HTTPS SHA256 설정 관련

1.1. openssl 1.1.0c 업데이트
# wget http://www.openssl.org/source/openssl-1.1.0c.tar.gz
# tar -zxf openssl-1.1.0c.tar.gz
# cd openssl-1.1.0c
# ./config --prefix=/usr --openssldir=/usr/local/openssl shared
# make
# make install

# openssl version

è 만약 gcc가 설치되지 않았다면 # yum install gcc

1.2.  키 생성
# keytool -genkey -alias KeystoreAlias -keysize 2048 -keyalg RSA -keystore mykeystore -dname "CN=lguplus.co.kr, OU=lguplus, O=LGUPLUS, L=seoul, ST=seoul, C=kr"
키 저장소 비밀번호 입력: 
새 비밀번호 다시 입력:
에 대한 키 비밀번호를 입력하십시오.
      (키 저장소 비밀번호와 동일한 경우 Enter 키를 누름):

# openssl req -nodes -sha256 -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=kr/ST=seoul/L=seoul/O=LGUPLUS/OU=lguplus/CN=lguplus.co.kr"

# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt -sha256
Signature ok
subject=/C=kr/ST=seoul/L=seoul/O=LGUPLUS/OU=lguplus/CN=lguplus.co.kr
Getting Private key

# openssl pkcs12 -export -in server.crt -inkey server.key -out mykeystore
Enter Export Password:
Verifying - Enter Export Password:

mykeystore 파일을 톰캣 conf 경로에 복사

1.3. Tomcat 설정

[server.xml]
                        maxThreads="150" scheme="https" secure="true"
                clientAuth="false" SSLEnabled="true" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2"
                  ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
                keystoreFile="${catalina.home}/conf/mykeystore"
                keystoreType="JKS" keystorePass="키스토어패스워드" />