uc778 \uba85\ub839\uc5b4\ub85c \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud558\ub294 \uae30\ub2a5\uc744 \uac16\ucd94\uace0 \uc788\ub2e4.<\/p>\n
* \ube44\ubc00 \ud0a4 \uc0dd\uc131
\uc778\uc99d\uc11c\ub97c \ub9cc\ub4e4 \ub54c \uac00\uc7a5 \uba3c\uc800 \ud558\ub294 \uc791\uc5c5\uc73c\ub85c \ube44\ubc00 \ud0a4\ub97c \uc0dd\uc131\ud55c\ub2e4. \ube44\ubc00 \ud0a4\ub294 \uc790\uc2e0\ub9cc\uc774 \uc54c \uc218 \uc788\uac8c \uc8fc\uc758\ud574\uc11c \uad00\ub9ac\ud574\uc57c \ud558\ub294 \uc815\ubcf4\ub2e4. \ub530\ub77c\uc11c \uac00\ub2a5\ud558\uba74 \ub204\uad6c\ub3c4 \uc54c \uc218 \uc5c6\uac8c \ube44\ubc00\uc2a4\ub7fd\uac8c \uc0dd\uc131\ud558\uace0 \uad00\ub9ac\ud574\uc57c \ud55c\ub2e4. \uc774 \uacfc\uc815\uc5d0\uc11c \uac00\uc7a5 \uba3c\uc800 \ud558\ub294 \uc791\uc5c5\uc740 DSA Parameter\ub97c \ub9cc\ub4dc\ub294 \uacfc\uc815\uc73c\ub85c \ub2e4\uc74c\uacfc \uac19\uc740 \uba85\ub839\uc73c\ub85c \uc218\ud589\ud55c\ub2e4.<\/p>\n
# openssl dsaparam 1024 -out dsaparam1024.pem<\/p><\/blockquote>\n
\uc774 \uba85\ub839\uc740 1024 \ube44\ud2b8 \ud06c\uae30\ub85c DSA Parameter\ub97c \ub9cc\ub4dc\ub294 \uae30\ub2a5\uc744 \uc218\ud589\ud558\uba70, DSA \ud0a4\ub97c \ub9cc\ub4dc\ub294 \ub370 \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n
\ub2e4\uc74c \uba85\ub839\uc740 \uac01\uac01 \uc554\ud638\ud654\ub41c DSA \ub610\ub294 \uc554\ud638\ud654 \ub418\uc9c0 \uc54a\uc740 DSA \ud0a4\ub97c \uc0dd\uc131\ud558\ub294 \uae30\ub2a5\uc744 \ud55c\ub2e4. \ucc98\uc74c\uc758 \uac83\uc774 \uc554\ud638\ud654\ub418\uc9c0 \uc54a\uc740 \ud0a4\ub97c \uc0dd\uc131\ud558\ub294 \uba85\ub839\uc774\uace0, \ub450\ubc88\uc9f8 \uba85\ub839\uc774 \uc554\ud638\ud654 \ub41c DSA \ud0a4\ub97c \uc0dd\uc131\ud558\ub294 \uba85\ub839\uc774\ub2e4.<\/p>\n
# openssl gendsa -out dsa1024.pem -des dsaparam1024.pem
# openssl gendsa -out dsa1024.pem dsaparam1024.pem<\/p><\/blockquote>\nRSA \ud0a4\ub97c \uc0dd\uc131\ud558\ub824\uba74 \ub2e4\uc74c\uacfc \uac19\uc740 \ud615\uc2dd\uc73c\ub85c \uba85\ub839\uc744 \uc774\uc6a9\ud558\uba74 \ub41c\ub2e4. DSA \ud0a4\uc758 \uc0dd\uc131\uacfc \ub9c8\ucc2c\uac00\uc9c0\ub85c \uc554\ud638 \uc54c\uace0\ub9ac\uc998 \uc9c0\uc815 \uc5ec\ubd80\uc5d0 \ub530\ub77c \uc554\ud638\ud654 \ub41c \ud0a4 \ub610\ub294 \uc554\ud638\ud654\ub418\uc9c0 \uc54a\uc740 \ud0a4\ub97c \uc0dd\uc131\ud560 \uc218 \uc788\ub2e4.<\/p>\n
# openssl genrsa -out rsa1024.key -des3 1024
# openssl genrsa -out rsa1024.key 1024<\/p><\/blockquote>\nDH \ud30c\ub77c\ubbf8\ud130\ub294 \ub2e4\uc74c\uacfc \uac19\uc740 \uba85\ub839\uc73c\ub85c \uc0dd\uc131\ud55c\ub2e4.<\/p>\n
# openssl gendh -out dh1024.pem 1024<\/p><\/blockquote>\n
* CSR \uc0dd\uc131
CSR(Certificate Signing Request)\uc740 \uc778\uc99d\uc11c\ub97c \ub9cc\ub4e4\uae30 \uc704\ud574\uc11c CA(Certificate Autority)\ub85c \ubcf4\ub0b4\ub294 \ubb38\uc11c\ub97c \ub9d0\ud55c\ub2e4. \uc2e4\uc81c\ub85c \uc774\ub7ec\ud55c \uc11c\ube44\uc2a4\ub294 \uc0ac\uc124 \uc778\uc99d \uc5c5\uccb4\uc5d0\uc11c \uc218\ud589\ud558\ub294 \uacbd\uc6b0\uac00 \ub9ce\uae30 \ub54c\ubb38\uc5d0 \uac1c\uc778\uc801\uc73c\ub85c CSR\uc744 \uc0dd\uc131\ud558\uace0 \uc774\ub97c \uc774\uc6a9\ud574\uc11c \uc778\uc99d\uc11c\ub97c \uc2e0\uccad\ud558\ub294 \uc791\uc5c5\uc774 \uc870\uae08 \uc5b4\ub824\uc6b8 \uc218\ub3c4 \uc788\ub2e4. openssl\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \ub2e4\uc74c \uba85\ub839\uc744 \uc774\uc6a9\ud574\uc11c CSR\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\ub2e4.<\/p>\n# openssl req -new -config \/etc\/ssl\/openssl.cnf -days 365 -key rsa1024.key > server.scr<\/p><\/blockquote>\n
\uc774 \uba85\ub839\uc740 RSA 1024\ube44\ud2b8 \ud0a4\ub85c CSR\uc744 \ub9cc\ub4e4\uba70, \uba85\ub839 \uc218\ud589 \uacfc\uc815\uc5d0\uc11c openssl.cnf \ud30c\uc77c\uc744 \ud544\uc694\ub85c \ud55c\ub2e4. \uc2e4\uc81c\ub85c \uc774 \uba85\ub839\uc744 \uc218\ud589\ud560 \ub54c\ub294 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc640 \ud568\uaed8 \uc124\uce58\ub41c openssl.cnf \ud30c\uc77c\uc744 \uc801\uc808\ud788 \uc218\uc815\ud574\uc11c \uc0ac\uc6a9\ud558\uc790. \uc774 \uba85\ub839\uc740 \uc55e \ub2e8\uacc4\uc5d0\uc11c \ub9cc\ub4e0 RSA \ud0a4\ub97c \uc774\uc6a9\ud558\ub294 \uba85\ub839\uc774\uba70, DSA\ub97c \uc774\uc6a9\ud574\uc11c \uc0dd\uc131\ud560 \uc218\ub3c4 \uc788\ub2e4. \uc774 \uacbd\uc6b0 \uc704\uc758 \uba85\ub839\uc5d0\uc11c rsa1024.key\ub97c DSA \ud0a4 \ud30c\uc77c\uc778 dsa1024.key\ub85c \ub300\uce58\ud558\uc5ec \uc218\ud589\ud558\uba74 \ub41c\ub2e4.<\/p>\n
* CRT \uc0dd\uc131
\uc774 \uacfc\uc815\uc740 \uc55e\uc5d0\uc11c \uc0dd\uc131\ud55c CSR\uc744 \uc774\uc6a9\ud574\uc11c \uc778\uc99d\uc11c\ub97c \ub9cc\ub4dc\ub294 \uacfc\uc815\uc774\ub2e4. \uc2e4\uc81c\ub85c \uc774 \uacfc\uc815\uc740 CSR\uc744 \ubc1b\uc740 \uacf5\uc778 \uc778\uc99d \uae30\uad00\uc744 \ud1b5\ud574\uc11c \uc218\ud589\ud558\uc9c0\ub9cc, \ud55c\uc815\ub41c \ubc94\uc704\uc5d0\uc11c \uc554\ud638\ud654 \ud1b5\uc2e0 \uae30\ub2a5\uc744 \uc704\ud574\uc11c \uc0ac\uc6a9\ud558\ub294 \uc815\ub3c4\ub77c\uba74 \uc790\uc2e0\uc774 \uac00\uc9c0\uace0 \uc788\ub294 \ud0a4\ub85c \uc11c\uba85\ud574\uc11c \uc774\uc6a9\ud560 \uc218\ub3c4 \uc788\ub2e4. \uc774\ub7ec\ud55c \uacbd\uc6b0\ub97c self-signing\uc774\ub77c\uace0 \ud55c\ub2e4. \uc774 \uacfc\uc815\uc740 \ub2e4\uc74c \uba85\ub839\uc744 \ud1b5\ud574\uc11c \uc218\ud589\ud55c\ub2e4.<\/p>\n# openssl x509 -req -days 365 -in server.csr -signkey rsa1024.key -out server.crt<\/p><\/blockquote>\n
\ub9cc\uc77c \uac00\uc0c1\uc801\uc73c\ub85c CA \uc11c\ubc84\ub97c \ub9cc\ub4e4\uace0 \uc2f6\ub2e4\uba74, \uc774 \uacfc\uc815\uc744 \uc751\uc6a9\ud574\uc11c CA \uc11c\ubc84\ub97c \uad6c\ucd95\ud558\uace0 \uc6b4\uc601\ud560 \uc218\ub3c4 \uc788\ub2e4.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
SSL \ub77c\uc774\ube0c\ub7ec\ub9ac\uc758 \ud65c\uc6a9 SSL \ub77c\uc774\ube0c\ub7ec\ub9ac\uc758 \uac00\uc7a5 \uc911\uc694\ud55c \uae30\ub2a5\uc740 \uc554\ud638\ud654 \ucc44\ub110\uc744 \ud1b5\ud55c \ud1b5\uc2e0\uc774\ub2e4. \uc774\ub97c \uc704\ud574\uc11c \uac01\uac01\uc758 \ud1b5\uc2e0\uc740 \uc778\uc99d\uc11c\ub97c \ud544\uc694\ud55c \uacbd\uc6b0\uac00 \uc788\uc73c\uba70, \uc2e4\uc81c \uc804\uc790\uc0c1\uac70\ub798\ub098 \uc99d\uad8c \uac70\ub798 \ub4f1\uc5d0\uc11c \uc774\uc6a9\ud558\ub294 \uc778\uc99d\uc11c\uc778 \uacbd\uc6b0 \uacf5\uc778 \uc778\uc99d\uae30\uad00\uc5d0\uc11c \ubc1c\uae09\ubc1b\ub294\ub2e4. \ud558\uc9c0\ub9cc \uc81c\ud55c\uc801\uc778 \ubc94\uc704 \ub0b4\uc5d0\uc11c\ub294 \uc790\uccb4\uc801\uc73c\ub85c \uc778\uc99d\uc11c\ub97c \uc0dd\uc131\ud558\uc5ec \uc774\uc6a9\ud560 … Continue reading