아파치 인증서 적용 httpd.conf

SSL 설정할 conf 위치 확인

- 기본 httpd.conf에 설정할 지 또는 /conf/extra/httpd-ssl.conf 와 같은 별도의 위치에 적용할지 확인

- 별도 분할된 conf에 적용한다면 httpd.conf에서 참조 설정이 되어 있는지 확인 필요

 

# 적용 예제

 

<VirtualHost : 443>

   ServerName "지정한 서버인증서에 포함된 도메인"

   SSLEngine on

    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 (서버 환경에 따라서 선택적 적용)

    SSLCertificateKeyFile /인증서파일경로 /개인키

    SSLCertificateFile /인증서파일경로 /서버인증서

    SSLCertificateChainFile /인증서파일경로 /체인인증서

    SSLCACertificateFile /인증서파일경로 /루트인증서

</VirtualHost>

 

 

/tomcat/conf/server.xml

<Connector port="1025" address="192.168.0.10" protocol="org.apache.coyote.http11.Http11NioProtocol" server="Server"

               connectionTimeout="20000" redirectPort="8444"

               maxThreads="200" scheme="https" secure="true"

               SSLEnabled="true" sslEnabledProtocols="TLSv1.1, TLSv1.2"

               useBodyEncodingForURI="true" sslProtocol="TLS" URIEncoding="UTF-8"

               keystoreFile="/ssl/test.co.kr.pfx" keystorePass="testcokr" />

 

 

.jks 파일 적용

[Tomcat 4.x]

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="443" minProcessors="5" maxProcessors="75" enableLookups="true"  acceptCount="100" debug="0" scheme="https" secure="true" 

useURIValidationHack="false" disableUploadTimeout="true" />

<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"

clientAuth="false" protocol="TLS"  keystoreFile="키스토어 파일경로/test.key"  keystorePass="패스워드" />

 

[Tomcat 5.x]

<Connector port="443"

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"  enableLookups="false" disableUploadTimeout="true"

acceptCount="100" debug="0" scheme="https" secure="true"  clientAuth="false" sslProtocol="TLS"

keystoreFile="키스토어 파일경로/test.key"  keystorePass=" 패스워드" />

 

[Tomcat 6.x]

<Connector port="443"

maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"

acceptCount="100" debug="0" scheme="https" secure="true" SSLEnabled="true"  clientAuth="false" sslProtocol="TLS"

keystoreFile="키스토어 파일경로/test.key" keystorePass="패스워드" />

 

[Tomcat 7.x]

<Connector port="8443"

maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="키스토어파일경로/test.key" keystorePass="패스워드" clientAuth="false" sslProtocol="TLS" />

 

[Tomcat 8.x]

<Connector port="443" protocol="HTTP/1.1"

maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS"

keystoreFile="키스토어파일경로/test.key" keystorePass="패스워드" />

 

.pfx / .pem 적용방법

[Tomcat 6.x]

<Connector port="443" protocol="HTTP/1.1" address="localhost" SSLEnabled="true"

maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"

keystoreFile=".pfx 인증서 파일경로"

keystorePass="패스워드"  keystoreType="PKCS12" />

 

[Tomcat 8.x]

<Connector port="443" address="localhost" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150"

scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" URIEncoding="UTF-8" 

useBodyEncodingForURI="true" keystoreFile="인증서 파일경로" keystorePass="패스워드" keystoreType="PKCS12" />