- 인증서 패스워드 입력(3번 입력해야함) , 평소 인증서 패스워드 깨는 작업은 필요없다.
openssl pkcs12 -export -in ssl.crt -inkey ssl.key -certfile chain_all_ssl.crt -out ssl3.p12 -name tomcat
 
- server.xml에 추가
<Connector port="443"
   maxThreads="2000"
      scheme="https" secure="true" SSLEnabled="true"
      ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,T
LS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_
SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_
RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
         keystoreFile="/usr/local/apache-tomcat-7.0.50/conf/ssl/ssl3.p12" keystorePass="sm5550!@" keystoreType="pkcs12" clientAuth="false"
sslProtocol="TLS"
         />
ㄴ 이 문구는 맨 끝에 들어갈것이 아니라
<Service name="Catalina">
          <Connector port="80" protocol="HTTP/1.1"               connectionTimeout="20000"               redirectPort="8443" />
 
<Connector port="443"
   maxThreads="2000"
      scheme="https" secure="true" SSLEnabled="true"
      ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,T
LS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_
SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_
RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
         keystoreFile="/home/tomcat/ssl/ssl3.p12" keystorePass="simyongsup!" keystoreType="pkcs12" clientAuth="false"
sslProtocol="TLS" />
 
      <Engine name="Catalina" defaultHost="localhost">
 
이렇게 이 사이에 들어가야 정상 적용된다.
 

 

'On-premise > Tomcat' 카테고리의 다른 글

Tomcat SNI 기능  (0) 2023.11.06
Tomcat 설정시 도메인명, DocumentRoot 경로 설정 하는 방법  (0) 2023.11.06
톰캣(tomcat) 구동 방법  (0) 2023.11.06
apache + tomcat 설치  (0) 2023.11.06
openjdk + tomcat 설치  (0) 2023.11.06
Nginx 인증서
1) nginx  인증서 합치기
[root@buy-1151 /home/nginx5/ssl_202101255]# cp ssl.crt ssl.crt_bak
[root@buy-1151 /home/nginx5/ssl_202101255]# cp chain_all_ssl.crt chain_all_ssl.crt_bak
[root@buy-1151 /home/nginx5/ssl_202101255]# cp chain_ssl.crt chain_ssl.crt_bak
ssl.crt + chain_all_ssl.crt + chain_ssl.crt
 
ㄴ 텍스트 파일로 복사하여 합치기 완료

 

OR

1) key 파일 패스워드 제거
openssl rsa -in ssl.key -out ssl_nopass.key
mv ssl.key ssl_pass.key; mv ssl_nopass.key ssl.key
 
2) ssl.crt 파일에 chain 파일 2개 합치기
cat chain_all_ssl.crt >> ssl.crt
cat chain_ssl.crt >> ssl.crt
 
3) nginx 설정
server {
 
        listen 443 ssl;
            ssl on;
                        ssl_certificate /etc/nginx/ssl/ssl.pem;
                        ssl_certificate_key /etc/nginx/ssl/newkey.key;
 
                client_max_body_size 50M;
 
        server_name www.concen24.com concen24.com;
        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-Nginx-Proxy true;
                proxy_set_header Connection "";
                proxy_pass http://nodejs_ssl;
        }
 
}
 

 

'On-premise > Nginx' 카테고리의 다른 글

Centos 7.9 + Nginx 1.23.0 + MariaDB 10.3.36 + Tomcat 8.5.29.0 + Java 1.8.0  (0) 2023.11.06
NginX 1.9.9 + MriaDB 10.1.25 + PHP 7.1.8  (0) 2023.11.06
CentOS 7.3 + NginX 1.9.9 + MriaDB 10.1.25 + PHP 7.1.8  (0) 2023.11.06
Nginx  (0) 2023.11.06
Centos 7.7 + Nginx 1.20.1 + MariaDB 10.6.5 + PHP 8.0.12  (0) 2023.11.05

+ Recent posts

티스토리툴바