· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Linuxdoc Sgml/ApacheSSL-KLDP

APACHE SECURED BY SSL

APACHE SECURED BY SSL

Apache-SSL

Team A.L. Digital & Apache-SSL

Feburary 5, 2000 Á¶´ëÇö, cool@hansaram.sarang.net v0.3 2000³â 2¿ù 20ÀÏ
ÀÌ ¹®¼­´Â https://www.apache-ssl.org/ ÀÇ ³»¿ëÀ» ¹ø¿ª(?) ÇÑ °ÍÀÔ´Ï´Ù.

1. Main Features

  • »ó¾÷ ºñ»ó¾÷Àû ÀÌ¿ë °¡´É
  • ¼¼°è ¾îµð¼­³ª 128ºñÆ® ÀÎÅ©¸³¼ÇÀÌ °¡´É
  • Ŭ¶óÀ̾ðÆ® Áõ¸í
  • Àüü ¼Ò½º ÄÚµå
  • È®Àå°¡´ÉÇÑ ¸ð´¼Çü½ÄÀÇ API

2. Apache-SSLÀ̶õ?

Apache-SSLÀº Apache¿Í SSLeay/ OpenSSLÀ» ±â¹ÝÀ¸·Î ÇÏ´Â º¸¾È À¥¼­¹öÀÌ´Ù. ÀÌ°ÍÀº BSD Çü½ÄÀÇ license¿¡ ±â¹ÝÇÑ´Ù. °£´ÜÈ÷ copyright notices¸¸ À¯ÁöÇÑ´Ù¸é »ó¾÷ÀûÀÌµç ºñ »ó¾÷ÀûÀÌµç °øÂ¥·Î ¾µ¼ö ÀÖ´Ü ¸»ÀÌ´Ù(´ÜÁö ¼­¹ö¸¦ µ¹¸®±â Àü¿¡ SSLeay Is this legal? FAQ´Â ÀÐ¾î º¸±æ ±ÇÇÑ´Ù). This is the same license as used by Apache from version 0.8.15

3. ´Ù¿î·Îµå

ÇöÀç ¸±¸®Áî: Apache_1.3.11+ssl_1.38 ¸±¸®Áî ³¯Â¥: 2000³â 1¿ù 25ÀÏ

´ç½ÅÀº ¶ÇÇÑ openssl-0.9.4°¡ ÇÊ¿äÇÏ°í ¿©±â¼­ ±¸ÇÒ ¼ö ÀÖ´Ù.

Apache-SSL ¼Ò½º ÆÐÄ¡´Â ´ÙÀ½ UK ¸¶½ºÅÍ ¹èÆ÷ »çÀÌÆ®¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù:

´Ù¸¥ FTP ¹Ì·¯ »çÀÌÆ®µé:

¶Ç´Â HTTP ¹Ì·¯ »çÀÌÆ®µé:

O/S specific ¹öÀüµé:

4. ÇÊ¿äÇÑ °ÍÀº?

ÇÊ¿äÇÑ °ÍµéÀº ¾ÆÆÄÄ¡(1.2.0+ °ú 1.3.0+ ¹öÀü¿¡¼­ °¡´É)¿ë ÆÐÄ¡¿Í ¸î°³ÀÇ Æ¯º°ÇÑ ¼Ò½º ÆÄÀÏ, ¾ÆÁÖ Á¶±ÝÀÇ README¿Í ¼³Á¤ ¿¹Á¦ ÆÄÀϵéÀÌ´Ù. ÆÐÄ¡´Â ¾ÆÆÄÄ¡ ¼Ò½º¿¡ Àû¿ëµÈ ÈÄ¿¡ ÄÄÆÄÀÏ µÇ°í, SSLeay( ¹öÀü 0.5.1b+) ¶Ç´Â OpenSSL°ú ¿¬°áµÈ´Ù. The modified source will still compile a standard Apache as well as Apache-SSL.

5. ÃÖ½ÅÀ¸·Î À¯ÁöÇϱâ

¾÷±×·¹À̵带 °¡Àå Àß ¾Ë ¼ö ÀÖ´Â ¹æ¹ýÀº °¡Àå ÃÖ½ÅÀÇ ¹öÀüÀ» ¾Ë·ÁÁÖ´Â ¹ßÇ¥(announce) ¸ÞÀϸµ ¸®½ºÆ®¿¡ °¡ÀÔÇÏ´Â °ÍÀÌ´Ù.

6. ¹ú·¹ Àâ±â¿Í ÆÐÄ¡

¹ú·¹³ª °³¼±»çÇ×Àº ben@algroup.co.uk·Î º¸³»¶ó.

¹ö±×³ª ¹®Á¦Á¡µéÀ» ·¹Æ÷ÆÃÇϴµ¥ ºÎ´ãÀ» ´À³¢Áö ¸¶¶ó. ±×·¯³ª, (´ç½ÅÀÌ µ·À» ÁöºÒÇÒ Àǻ簡 ÀÖ´õ¶óµµ.. --;) ¾à¼Ó(°íÄ£´Ù´Â?)Àº ¸øÇÏ°Ú´Ù.

7. »ó¾÷Àû Áö¿ø

¾ÆÆÄÄ¡³ª Apache-SSL µÑ´Ù »ó¾÷ÀûÀÎ Áö¿øÀÌ °¡´ÉÇÏ´Ù. Èï¹Ì Àְŵç ben@algroup.co.uk·Î ¸ÞÀÏÀ» º¸³»¶ó.

8. ÀüÀÚ Áõ¸í

´ÙÀ½Àº ÆäÀÌÁö ¸µÅ©¸¦ ¿äûÇؿ ȸ»çµéÀÌ´Ù. ³ª´Â ¾Æ·¡ ´ÜüµéÀ» º¸Áõ, ÃßõÇÏÁöµµ ¾Ê°í ³ª¿ÍÀÇ °ü°è ¿ª½Ã ÀüÇô ¾ø´Ù. ¿äûÇÑ ¼øÀ¸·Î ³ª¿­ÇÏ¿´´Ù.

Apache-SSL¿ë ÀüÀÚ Áõ¸íÀÌ °¡´ÉÇÑ °÷µé:

9. PGP Å°(key)

³ª¿¡°Ô »çÀûÀÎ ¸ÞÀÏÀ» º¸³¾·Á¸é, ¿©±â³» PGPÅ°°¡ ÀÖ´Ù. Á¦¹ß ºô¿äÇÑ µ¥¸¸ ½á´Þ¶ó; ³ª´Â Æнº¹®(passphrase) ŸÀÌÇÎÀÌ Á¤¸» ½È´Ù.. --+

10. FAQ

10.1 Apache-SSL Àº Çѵ¿¾È ¾÷µ¥ÀÌÆ® µÇÁö ¾Ê¾Ò´Ù - ÀÌ°Ç ³°¾Ò´Ù(out-of-date)´Â ¸»Àΰ¡?

¾Æ´Ï´Ù, À§¸»Àº ±×°Í(Apache-SSL)ÀÌ »ç¶÷µéÀÌ ¿øÇÏ´Â ¸¸Å­ Àß ÀÛµ¿ÇÑ´Ù´Â ¶æÀÌ´Ù. ¿ì¸®´Â °íÃÄÁ®¾ß ÇÒ ¹ö±×°¡ ÀÖÀ»¶§¿Í »õ ¹öÀüÀÇ Apache(ÀÌÇÏ ¾ÆÆÄÄ¡)°¡ ³ª¿Ã¶§, ¶Ç´Â ´©±º°¡°¡ »õ·Î¿î ±â´ÉÀ» ¿øÇÒ¶§¸¸ ¾÷µ¥ÀÌÆ® ÇÑ´Ù.

10.2 ³» ºê¶ó¿ìÀú´Â ¿Ö Apache-SSL¿¡ Á¢¼ÓÇÒ ¶§ ¸ØÃçÀֱ⸸ Çϳª?

https: ´ë½Å¿¡ http:¸¦ »ç¿ëÇ߱⠶§¹®ÀÌ´Ù. ¶Ç, ¿¡·¯ ·Î±×¿¡¼­ ´ÙÀ½ ¸Þ½ÃÁö¸¦ º»°Ô µÈ´Ù¸é ¿ª½Ã À§¿Í°°Àº ÀÌÀ¯¿¡¼­´Ù.

  SSL_Accept failed error:140760EB:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

10.3 ÆÐÄ¡°¡ Àû¿ëÀÌ ¾ÈµÇ´Âµ¥, ¹¹°¡ À߸øµÈ°Ç°¡?

´ÙÀ½°ú °°Àº °á°ú¸¦ ¾ò´Â´Ù¸é,

$patch < SSLpatch
  Looks like a new-style context diff.
  File to patch:
¾Æ¸¶ ¿¾³¯ ¹öÀüÀÇ patch¸¦ °¡Áö°í ÀÖÀ» °ÍÀÌ´Ù. 2.1 ÀÌ»óÀÇ ¹öÀüÀ¸·Î ¹Ù²Ù°í ´Ù½Ã ½ÃµµÇ϶ó.

10.4 HTTP°¡ Æ÷Æ®(port) 80À» ¾²´Â°Ç ¾Æ´Âµ¥, HTTPS´Â?

´ç½ÅÀº HTTPS¸¦ ¾Æ¹« Æ÷Æ®¿¡¼­³ª µ¹¸± ¼ö ÀÖÁö¸¸, ´ëºÎºÐÀÇ ºê¶ó¿ìÀú°¡ ±âº»À¸·Î ã´Â Ç¥ÁØ Æ÷Æ®´Â 443ÀÌ´Ù. ³Ê(Çä.. ¾ðÁ¦ºÎÅÍ.. --;)´Â ´ÙÀ½°ú °°ÀÌ URL¿¡ Æ÷Æ®¹øÈ£¸¦ ÁöÁ¤Çؼ­ ºê¶ó¿ìÀú°¡ °­Á¦·Î ãµµ·Ï ÇÒ ¼ö ÀÖ´Ù.

https://secure.server.hell:666

10.5 ³ª´Â ÇÑ ¸Ó½Å¿¡¼­ º¸¾È(secure), ºñº¸¾È(non-secure) ¼­¹ö¸¦ °°ÀÌ µ¹¸®°í ½Í´Ù. °¡´ÉÇÑ°¡?

µÎ°¡Áö ¹æ¹ýÀÌ ÀÖ´Ù. µÎ°³ÀÇ ¼­¹ö ´ë¸óÀ» µ¹¸®°Å³ª, ÇÑ ´ë¸ó¿¡¼­ µÎ°¡Áö ¼­ºñ½º¸¦ µ¿½Ã¿¡ Çϰųª. µÎ ´ë¸ó¸¦ µ¹¸®´Â ÁÁÀº ÀÌÀ¯°¡ ÀÖ´õ¶óµµ, º¸Åë °¡Àå °£´ÜÇÏ°Ô ÇÑ ¼­¹ö¸¦ µ¹¸®°í SSLÀÌ ÇÊ¿ä¾ø´Â ºÎºÐÀº °¡»óÈ£½ºÆ®(virtual host)·Î ±× ±â´ÉÀ» ²¨¹ö¸®¸é µÈ´Ù. ¸¸¾à µÎ°³ÀÇ ´ë¸óÀ» µ¹¸®°í ½Í´Ù¸é °¢ ¼­¹ö°¡ Á¤ÇØÁø Æ÷Æ®(º¸Åë ºñº¸¾ÈÀº Æ÷Æ® 80, º¸¾ÈÀº 443) ÇÏ°í¸¸ ¿¬°á µÇµµ·Ï ÇØ¾ß ÇÑ´Ù. ÇϳªÀÇ ¼­¹ö¸¸ µ¹¸®°í ½Í´Ù¸é, ¾î¶»°Ô ¼³Á¤ÇÏ´ÂÁö ¿©±â ¿¹Á¦ ¼³Á¤ ÆÄÀÏÀÌ ÀÖ´Ù.

10.6 ÀÌÁ¦ ¸· ¼­¹ö¸¦ ¼³Ä¡ Çß´Ù. Å×½ºÆ® Áõ¸í¼­´Â ¾î¶»°Ô ¸¸µå³ª?

´Ü°è Çϳª - Å°(key)¿Í ¿äû(request, û, û±¸.. ¸Ó¾ß.. --;)¸¦ ¸¸µé¾î¶ó.

  openssl req -new > new.cert.csr

´Ü°è µÑ - Å°¿¡¼­ Æнº¹®(passphrase)¸¦ Áö¿ö¶ó(¼±ÅûçÇ×ÀÌ´Ù).

  openssl rsa -in privkey.pem -out new.cert.key

´Ü°è ¼Â - ¿äû(request)À» ¼­¸íµÈ Áõ¸í(cert)À¸·Î ¹Ù²ã¶ó.(¹Ù²ã, ¹Ù²ã, ^^;)

  openssl x509 -in new.cert.csr -out neww.cert.cert -req -signkey new.cert.key -days 365

À§ °á°ú¸¦ Apache-SSLÀÇ Áö½ÃÀÚ·Î ´ÙÀ½°ú °°ÀÌ »ç¿ëÇÑ´Ù.

  SSLCertificateFile /path/to/certs/new.cert.cert
  SSLCertificateKeyFile /path/to/certs/new.cert.key

10.7 Ŭ¶óÀ̾ðÆ® Áõ¸í¼­´Â ¾î¶»°Ô ¸¸µå³ª?

´Ü°è Çϳª - À§ ó·³ CA Áõ¸í/Å° ½ÖÀ» ¸¸µç´Ù.

´Ü°è µÑ - CA Å°·Î °í°´ ¿äû¿¡ ¼­¸íÇÑ´Ù.

  openssl x509 -req -in client.cert.csr -out client.cert.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365 

´Ü°è ¼Â - 'client.cert.cert' ÆÄÀÏÀ» ¿äûÇÏ´ÂÀÌ¿¡°Ô ³Ñ°ÜÁÖ¶ó.

Apache-SSLÀº ´ÙÀ½À» Ãß°¡ ÇÔÀ¸·Î½á ÀÌ Áõ¸í¼­ÀÇ È®ÀÎÀÌ °¡´ÉÇÏ´Ù.

  SSLCACertificateFile /path/to/certs/my.CA.cert
  SSLVerifyClient 2

10.8 ³» CGI·Î ¾î¶»°Ô Ŭ¶óÀ̾ðÆ® Áõ¸í¿¡ Á¢±ÙÇϴ°¡?

¸±¸®Áî apache_1.3.2+ssl_1.27 À̻󿡼­´Â ´ÙÀ½ Áö½ÃÀÚ¸¦ »ç¿ëÇÑ´Ù.

  SSLExportClientCertificates
ÀÌ°ÍÀº Ŭ¶óÀ̾ðÆ® Áõ¸íÀÇ ³»¿ëÀ» Æ÷ÇÔÇϴ ȯ°æº¯¼ö¸¦ ¸¸µé°Ô µÈ´Ù. ´õ ÀÚ¼¼ÇÑ °ÍÀº, docs ¼½¼ÇÀÇ SSLExportClientCertificates¸¦ º¸¶ó. ÀÛµ¿ ¿¹Á¦µµ ÀÖ´Ù: https://www.apache-ssl.org/cgi/cert-export

10.9 FontPage98 Extensions with Apache-SSLÀº ¾î¶»°Ô ¼³Ä¡Çϳª?

Bertrand Renuart°¡ ÀÌ¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ³»¿ëÀ» http://www.itma.lu/howto/apache¿¡¼­ ±â¼úÇÏ°í ÀÖ´Ù.

10.10 Verisign cert¸¦ ¼³Ä¡ÇÒ ¶§, ¿Ö "getca", "getverisign"À» ãÀ» ¼ö ¾ø´Â°¡?

Apache-SSL ¸í·É¿¡¼­ VerisignÀº Áö¿øµÇÁö ¾Ê±â ¶§¹®ÀÌ´Ù. »ç¿ëÇÏ°í ½Í´Ù¸é Stronghold(»ó¿ë ¾ÆÆÄÄ¡ ±â¹Ý SSL Áö¿ø ¼­¹ö)¸¦ »ç¿ëÇضó. ´ç½ÅÀÌ ÇØ¾ß ÇÒ ÀÏÀº ´ÜÁö Áõ¸íÀ» ÆÄÀÏ¿¡ ÀúÀåÇÏ°í ±× À̸§À» SSLCertificateFileÁö½ÃÀÚ¿¡ ³Ñ°ÜÁÖ¸é µÈ´Ù. Å°ÆÄÀϵµ ³Ñ°Ü¾ß ÇÏ´Â°É ±â¾ïÇضó.

10.11 ÀϹÝÀûÀÎ ÄÄÆÄÀÏ ¿¡·¯

  gcc -c  -I../os/unix -I../include -I/usr/local/ssl/include   -funsigned-char -DTARGET=\"httpsd\" -DAPACHE_SSL `../apaci` -DAPACHE_SSL buff.c
  buff.c: In function `ap_read':
  buff.c:259: structure has no member named `stats'
  buff.c:267: structure has no member named `stats'
  buff.c:268: structure has no member named `stats'
  buff.c:269: structure has no member named `stats'
  buff.c:271: structure has no member named `stats'
  buff.c: In function `ap_write':
  buff.c:346: warning: passing arg 2 of `SSL_write' discards `const' from pointer target type
  *** Error code 1
OpenSSLÀ» ¾÷±×·¹À̵å ÇØ¾ß ÇÑ´Ù.

10.12 Y2K ¹®Á¦´Â?

Apache-SSL ÇϺÎÀÇ ÄÄÆ÷³ÍÆ®¿¡´Â ³¯Â¥°ü·Ã 󸮰¡ ¾ø¾î¼­ ´ç½Å ½Ã½ºÅÛÀÇ ÀüüÀûÀÎ ÄÄÇöóÀ̾ð½º(compliance)¿£ ¿µÇâÀ» ¹ÞÁö ¾Ê´Â´Ù. ¸ÞÀÎ ÄÄÆ÷³ÍÆ®ÀÎ ¾ÆÆÄÄ¡´Â Y2K¿¡ ´ëÇؼ­ ÀÌ·¸°Ô À̾߱â ÇÏ°í ÀÖ´Ù. ¶ÇÇÑ ´ç½ÅÀº OS, Çϵå¿þ¾î¿Í ´Ù¸¥ ¸ðµâÀ» °Ë»çÇØ¾ß ÇÑ´Ù.

11. ¸ÞÀϸµ ¸®½ºÆ®

µÎ Apache-SSL ¸ÞÀϸµ ¸®½ºÆ®°¡ ÀÖ´Ù. Apache-SSL Ä¿¹Â´ÏƼ(community)·ÎºÎÅÍ ÀϹÝÀûÀÎ µµ¿òÀ̳ª Áö¿øÀ» ¿øÇϸé, apache-ssl-help@lists.aldigital.co.uk·Î ºó ¸ÞÀÏÀ» º¸³»¶ó. ÀÌ°ÍÀº Áú¹®¿¡ ´ëÇÑ ÇØ´äÀ» ¾ò´Â °¡Àå ºü¸¥ °æ·Î ÀÏ °ÍÀÌ´Ù. ±×·¯³ª, Áú¹®À» Æ÷½ºÆÃÇϱâÀü¿¡ archive¿¡ ´äÀÌ ÀÖ´ÂÁöºÎÅÍ È®ÀÎÇضó.

´Ü¼øÈ÷ ÃÖ½ÅÀ¸·Î À¯ÁöÇÏ°í »õ ¸±¸®Áî¿Í Áß¿äÇÑ ¹ßÇ¥¸¦ µè±â¸¸À» ¿øÇÑ´Ù¸é, apache-sslannounce-help@lists.aldigital.co.uk°¡ ÀÖ´Ù.

12. Apache-SSLÀº mod_sslÀÌ ¾Æ´Ï´Ù!!

There appears to be some confusion regarding Apache-SSL and mod_ssl. To set the record straight: mod_ssl is not a replacement for Apache-SSL - it is an alternative, in the same way that Apache is an alternative to Netscape/Microsoft servers, or Linux is an alternative to FreeBSD. It is a matter of personal choice as to which you run. mod_ssl is what is known as a 'split' - i.e. it was originally derived from Apache-SSL, but has been extensively redeveloped so the code now bears little relation to the original.

Apache-SSL continues to be developed and maintained, our main focus being on reliability, security and performance, rather than features and bells and whistles. I hope this makes things clear. (Adam Laurie)

13. ¸µÅ©µé

°ü·Ã À¥ ÀÚ¿øµé:

14. ¹Ì·¯ À¥»çÀÌÆ®

15. Å©·¹µðÆ®(^^;)

Apache-SSL was written by Ben Laurie, who is also an Apache core team member, and an OpenSSL core team member.

The development of Apache-SSL is sponsored by A.L. Digital Ltd., and this site is hosted by tem.

Info on FTP mirror sites, CAs, Links, etc., should be send to: The Web Slaves.

Apache-SSL graphics courtesy of Jamie Harrison and The WoW Foundation, based on the original feather by Randy Terbush. Feel free to replicate.

16. Team A.L. Digital & Apache SSL

A.L. Digital Ltd. participate in the Distributed Net encryption cracking efforts, as do many of our friends. To see how our team is doing, click the team logo above. To read more about the project, click on the banner above. To join our team, affiliate yourself with team no. 5209. For your personal privacy, the team membership listing is not open to the public, and we promise not to use it ourselves. For anything.


ID
Password
Join
Recent investments will yield a slight profit.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2003-08-10 11:52:29
Processing time 0.0024 sec