[SSL 설치 가이드] Jrun - Single & WildCard & Multi
1. KeyStore 가져오기
※ CSR 생성을 이지N비즈에서 진행하신 고객님께서는 2번부터 진행하시기 바랍니다.
[root@mail ssl]# ls
root.cer www.eznbiz.com.cer www.eznbiz.com.csr www.eznbiz.com.key
[root@mail ssl]# keytool -import -alias root -keystore www.eznbiz.com.key -trustcacerts -file root.cer
keystore 암호를 입력하십시오:
설명: 별칭(Alias) root에 ROOT(CA)인증서 추가
[root@mail ssl]# keytool -import -alias tomcat -keystore www.eznbiz.com.key -trustcacerts -file www.eznbiz.com.cer
keystore 암호를 입력하십시오:
인증서 회신이 keystore에 설치 되었습니다.
설명: 별칭(Alias) eznbiz에 인증서 회신
[root@mail ssl]# keytool -list -keystore www.eznbiz.com.key
keystore 암호를 입력하십시오:
Keystore 유형: JKS
Keystore 공급자: SUN
Keystore에는 2 항목이 포함되어 있습니다.
root, 2011. 2. 18, trustedCertEntry,
인증서 지문(MD5): C0:D7:AF:89:C9:CA:75:2F:F2:12:E9:60:E7:67:3D:E1
tomcat, 2011. 2. 18, PrivateKeyEntry,
인증서 지문(MD5): F8:53:D6:B3:1B:D6:6A:F0:17:8F:BC:9E:AC:02:86:F8
[root@mail ssl]#
설명: 인증서 확인
2. SSL 환경 설정
1) Jrun.xml 파일 수정
< !-- ================================================================== -->
< !-- This is the built-in JRun Web Server -->
< !-- ================================================================== -->
< service class="jrun.servlet.http.WebService" name="WebService">
< attribute name="activeHandlerThreads">25< /attribute>
< attribute name="backlog">500< /attribute>
< attribute name="interface">*< /attribute>
< attribute name="keepAlive">false< /attribute>
< attribute name="maxHandlerThreads">1000< /attribute>
< attribute name="minHandlerThreads">1< /attribute>
< attribute name="port">8100< /attribute>
< attribute name="threadWaitTimeout">20< /attribute>
< attribute name="timeout">300< /attribute>
< /service>
< !-- Uncomment this service to use SSL with the JRun Web Server
Note that you MUST create your own keystore before using this service
-->
< service class="jrun.servlet.http.SSLService" name="SSLService">
< attribute name="port">443< /attribute>
* 설명: SSL 통신 포트
< attribute name="keyStore">{jrun.rootdir}/lib/www.eznbiz.com.jks< /attribute>
* 설명: 인증서(KeyStore) 경로
< attribute name="keyStorePassword">eznbiz1234< /attribute>
* 설명: KeyStore 패스워드
< attribute name="trustStore">{jrun.rootdir}/lib/trustStore< /attribute>
< attribute name="socketFactoryName">jrun.servlet.http.JRunSSLServerSocketFactory< /attribute>
< attribute name="deactivated">false< /attribute> < attribute name="bindAddress">*< /attribute>
< attribute name="interface">*< /attribute> < attribute name="clientAuth">false< /attribute>
* 설명: 구문이 없을 시 추가
< /service>
< !-- ========================================================================= -->
< !-- This service is for communicating with a native (IIS, Apache, Netscape) -->
< !-- web server. -->
< !-- To run this service in a secure mode via SSL, set the keyStore, -->
< !-- keyStorePassWord, trustStore and socketFactoryName attributes. -->
< !-- ========================================================================= -->
< service class="jrun.servlet.jrpp.JRunProxyService" name="ProxyService">
< attribute name="activeHandlerThreads">25< /attribute>
< attribute name="backlog">500< /attribute>
< attribute name="deactivated">true< /attribute>
< attribute name="interface">*< /attribute>
< attribute name="maxHandlerThreads">1000< /attribute>
< attribute name="minHandlerThreads">1< /attribute>
< attribute name="port">51000< /attribute>
< attribute name="threadWaitTimeout">20< /attribute>
< attribute name="timeout">300< /attribute>
< !--
< attribute name="keyStore">{jrun.rootdir}/lib/keystore< /attribute>
< attribute name="keyStorePassword">changeit< /attribute>
< attribute name="trustStore">{jrun.rootdir}/lib/trustStore< /attribute>
< attribute name="socketFactoryName">jrun.servlet.jrpp.JRunProxySSLServerSocketFactory< /attribute>
-->
< /service>
3. Jrun 재기동