INNOCERT-The first touch for safety

	Apache 占쏙옙 SSL占쏙옙 占쏙옙치占싹깍옙 占쏙옙占쌔쇽옙占쏙옙 mod_ssl 占쏙옙占쏙옙占� 占쏙옙치占실억옙 占쌍억옙占� 占쌌니댐옙.
	Apache 占쏙옙占쏙옙占쏙옙占쏙옙 占싸곤옙占쏙옙 占쏙옙占쏙옙占쏙옙占� 占쏙옙茱냐∽옙占� 占쏙옙占쏙옙占싹곤옙 占쌍쏙옙占싹댐옙. 占쏙옙占쏙옙占쏙옙 占쏙옙占쏙옙占쏙옙 占쏙옙占쏙옙占쏙옙占� 占실억옙 占쌍곤옙 mod_ssl 占쏙옙 占쏙옙치占실억옙 占쏙옙占쏙옙 占쏙옙占쏙옙 占쏙옙占� 占쏙옙占쏙옙치 占썹설치占쏙옙 占썰구 占싯니댐옙. 占쏙옙占� 占쏙옙치 占쏙옙占싸댐옙 占싣뤄옙占쏙옙 占쏙옙占쏙옙 확占쏙옙占싹시몌옙 占실십니댐옙.
	<占쏙옙占쏙옙占쏙옙占쏙옙 占쏙옙치占쏙옙 mod_ssl 占쏙옙占� 확占쏙옙 占쏙옙>

	<占쏙옙占쏙옙占쏙옙占쏙옙 占쏙옙치占쏙옙 mod_ssl 占쏙옙占� 확占쏙옙 占쏙옙> 占쏙옙占쏙옙 占쏙옙占� 占쌩울옙 mod_so.c 占쏙옙 확占쏙옙 占쏙옙 mod_ssl.so 占쏙옙占쏙옙占쏙옙 占쏙옙占쏙옙占싹댐옙占쏙옙 占쌥듸옙占� 占쌉뀐옙 확占쏙옙占싹셔억옙 占쌌니댐옙. 占쏙옙占쏙옙치 占쏙옙치 占쏙옙占썰리 占쌔울옙 module 혹占쏙옙 libexec 占쏙옙占썰리占싫울옙 mod_ssl.so 占쏙옙 占쏙옙占쏙옙 占쏙옙占싸몌옙 확占쏙옙占싹십시울옙.

	占쏙옙치 환占쏙옙 占쏙옙占쏙옙 OS : CentOS 5.4 Web Server : Apache 2.2.16

[STEP#1] 占쏙옙占쏙옙키 占쏙옙占쏙옙占싹깍옙

Apache 占쏙옙占쏙옙占쏙옙占쏙옙 OpenSSL 占쏙옙 占쏙옙占쏙옙 RSA키(占쏙옙占쏙옙키)占쏙옙 占쏙옙占쏙옙占쌌니댐옙. 占쏙옙占쏙옙키占쏙옙 占쏙옙占쏙옙占실면서 占싻쏙옙占쏙옙占썲를 占쏙옙占승듸옙 占쏙옙 占싻쏙옙占쏙옙占쏙옙占�
占쏙옙占쏙옙치 占쏙옙占쏙옙占쏙옙 占쌉뤄옙占쌔억옙 占실깍옙 占쏙옙占쏙옙占쏙옙 占쌥듸옙占� 占쌔억옙 占쏙옙占쏙옙占쏙옙 占십듸옙占쏙옙 占쏙옙占쏙옙占쏙옙 占쌍십시울옙.
RSA 키 占쏙옙占쏙옙占쏙옙占� 1024 bit占쏙옙 2048 bit占쏙옙 占쌍는듸옙, 2048 bit占쏙옙 占쏙옙占쏙옙占쏙옙 占썲립占싹댐옙.

[root@localhost httpd]# openssl sha1 * > rand.dat

[root@localhost httpd]# openssl genrsa -rand rand.dat -des3 2048 > [占쏙옙占쏙옙키占쏙옙] # 占쏙옙占쏙옙키 占쏙옙占쏙옙 #
(占쏙옙占쏙옙占쏙옙)# openssl genrsa -rand rand.dat -des3 2048 > www.innocert.co.kr.key

Generating RSA private key, 2048 bit long modulus
...................++++++
......++++++
e is 65537 (0x10001)
Enter pass phrase: [占싻쏙옙占쏙옙占쏙옙占쌉뤄옙]
Verifying - Enter pass phrase: [占싻쏙옙占쏙옙占쏙옙占쌉뤄옙]

占쏙옙 占쏙옙占쏙옙: 占쌔댐옙 占싻쏙옙占쏙옙占쏙옙占� 占쏙옙占쏙옙치 占쏙옙占쏙옙 占쏙옙占쏙옙占쏙옙 占썰구占싹댐옙 占싻쏙옙占쏙옙占쏙옙占싱므뤄옙 占쌥듸옙占� 占쏙옙占쏙옙絿駕첼占�.

	Window 占쏙옙 Apache 占쏙옙 占쏙옙占�, 2.2.9 占쏙옙占쏙옙 占쏙옙占쏙옙占쏙옙 mod_ssl 占쏙옙 占쏙옙占쏙옙占� 占쏙옙占쏙옙占쏙옙 SSL占쏙옙 占쏙옙치 占쏙옙占쏙옙占쌌니댐옙.

	占쏙옙치 환占쏙옙 占쏙옙占쏙옙 Windows 2003 Server Apache 2.2.14-openssl-0.9.8 占쏙옙占쏙옙 ( 占쏙옙치占쏙옙占� : C:\Apache2.2 )

[root@localhost httpd]# openssl genrsa -out [占쏙옙占쏙옙키占쏙옙] 2048 # 占쏙옙占쏙옙키 占쏙옙占쏙옙 #
(占쏙옙占쏙옙占쏙옙)# openssl genrsa -out www.innocert.co.kr.key 2048

Generating RSA private key, 2048 bit long modulus
...................++++++
......++++++
e is 65537 (0x10001)

[STEP#2] 占쏙옙占쏙옙키占쏙옙 占싱울옙占싹울옙 CSR 占쏙옙占쏙옙占싹깍옙

< CSR 占쌓몌옙 占쏙옙占쏙옙 占싸울옙 占쏙옙占쏙옙 >
Country Name : 占싱곤옙占쏙옙 占쏙옙 占쌘뤄옙 占쏙옙 ISO 占쏙옙占쏙옙占쏙옙 占쏙옙占쏙옙 占쌘듸옙占쌉니댐옙. (ex. KR)
State or Province Name : 占쏙옙 占싱몌옙占쏙옙 占쌉뤄옙占쌔억옙 占싹몌옙 占쏙옙低� 占쏙옙占쏙옙占� 占쏙옙 占쏙옙占쏙옙占싹댐옙.(ex. Seoul)
Locality Name : 占쏙옙 占십듸옙占� 占쏙옙/占쏙옙占쏙옙 占쌉뤄옙占싹시몌옙 占싯니댐옙. (ex. Gangnamgu)
Organization : 占쏙옙占쏙옙占� 占쏙옙占쏙옙占쏙옙占� 占쌍댐옙 회占쏙옙占쏙옙占� 占쏙옙치占실댐옙 占쏙옙占쏙옙회占쏙옙占쏙옙占� 占쌉뤄옙占싹시몌옙 占싯니댐옙. (ex. KOINOS Co.,Ltd.)
Organization Unit : 占쏙옙占쏙옙占쏙옙占쏙옙 占쏙옙占쏙옙占싹댐옙 占싸쇽옙占쏙옙占쏙옙 占쌉뤄옙占싹시몌옙 占싯니댐옙. (ex. CERT Team)
Common Name : 占쏙옙占쏙옙占쏙옙占쏙옙 占쏙옙占쏙옙占쏙옙占쌍소몌옙 占쌉뤄옙占싹시몌옙 占싯니댐옙. (ex. www.innocert.co.kr)

[root@localhost httpd]# openssl req -new -key [占쏙옙占쏙옙키] -out [CSR占쏙옙占싹몌옙]  # CSR 占쏙옙占쏙옙 #
(占쏙옙占쏙옙占쏙옙)openssl req -new -key www.innocert.co.kr.key -out www.innocert.co.kr.csr

Enter pass phrase for www.innocert.co.kr.key: [占싻쏙옙占쏙옙占쏙옙占쌉뤄옙]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: KR  # 占쏙옙占쏙옙 占쌘듸옙 #
State or Province Name (full name) [Berkshire]: Seoul   # 占쏙옙占쏙옙 #
Locality Name (eg, city) [Newbury]: Yeoksamdong   # 占쏙옙占쏙옙 #
Organization Name (eg, company) [My Company Ltd]: KOINOS Co.,Ltd.   # 占쏙옙체占쏙옙 #
Organizational Unit Name (eg, section) []: CERT TEAM   # 占싸쇽옙 #
Common Name (eg, your name or your server's hostname) []: www.innocert.co.kr   # 占쏙옙占쏙옙占쏙옙 #
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [Enter]
An optional company name []: [Enter]

占쏙옙占쏙옙 占쏙옙占쏙옙 占쏙옙占쏙옙 占쏙옙 CSR占쏙옙 占싱노서트 占싱몌옙占쏙옙([email protected])占쏙옙 占쏙옙占쏙옙 占쏙옙 占쌍시몌옙 占싯니댐옙.

[root@localhost httpd]# openssl req -new -key [占쏙옙占쏙옙키] -out [CSR占쏙옙占싹몌옙] -config C:\Apache2.2\conf\openssl.cnf  # CSR 占쏙옙占쏙옙 #
(占쏙옙占쏙옙占쏙옙)openssl req -new -key www.innocert.co.kr.key -out www.innocert.co.kr.csr -config C:\Apache2.2\conf\openssl.cnf

Country Name (2 letter code) [GB]: KR  # 占쏙옙占쏙옙 占쌘듸옙 #
State or Province Name (full name) [Berkshire]: Seoul   # 占쏙옙占쏙옙 #
Locality Name (eg, city) [Newbury]: Yeoksamdong   # 占쏙옙占쏙옙 #
Organization Name (eg, company) [My Company Ltd]: KOINOS Co.,Ltd.   # 占쏙옙체占쏙옙 #
Organizational Unit Name (eg, section) []: CERT TEAM   # 占싸쇽옙 #
Common Name (eg, your name or your server's hostname) []: www.innocert.co.kr   # 占쏙옙占쏙옙占쏙옙 #
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [Enter]
An optional company name []: [Enter]

占쏙옙占쏙옙 占쏙옙占쏙옙 占쏙옙占쏙옙 占쏙옙 CSR占쏙옙 占싱노서트 占싱몌옙占쏙옙([email protected])占쏙옙 占쏙옙占쏙옙 占쏙옙 占쌍시몌옙 占싯니댐옙.