[ÀÌÇöö]´ÔÀÌ ³²±â½Å ±Û:
>Á¦ÀÇ °³³ä ºÎÁ·ÀÎÁö ¸ð¸£Áö¸¸.
>»ó¿ëÈ¿ë ca¿Í ¼¹ö¿¡¼ ¸¸µçca(Å×½ºÆ®¿ëca)¸¦
»ç¿ëÇÒ°æ¿ì
>´Ù¸¥Á¡Àº ´ÜÁö À¥ºê¶ó¿ìÀú Á¢¼Ó½Ã ¼¹ö¿¡¼ ¸¸µç ca¸¦ »ç¿ëÇؼ ¼¸íÇÑ »çÀÌÆ® °æ¿ì¿¡´Â
°æ°íâÀÌ ¶á´Ù´Â°ÍÀ¸·Î ¾Ë°íÀÖ½À´Ï´Ù.
>(½Å·Ú¼ºÀÌ ¾ø´Â »çÀÌÆ®¶ó´Â ÇüÅÂÀÇ ¸Þ¼¼Áö)
>
>»ó¿ëÈca¶ó´Â°ÍÀ» »ç¿ëÇÏ´Â ÀÌÀ¯´Â ½Å·Ú¼ºÀ» ¹Ï°í »çÀÌÆ®¸¦ ÀÌ¿ëÇصµ µÈ´Ù´Â ÆÇ´ÜÀ̶ó°í
»ý°¢ÇÕ´Ï´Ù.
>
>±× ÀÌ¿Ü ±â´ÉÀº °°´Ù°í »ý°¢ÇÕ´Ï´Ù.(¾ÏÈ£È Ã³¸®)
¿¹. ±×·¸½À´Ï´Ù.
»ç¼³ÀÎÁõ¼¸¦ »ç¿ëÇÏ´õ¶óµµ Å×½ºÆ®´Â µ¿ÀÏÇÏ°Ô ÇÏ½Ç ¼ö ÀÖÀ¸¸ç,
³»ºÎ¿ëÀ¸·Î »ç¿ëÇÏ´Â °ÍÀ̳ª ´ÜÁö ¾Ïȣȸ¦ À§ÇѰŶó¸é »ç¼³ÀÎÁõ¼¸¦ »ç¿ëÇصµ µË´Ï´Ù.
>---------------- ------------------ --------------------
>ÇöÀç 1´ë¼¹ö¿¡ 2°³ÀÇ µµ¸ÞÀÎÀÌ Á¸ÀçÇÏ°í µÎ°³ÀÇ µµ¸ÞÀÎ ÀüºÎ(http)À¥¼ºñ½º ±×¸®°í
>ÇϳªÀÇ µµ¸ÞÀο¡ °üÇؼ¸¸(https) ÀÌ¿ëÇÏ°íÀÖ½À´Ï´Ù.(»ó¿ëÈÅ°¸¦
ÀÌ¿ëÇÏÁö ¾ÊÀ½-Å×½ºÆ®¿ëca¸¦ °¡Áö°í httpsÇüÅ·ΠÀÌ¿ëÁß)
>
>httpd.conf¿¡´Â
>---------------------------------------------------
><VirtualHost xxx.xxx.xxx.xxx:80>
> ServerAdmin xxxxxxxxx
> DocumentRoot /home/xxxxxxx
> ServerName zec.gigaprize.co.jp
> ErrorLog logs/error.log
> CustomLog logs/access.log common
></VirtualHost>
><VirtualHost xxx.xxx.xxx.xxx:80>
> ServerAdmin xxxxxxxxx
> DocumentRoot /home/xxxxxxx
> ServerName gourmet-star.gigaprize.co.jp
> ErrorLog logs/error_1.log
> CustomLog logs/access_1.log common
></VirtualHost>
>---------------------------------------------
>
>
>http://zec.gigaprize.co.jp/index.html (ÇöÀç index.html¿Í
Á¸ÀçÇÏÁö ¾ÊÄ¡¸¸ µµ¸ÞÀαîÁö Á¢¼ÓÀº °¡´ÉÇÔ)
>http://gourmet-star.gigaprize.co.jp/index.html (ÇöÀç test¿ë
index.html)ÀÌ Á¸ÀçÇÔ
>
>----------------------------------
>ssl.conf¿¡´Â
>--------------------------
><VirtualHost _default_:443>
># General setup for the virtual host
>DocumentRoot /home/xxxxxxx
>ServerName gourmet-star.gigaprize.co.jp:443
>ErrorLog logs/ssl-error_log
>TransferLog logs/ssl-access_log
>-----------------------------------------------
>gourmet-star.gigaprize.co.jp ¸¸ https(ssl)ÇüÅ·Π¼³Á¤ÀÌ µÇ¾î ÀÖÀ½.
>
>
>----
>½ÇÁ¦ Á¢¼ÓÀ» Çغ¸½Ã¸é ¾Ë½Ã°ÚÁö¸¸
>https://gourmet-star.gigaprize.co.jp/index.html
>Á¦´ë·Î Á¢¼ÓÀÌ µÇ°í ÀÖ½À´Ï´Ù.
>
>±×·±µ¥
>https://zec.gigaprize.co.jp/index.html
>·Î Á¢¼ÓÇغ¸¸é ÀÌ µµ¸ÞÀεµ https·Î Á¢¼ÓµÇ¾î ¹ö¸³´Ï´Ù.(index.htmlÀº
½ÇÁ¦Á¸ÀçÇÏÁö ¾Ê´Âµ¥,³»¿ëÀ» º¸¸é gourmet-gigaprize.co.jp ÇüÅ·Î
Á¢¼ÓÇعö¸³´Ï´Ù.(À¥ºê¶ó¿ìÀú
URLÀº zec.gigaprize.co.jp Àε¥ index.htmlÀº
>gourmet-star.gigaprize.co.jp ³»¿ëÀÌ º¸ÀÌ°í ÀÖ½À´Ï´Ù)
>
>
>
>-------Áú¹® 1ÀÔ´Ï´Ù..-----------------
>À§ÀÇ °á°ú¸¦ º¸¸é 1´ëÀÇ ¼¹ö¿¡ 443ÀÇ Æ÷Æ®·Î ¿äûÀÌ(https°¡ ¼³Ä¡µÇ¾îÀÖÁö¾ÊÀº µµ¸ÞÀεµ
) ssl.conf¿¡ ¼³Á¤µÈ µµ¸ÞÀÎÀ¸·Î °á°ú¸¦ º¸¿©ÁÖ°í Àִµ¥ ÀÌ°ÍÀÌ Á¤»óÀÎÁö¿ä?
>>>> °³ÀÎÀûÀ¸·Î https ¼³Á¤µÇÁö ¾ÊÀº µµ¸ÞÀÎ °æ¿ì¿¡´Â 80Àº º¸¿©ÁÖÁö¸¸
>443°üÇؼ´Â ¿¡·¯°¡ ³ª´Â °ÍÀÌ Á¤»óÀ̶ó°í »ý°¢Çϴµ¥ .....
>¾Æ´Ï¸é Á¦ ¼³Á¤ÀÌ À߸øµÇ¾ú½À´Ï±î?
>------------------------------------
Á¤»óÀûÀÎ Çö»óÀÔ´Ï´Ù.
ÀÌÀ¯´Â ¾Æ·¡ Áú¹®¿¡¼ ´äº¯.
>--------Áú¹®2ÀÔ´Ï´Ù-------------------
>±×¸®°í À§ÀÇ µÎ°³ µµ¸ÞÀÎÀ» ÀüºÎ httpsÇüÅ·Π½ÃÇèÇغÃÁö¸¸.
>(ssl.conf¿¡ ¹öÃò¾ó·Î µÎ°³ÀÇ µµ¸ÞÀÏ µî·Ï-¹°·Ð ca¿Í °¢°¢ µµ¸ÞÀκ°·Î ¸¸µé¾úÀ½-Å×½ºÆ®¿ë
ca¸¦ »ç¿ë)
>
>µÎ°³ÀÇ µµ¸ÞÀÎÀ» µî·Ï ÈÄ ¾ÆÆÄÄ¡¼³Á¤ syntaxÅ×½ºÆ®
>#sh apache2/bin/apachectl configtest
>Syntax OK
>±×¸®°í restart ÇÑÈÄ error.log¸¦ º¸¸é ±âÁ¸ÀÇ 443Æ÷Æ®°¡ ÀÌ¿ëÇÏ°í Àֱ⶧¹®¿¡
apachessl¸¦ ±âµ¿ÇÒ¼ö¾ø´Ù°í ³ª¿É´Ï´Ù.
>°á±¹ ÇÑ´ëÀÇ ¼¹ö¿¡ 443Æ÷Æ®´Â ÇϳªÀÇ µµ¸ÞÀθ¸ ¿òÁ÷Àϼö ÀÖ´Ù´Â °á·ÐÀä.(80Æ÷Æ®´Â
¸î°³ÀÇ µµ¸ÞÀÎÀ» ¶ç¿ï¼öÀִµ¥ ¸»ÀÌÁÒ)
>
>°á±¹ ÇÑ´ëÀÇ ¼¹ö¿¡ ÇϳªÀÇ µµ¸ÞÀθ¸ httpsÇüÅ·ΠÀÛµ¿ÇÏ´ÂÁö¿ä.
>--------------------------------------------------------------
>(»ó¿ëÈ ca»çÀÌÆ®¿¡ º¸¸é 700´Þ·¯ Á¤µµÁÖ¸é ¼ºêµµ¸ÞÀÎ(aaa.domail.com
,
>bbb.domail.com) ±îÁö ÀüºÎ ´ëÀÀÇÏ´Â caµµ ÆÈ°í Àִµ¥¿ä..
>---------------------------------------------------------------
>
¿ì¼± ´ÔÀÌ Ã³À½ Áú¹®¿Ã¸± ¶§ ¸»¾¸ÇϽÅ,
¿©·¯ µµ¸ÞÀÎÀ» SSL·Î ¼ºñ½º¸¦ ÇÑ´Ù¸é
1) ÇÑ ¼¹ö¿¡ ¿©·¯ IP¸¦ ÇÒ´çÇÏ°í, À¥¼¹ö´Â °¢°¢ÀÇ IP¿¡ ¹ÙÀεùÇؼ ¿Ã¸®¼Å¾ß ÇÕ´Ï´Ù.
¶Ç´Â https Æ÷Æ®¸¦ 443¿Ü¿¡ °¢ µµ¸ÞÀκ°·Î ´Ù¸£°Ô ÇÏ¿© ¹ÙÀεùÇϰųª.
2) ¿ÏÀüÈ÷ ´Ù¸¥ ¼¹ö¿¡ ÇÑ´ë´ç ÇϳªÀÇ µµ¸ÞÀÎÀ» »ç¿ëÇؾßÇÕ´Ï´Ù.
80Æ÷Ʈó·³ https¸¦ µµ¸ÞÀαâ¹Ý virtual ¼³Á¤À¸·Î´Â ¾ÈµË´Ï´Ù.
ÀÌÀ¯´Â ÇÁ·ÎÅäÄÝÀÇ °èÃþ¸¸ ÀÌÇØÇÏ¸é °£´ÜÇÕ´Ï´Ù.
HTTPS·Î Ç¥½ÃµÇ´Â SSLÇÁ·ÎÅäÄÝÃþÀº HTTPº¸´Ù ÇÏÀ§¿¡ ÀÖ½À´Ï´Ù.
±×·±µ¥ À¥¼¹öÀÇ virtual host¼³Á¤¿¡ ÀÇÇÑ µµ¸ÞÀÎÁ¤º¸´Â HTTPÀÇ Çì´õ¿¡ ºÙ¾îÀÖ½À´Ï´Ù.
Áï, SSLÇÁ·ÎÅäÄÝÀº HTTPº¸´Ù ÇÏÀ§ÀÌ´Ï HTTPÀÇ Çì´õ¸¦ ÀÌÇظ¦ ¸øÇÏ´Â °ÍÀÌ°ÚÁÒ.
µû¶ó¼ µµ¸ÞÀαâ¹Ý virtual host¼³Á¤°ú´Â ´Ù¸£°Ô ¾î¶² µµ¸ÞÀÎÀ¸·Î µé¾î¿Àµç ù ¼³Á¤¿¡
µû¶ó °áÁ¤ÀÌ µÇ´Â°Ì´Ï´Ù.
layer´Â http://coffeenix.net/doc/network/ssl_fig3.gif ¿¡¼ º¼ ¼ö ÀÖ°í,
ÀÌÀ¯´Â http://www.modssl.org/docs/2.8/ssl_faq.html ¿¡¼ º¼ ¼ö
ÀÖ½À´Ï´Ù.
Why can't I use SSL with name-based/non-IP-based virtual hosts? [L]
The reason is very technical. Actually it's some sort of a chicken and egg problem:
The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP.
When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the
SSL protocol parameters with the client. For this mod_ssl has to consult the
configuration of the virtual server (for instance it has to look for the cipher
suite, the server certificate, etc.). But in order to dispatch to the correct
virtual server Apache has to know the Host HTTP header field. For this the HTTP
request header has to be read. This cannot be done before the SSL handshake is
finished. But the information is already needed at the SSL handshake phase. Bingo!
±×¸®°í, VeriSignÀÇ °æ¿ì globalÇÑ °ÍÀ̳Ŀ¡ µû¶ó °¡°Ý°ú ¾ÏÈ£È ¼öÁØÀÌ ´Þ¶óÁý´Ï´Ù.
|
¿À´ÃÀº ´ë¼³ÀÔ´Ï´Ù.sun's longitude:254 18 07
/board/read.php:¼Ò½ºº¸±â
