{"id":2585,"date":"2021-08-06T23:45:01","date_gmt":"2021-08-06T14:45:01","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=2585"},"modified":"2025-09-01T11:36:01","modified_gmt":"2025-09-01T02:36:01","slug":"%ec%82%ac%ec%84%a4-%ec%9d%b8%ec%a6%9d%ec%84%9c-%ec%83%9d%ec%84%b1%ed%95%98%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=2585","title":{"rendered":"\uc0ac\uc124 \uc778\uc99d\uc11c \uc0dd\uc131\ud558\uae30"},"content":{"rendered":"

\uc0ac\uc124 \uc778\uc99d\uc11c \uc0dd\uc131\ud558\uae30<\/h1>\n

\ucc38\uace0<\/a><\/p>\n

\ucc38\uace0<\/a><\/p>\n

OpenSSL \uc124\uce58<\/h2>\n

MS Windows \uc758 \uacbd\uc6b0 \uc544\ub798 \uc0ac\uc774\ud2b8\uc5d0\uc11c OpenSSL \uc744 \ub2e4\uc6b4\ubc1b\uc544 \uc124\uce58\ud569\ub2c8\ub2e4.
\nhttps:\/\/slproweb.com\/products\/Win32OpenSSL.html<\/a><\/p>\n

\uc0ac\uc124 \uc778\uc99d\uc11c \uc0dd\uc131<\/h2>\n

\ub8e8\ud2b8 \uc778\uc99d\uc11c \uc0dd\uc131<\/h3>\n
openssl ecparam -out rootCA.key -name prime256v1 -genkey<\/code><\/pre>\n
openssl req -new -sha256 -key rootCA.key -out rootCA.csr\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:KR\nState or Province Name (full name) [Some-State]:Seoul\nLocality Name (eg, city) []:Seoul\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Home\nOrganizational Unit Name (eg, section) []:Home\nCommon Name (e.g. server FQDN or YOUR name) []:\nEmail Address []:\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\nAn optional company name []:<\/code><\/pre>\n
\"\"<\/a><\/p>\n
openssl x509 -req -sha256 -days 999999 -in rootCA.csr -signkey rootCA.key -out rootCA.crt<\/code><\/pre>\n
\uc11c\ubc84\uc6a9 \uc778\uc99d\uc11c \uc0dd\uc131<\/h3>\n
\uc6f9\uc11c\ubc84 \ub4f1\uc5d0\uc11c \uc0ac\uc6a9\ub420 \uc778\uc99d\uc11c\ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n
openssl ecparam -out server.key -name prime256v1 -genkey<\/code><\/pre>\n
openssl req -new -sha256 -key server.key -out server.csr\n\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:KR\nState or Province Name (full name) [Some-State]:Seoul\nLocality Name (eg, city) []:Seoul\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Home\nOrganizational Unit Name (eg, section) []:Home\nCommon Name (e.g. server FQDN or YOUR name) []:\nEmail Address []:\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\nAn optional company name []:<\/code><\/pre>\n
\"\"<\/a><\/p>\n
extention.ext \ud30c\uc77c\uc744 \uc0dd\uc131\ud569\ub2c8\ub2e4.
\n\ud30c\uc77c\uc758 \ub0b4\uc6a9\uc740 \uc544\ub798\uc758 \ub0b4\uc6a9\uc73c\ub85c \ud569\ub2c8\ub2e4.
\nalt_names \ud0ed\uc5d0 \uc6d0\ud558\ub294 \ub3c4\uba54\uc778\uc744 \ucd94\uac00\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n
\ub3c4\uba54\uc778\uc740 DNS \ub85c \uc785\ub825\ud558\uace0, \uc544\uc774\ud53c\uc758 \uacbd\uc6b0 IP \ub85c \uc785\ub825\ud569\ub2c8\ub2e4.
\n\uc544\uc774\ud53c\uc758 \uacbd\uc6b0 111.222.111.* \uc640 \uac19\uc740 \uc640\uc77c\ub4dc \ubb38\uc790\ub97c \uc0ac\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.<\/p>\n
authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = localhost\nDNS.2 = *.localhost\nIP.1 = 111.222.111.222\nIP.2 = 111.222.111.223<\/code><\/pre>\n
\uc544\ub798 \uba85\ub839\uc73c\ub85c \uc778\uc99d\uc11c(crt) \ud30c\uc77c\uc744 \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n
openssl x509 -req -sha256 -days 999999 -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -extfile extention.ext<\/code><\/pre>\n
\uc778\uc99d\uc11c\uac00 \uc815\uc0c1\uc801\uc73c\ub85c \uc0dd\uc131\ub418\uc5c8\ub294\uc9c0 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
openssl x509 -in server.crt -text -noout<\/code><\/pre>\n
\uc0ac\uc124 \uc778\uc99d\uc11c \uc801\uc6a9<\/h2>\n
\uc2a4\ud504\ub9c1 \ubd80\ud2b8<\/h3>\n
cat server.crt rootCA.crt > server.pem\n# type server.crt rootCA.crt > server.pem<\/code><\/pre>\n
-passin pass: -passout pass:<\/code> \ub97c \ud30c\ub77c\ubbf8\ud130\ub85c \ucd94\uac00\ud574\uc11c \ube44\ubc00\ubc88\ud638\ub97c \uc0dd\ub7b5\ud558\uac8c \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
openssl pkcs12 -export -inkey server.key -in server.pem -out key.pkcs12 -name System\nEnter Export Password:\nVerifying - Enter Export Password:<\/code><\/pre>\n
application.yml \ud30c\uc77c\uc5d0 \uc544\ub798 \ub0b4\uc6a9\uc744 \uc785\ub825\ud569\ub2c8\ub2e4.<\/p>\n
server:\n  ssl:\n    enabled: true\n    key-store: key.pkcs12\n    key-store-password:      # \ube44\ubc00\ubc88\ud638\ub97c \uc785\ub825\ud55c \uacbd\uc6b0\n    key-store-type: PKCS12\n    key-alias: System        # Name \uc5d0 \uc785\ub825\ud55c \uac83<\/code><\/pre>\n
\ud504\ub85c\uc81d\ud2b8 \ub8e8\ud2b8<\/code> \uc5d0 key.pkcs12 \ub97c \ucd94\uac00 \ud6c4 \ud504\ub85c\uc81d\ud2b8\ub97c \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n
\ub85c\uadf8\uc5d0 \uc544\ub798 \ub0b4\uc6a9\uc774 \ud45c\uc2dc\ub429\ub2c8\ub2e4.<\/p>\n
Tomcat started on port 8080 (https) with context path ''<\/code><\/pre>\n
https:\/\/localhost:8080\/<\/a> \uc5d0 \uc811\uc18d\ud558\uba74 SSL \uc774 \ud65c\uc131\ud654\ub41c \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
Node JS<\/h3>\n
const path = require("path");\nconst express = require('express');\nconst http = require('http');\nconst https = require('https');\nconst fs = require('fs');\n\nconst HTTP_PORT = 8080;\nconst HTTPS_PORT = 8443;\n\nconst options = {\n    \/\/ key: fs.readFileSync('.\/rootCa.key'),\n    \/\/ cert: fs.readFileSync('.\/rootCa.crt')\n    key: fs.readFileSync('.\/server.key'),\n    cert: fs.readFileSync('.\/server.crt')\n};\n\nconst app = express();\n\napp.use("\/", (req, res)=>{\n    res.sendFile(path.join(__dirname, '.\/index.html'));\n})\n\nconst HTTPServer = http.createServer(app).listen(HTTP_PORT);\nconst HTTPSServer = https.createServer(options, app).listen(HTTPS_PORT);<\/code><\/pre>\n
Linux (Ubuntu, Debian)<\/h3>\n
sudo cp rootCA.crt \/usr\/local\/share\/ca-certificates\/\nsudo update-ca-certificates<\/code><\/pre>\n
\ube0c\ub77c\uc6b0\uc800 \ud06c\ub86c\uc740 OS \uc778\uc99d\uc11c \ub300\uc2e0 \uc790\uccb4 \uc778\uc99d\uc11c\ub85c \uccb4\ud06c\ud569\ub2c8\ub2e4.(https \uc791\ub3d9\uc548\ud568)<\/p>\n
Linux (CentOs 6)<\/h3>\n
sudo yum install ca-certificates\nsudo update-ca-trust force-enable\nsudo cp rootCA.crt \/etc\/pki\/ca-trust\/source\/anchors\/\nsudo update-ca-trust extract<\/code><\/pre>\n
Linux (CentOs 5)<\/h3>\n
sudo cat rootCA.crt >> \/etc\/pki\/tls\/certs\/ca-bundle.crt<\/code><\/pre>\n
Windows 10<\/h3>\n
Reboot Required!!!<\/font><\/p>\n
\uad00\ub9ac\uc790 \uad8c\ud55c\uc73c\ub85c \ub3c4\uc2a4\ucc3d\uc5d0\uc11c \uc544\ub798 \uba85\ub839\uc744 \uc785\ub825\ud569\ub2c8\ub2e4.
\n\uc7ac\ubd80\ud305<\/font>\ud558\uba74 \uacbd\uace0\ucc3d \uc5c6\uc774 https:\/\/localhost:8080\/<\/a> \ub97c \uc811\uc18d\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
certutil -addstore -f "ROOT" rootCA.crt<\/code><\/pre>\n
\"\"<\/a><\/p>\n
Mac OS X<\/h3>\n
sudo security add-trusted-cert -d -r trustRoot -k \/Library\/Keychains\/System.keychain ~\/new-root-certificate.crt<\/code><\/pre>\n
chrome<\/h3>\n
\ud06c\ub86c\uc740 \uc778\uc99d\uc11c\ub97c \ubcc4\ub3c4\ub85c \uad00\ub9ac\ud55c\ub2e4.
\n\uc124\uc815 > \uac1c\uc778\uc815\ubcf4 \ubc0f \ubcf4\uc548 > \ubcf4\uc548 > \uae30\uae30 \uc778\uc99d\uc11c \uad00\ub9ac<\/code> \uc5d0\uc11c \ub8e8\ud2b8\uc778\uc99d\uc11c\ub97c \ucd94\uac00\ud574 \uc900\ub2e4.<\/p>\n
\uc2e0\ub8b0\ud560 \uc218 \uc788\ub294 \ub8e8\ud2b8 \uc778\uc99d\uae30\uad00\uc5d0 \ucd94\uac00\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n
\ud06c\ub86c \uc7ac\uc2dc\uc791 \ud544\uc694!!!<\/font><\/p>\n
JDK \uc5d0 \ub8e8\ud2b8\uc778\uc99d\uc11c \uc801\uc6a9<\/h2>\n
\uc5ec\uae30<\/a> \ucc38\uc870<\/p>\n
\uc5ec\uae30<\/a> \ucc38\uc870<\/p>\n","protected":false},"excerpt":{"rendered":"
\uc0ac\uc124 \uc778\uc99d\uc11c \uc0dd\uc131\ud558\uae30 \ucc38\uace0 \ucc38\uace0 OpenSSL \uc124\uce58 MS Windows \uc758 \uacbd\uc6b0 \uc544\ub798 \uc0ac\uc774\ud2b8\uc5d0\uc11c OpenSSL \uc744 \ub2e4\uc6b4\ubc1b\uc544 \uc124\uce58\ud569\ub2c8\ub2e4. https:\/\/slproweb.com\/products\/Win32OpenSSL.html \uc0ac\uc124 \uc778\uc99d\uc11c \uc0dd\uc131 \ub8e8\ud2b8 \uc778\uc99d\uc11c \uc0dd\uc131 openssl ecparam -out rootCA.key -name prime256v1 -genkey openssl req -new -sha256 -key rootCA.key -out rootCA.csr You are about to be asked to enter information that will be incorporated into your certificate\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2585","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2585"}],"version-history":[{"count":23,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2585\/revisions"}],"predecessor-version":[{"id":10867,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2585\/revisions\/10867"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}