CentOS 7 NGINX 서버에 SSL (http) 구축하기

CentOS 7 NGINX 서버에 SSL (http) 구축하기 1. 필요한 소프트웨어   SSL 암호화를 위해 OpenSSL과 mod_ssl이 필요합니다.    openssl이 자동 설치되지만 확인차 다시 설치 합니다. ]# yum install mod_ssl openssly 2. self-signed certificate 생성   OpenSSL을 이용해 self-signed certificate를 생성하는 과정입니다.   private key 생성   ]# openssl genrsa -out ca.key 1024 Generating RSA private key, 1024 bit long modulus .....++++++ ......++++++ e is 65537 (0x10001) 3. CSR 생성  ]# openssl req -new -key ca.key -out ca.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ., the field will be left blank. ----- Country Name (2 letter code) [XX]:KR State or Province Name (full name) []:Kyeonggi Locality Name (eg, city) [Default City]:Suwon Organization Name (eg, company) [Default Company Ltd]:moa Organizational Unit Name (eg, section) []:moa Common Name (eg, your name or your servers hostname) []:landmoa.net Email Address []:myid@gmail.com Please enter the following extra attributes to be sent with your certificate request A challenge password []: An optional company name []: ======================================================== 4.Self signed key 생성  ]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt   다음 위치에 파일들을 복사합니다..  ]# cp ca.crt /etc/pki/tls/certs  ]# cp ca.key /etc/pki/tls/private/ca.key  ]# cp ca.csr /etc/pki/tls/private/ca.csr ===== 5.서버에 적용  ]# vi /etc/nginx/conf.d/default443.conf server {     #listen       8080;     listen       443;     server_name  landmoa.net *.landmoa.net www.landmoa.net;     root   /home/test;     index  index.php index.html index.htm;     #charset koi8-r;     #access_log  /var/log/nginx/host.access.log  main;    => 아래 부분 추가     ssl on;     ssl_certificate         /etc/pki/tls/certs/ca.crt;     ssl_certificate_key     /etc/pki/tls/private/ca.key;  ]# systemctl restart nginx [테스트]  http://test.landmoa.net/ ssl 설치를 하여 테스트해 본 페이지 입니다.