[WebtoB] SSL 인증서 생성 및 적용

minminit 2022. 8. 1. 12:49

2022. 8. 1. 12:49

1. WebtoB 인증서 설정

openssl

wbssl을 이용한 다중 도메인 인증서 만들기

1.wbssl.cnf 수정

v3_ca에 ubjectAltName에 DNS 추가

cd $WEBTOBDIR/ssl
cp wbssl.cnf wbssl_test.cnf
vi wbssl_test.cnf

.
.
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectAltName=DNS:www.test.com,DNS:www.test.co.kr,DNS:mail.test.com,DNS:mail.test.co.kr

newcert.pem 생성

#Linux
wbssl req -config /home/webtob5_1/webtob/ssl/wbssl_test.cnf -new -x509 -keyout newcert.pem -out newcert.pem -days 365

#WIndows
wbssl req -config %WEBTOBDIR%\\ssl\\wbssl_test.cnf -new -x509 -keyout newcert.pem -out newcert.pem -days 365

wbssl req -config %WEBTOBDIR%\\ssl\\wbssl_test.cnf -new -x509 -keyout newcert.pem -
out newcert.pem -days 365

Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.................................++++++
...............++++++
writing new private key to 'newcert.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KR]:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) [Tmax Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []: www.test.com (입력하지 않아도 됩니다)
Email Address []:

3. Alternative Name 리스트 확인

wbssl x509 -in newcert.pem -noout -text

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:42:6d:ef:75:3d:3b:5d:8e:39:48:cd:9d:8a:0c:01:f2:43:29:d6
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = KR, O = Tmax Ltd
        Validity
            Not Before: Jun 24 05:28:58 2022 GMT
            Not After : Jun 24 05:28:58 2023 GMT
        Subject: C = KR, O = Tmax Ltd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:bb:6d:3f:f5:b0:32:37:9b:1f:99:63:52:45:87:
                    fd:99:71:77:e8:c0:51:98:21:f8:3c:de:19:3d:72:
                    ff:25:69:e4:c0:b3:b4:5b:0b:ea:2f:a3:a6:82:d2:
                    1d:20:d3:13:14:07:1d:c5:ae:9e:6b:e9:b8:f4:c1:
                    fa:29:00:6e:07:ca:8a:f1:b8:c6:7f:0c:c6:40:5f:
                    38:0f:a4:0d:de:fb:a5:b6:12:ef:ba:81:8a:fa:27:
                    e3:29:f6:59:dd:bb:28:b4:96:19:3f:32:36:cc:bd:
                    aa:07:40:c1:5d:7a:b2:e5:81:bb:c9:27:05:11:6f:
                    11:6b:97:f0:2e:6b:11:ba:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                **DNS:www.test.com, DNS:www.test.co.kr, DNS:mail.test.com, DNS:mail.test.co.kr**
            X509v3 Subject Key Identifier:
                D5:B9:5D:97:56:1D:AA:06:83:26:77:A3:BF:3A:01:C4:AB:5D:0E:86
            X509v3 Authority Key Identifier:
                keyid:D5:B9:5D:97:56:1D:AA:06:83:26:77:A3:BF:3A:01:C4:AB:5D:0E:86
                DirName:/C=KR/O=Tmax Ltd
                serial:4A:42:6D:EF:75:3D:3B:5D:8E:39:48:CD:9D:8A:0C:01:F2:43:29:D6

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         58:9b:17:2e:8d:f4:4d:2c:91:e2:37:14:48:63:34:64:a3:89:
         15:f1:3a:c6:e9:61:df:50:58:92:8e:48:ce:61:99:e0:43:12:
         eb:dd:35:f5:cb:cd:94:26:6b:dc:b0:51:13:f2:0f:f0:f6:9e:
         81:6f:96:17:bb:0f:e5:1b:89:bb:b6:56:a9:c1:1f:61:34:fb:
         e0:86:42:c4:5d:4b:53:cc:f3:4b:da:5c:36:69:dd:bc:37:51:
         97:d4:70:f5:74:0b:86:6b:15:41:82:82:c5:f1:39:4f:17:a9:
         8e:76:73:5a:ba:24:6f:d2:25:83:ee:a7:39:1b:22:72:ce:ac:
         35:f2

2.WebtoB URLRewrite 설정

URLRewrite

조건 설명

^	시작 문자 일치
$	종료 문자 일치
OR	RewriteCond 다음에 또 다른 RewriteCond가 있을 경우,
다음 RewriteCond와 logical OR로 조합
R	Substitution이 Absolute URL일 경우, hostname이 서버의 호스트와 일치하는 경우에도 강제로 다시 redirect
L	rewriting 과정을 이 곳에서 종료

NODE 절의 'URLRewrite' 항목은 'Y'로 설정

URLRewriteConfig 항목에 Condition과 Rule에 관련된 설정

URLRewrite=Y,
URLRewriteConfig="{$Webtob_Home}/config/rewrite.conf",

저장 후 해당 경로에 rewrite.conf 파일 생성

vi rewrite.conf
RewriteCond %{HTTPS} !=on
RewriteRule .* https://test.co.kr [L]

#port도 같이 따라오기 때문에 domain을 넣어줘도 됨

wsmkppd

wsmkppd는 SSL절의 PassPhraseDialog를 지원하기 위한 명령어

PassPhraseDialog를 지정하면 WebtoB 재기동 시, 인증서 암호를 입력 필요 없음

wsmkppd [ -p passwd ] ppd_filename sslname

http.m *SSL 절 수정

페이지 호출

http://www.test.co.kr/test1.jsp 호출

https://www.test.co.kr/test1.jsp 로 Rewrite 되어 호출됨 & 인증서 확인

'MiddleWare > WebtoB' 카테고리의 다른 글

[WebtoB] Shared Memory 에러 해결 방법 (0)	2022.10.11
[WebtoB] curl로 Content-Encoding: gzip 확인 (0)	2022.09.21
[WebtoB] DOCROOT, URI, EXT, GotoEXT 설정 (0)	2022.08.10
[WebtoB] TRACE LOG 설정 (0)	2022.08.04
[WebtoB] X-Forwarded-For(XFF) 설정 (1)	2022.08.04

Wait a MIN IT