웹 인터넷 IT

1개 서버(리눅스)에 다수 도메인의 보안인증서 설치

리스페 2008. 6. 24. 03:26

# 1개의 물리적인 리눅스 서버에 다수 도메인의 도메인별 보안인증서 설치(멀티SSL아님)

<IfDefine SSL>
Listen 80
Listen 443
Listen 444
Listen 445
Listen 446
</IfDefine>

# SSL 사용하고자 하는 포트번호를 Listen해준다.

<IfDefine SSL>

##
## SSL Virtual Host Context
##
## ----------  글쓴이 : 브이디자인(http://www.vdesign.co.kr) ----------

<VirtualHost 111.111.111.111:443>
DocumentRoot "/www/aaa"
ServerName www.aaa.co.kr
ServerAlias aaa.co.kr
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/www.aaa.co.kr.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.aaa.co.kr.key
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/QuickTrustSSL_Bundle.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost 111.111.111.111:444>
DocumentRoot "/www/bbb"
ServerName www.bbb.com
ServerAlias bbb.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/www.bbb.com.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.bbb.com.key
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/bbb.ca-bundle.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost 111.111.111.111:446>
DocumentRoot "/www/ccc"
ServerName www.ccc.co.kr
ServerAlias ccc.co.kr
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/www.ccc.co.kr.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.ccc.co.kr.key
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ccc.ca-bundle.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
</VirtualHost>

</IfDefine>

# 각 포트번호 버츄얼 호스트 설정, SSL 파일 경로설정
# httpd.conf 수정 후 에러 테스트 명령 : apachectl configtest
# 아파치 서버 중지 : apachectl stop
# 아파서 서버 시작(SSL포함) : apachectl startssl
# 방화벽사용시 SSL용 포트번호 허용 점검