1. KeyStore 가져오기

※ CSR 생성을 이지N비즈에서 진행하신 고객님께서는 2번부터 진행하시기 바랍니다.

[root@mail ssl]# ls

root.cer www.eznbiz.com.cer www.eznbiz.com.csr www.eznbiz.com.key

[root@mail ssl]# keytool -import -alias root -keystore www.eznbiz.com.key -trustcacerts -file root.cer

keystore 암호를 입력하십시오:

 

설명: 별칭(Alias) root에 ROOT(CA)인증서 추가

 

[root@mail ssl]# keytool -import -alias tomcat -keystore www.eznbiz.com.key -trustcacerts -file www.eznbiz.com.cer

keystore 암호를 입력하십시오:

인증서 회신이 keystore에 설치 되었습니다.

 

설명: 별칭(Alias) eznbiz에 인증서 회신

 

[root@mail ssl]# keytool -list -keystore www.eznbiz.com.key

keystore 암호를 입력하십시오:

 

Keystore 유형: JKS

Keystore 공급자: SUN

 

Keystore에는 2 항목이 포함되어 있습니다.

 

root, 2011. 2. 18, trustedCertEntry,

인증서 지문(MD5): C0:D7:AF:89:C9:CA:75:2F:F2:12:E9:60:E7:67:3D:E1

tomcat, 2011. 2. 18, PrivateKeyEntry,

인증서 지문(MD5): F8:53:D6:B3:1B:D6:6A:F0:17:8F:BC:9E:AC:02:86:F8

[root@mail ssl]#

 

설명: 인증서 확인

2. SSL 환경 설정

1) Jrun.xml 파일 수정

< !-- ================================================================== -->

< !-- This is the built-in JRun Web Server -->

< !-- ================================================================== -->

< service class="jrun.servlet.http.WebService" name="WebService">

  < attribute name="activeHandlerThreads">25< /attribute>

  < attribute name="backlog">500< /attribute>

  < attribute name="interface">*< /attribute>

  < attribute name="keepAlive">false< /attribute>

  < attribute name="maxHandlerThreads">1000< /attribute>

  < attribute name="minHandlerThreads">1< /attribute>

  < attribute name="port">8100< /attribute>

  < attribute name="threadWaitTimeout">20< /attribute>

  < attribute name="timeout">300< /attribute>

< /service>

 

< !-- Uncomment this service to use SSL with the JRun Web Server

Note that you MUST create your own keystore before using this service

-->

 

< service class="jrun.servlet.http.SSLService" name="SSLService">

< attribute name="port">443< /attribute>

* 설명: SSL 통신 포트

< attribute name="keyStore">{jrun.rootdir}/lib/www.eznbiz.com.jks< /attribute>

* 설명: 인증서(KeyStore) 경로

< attribute name="keyStorePassword">eznbiz1234< /attribute>

* 설명: KeyStore 패스워드

< attribute name="trustStore">{jrun.rootdir}/lib/trustStore< /attribute>

< attribute name="socketFactoryName">jrun.servlet.http.JRunSSLServerSocketFactory< /attribute>

< attribute name="deactivated">false< /attribute> < attribute name="bindAddress">*< /attribute>

< attribute name="interface">*< /attribute> < attribute name="clientAuth">false< /attribute>

* 설명: 구문이 없을 시 추가

< /service>

 

< !-- ========================================================================= -->

< !-- This service is for communicating with a native (IIS, Apache, Netscape) -->

< !-- web server. -->

< !-- To run this service in a secure mode via SSL, set the keyStore, -->

< !-- keyStorePassWord, trustStore and socketFactoryName attributes. -->

< !-- ========================================================================= -->

< service class="jrun.servlet.jrpp.JRunProxyService" name="ProxyService">

  < attribute name="activeHandlerThreads">25< /attribute>

  < attribute name="backlog">500< /attribute>

  < attribute name="deactivated">true< /attribute>

  < attribute name="interface">*< /attribute>

  < attribute name="maxHandlerThreads">1000< /attribute>

  < attribute name="minHandlerThreads">1< /attribute>

  < attribute name="port">51000< /attribute>

  < attribute name="threadWaitTimeout">20< /attribute>

  < attribute name="timeout">300< /attribute>

< !--

  < attribute name="keyStore">{jrun.rootdir}/lib/keystore< /attribute>

  < attribute name="keyStorePassword">changeit< /attribute>

  < attribute name="trustStore">{jrun.rootdir}/lib/trustStore< /attribute>

  < attribute name="socketFactoryName">jrun.servlet.jrpp.JRunProxySSLServerSocketFactory< /attribute>

-->

< /service>

3. Jrun 재기동​