티스토리 뷰

728x90
반응형

 포스팅에서는 SSL 접속 테스트 방법에 대해 알아보겠습니다.


본 문서에서 WebtoB가 설치된 디렉토리는 [WEBTOBDIR]로 표기 하겠습니다..

윈도우 계열과 리눅스/유닉스 계열 모두 명령은 동일하므로 윈도우를 기준으로 설명하도록 하겠습니다.

 

WebtoB 설정

a. Test용 인증서 생성

SSL접속 테스트를 위해 WebtoB에서 Test용 인증서를 생성합니다.

CA명령어를 사용하여 Test용 인증서를 생성합니다.

D:\tmax\webtob\ssl> CA -newcert

D:\tmax\webtob\ssl> wbssl req -config D:\tmax\webtob\ssl\wbssl.cnf -new -x509 -keyout newcert.pem -out newcert.pem -days 365

Loading 'screen' into random state - done

Generating a 1024 bit RSA private key

............++++++

.++++++

writing new private key to 'newcert.pem'

Enter PEM pass phrase: test  à 인증서 암호 입력

Verifying - Enter PEM pass phrase: test  à 인증서 암호 확인

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [KR]:KR

State or Province Name (full name) []:

Locality Name (eg, city) []:seoul

Organization Name (eg, company) [Tmax Ltd]:Tmax

Organizational Unit Name (eg, section) []:Tmax

Common Name (eg, YOUR name) []:

Email Address []:

Certificate is in newcert.pem

 

D:\tmax\webtob\ssl> dir

 D 드라이브의 볼륨: DATA

 볼륨 일련 번호: 92F3-7EC7

 D:\tmax\webtob\ssl 디렉터리

2012-11-28  오후 04:29    <DIR>          .

2012-11-28  오후 04:29    <DIR>          ..

2012-12-10  오후 02:20             1,024 .rnd

2012-12-10  오후 02:20             1,993 newcert.pem

               2개 파일               3,017 바이트

               2개 디렉터리  84,423,643,136 바이트 남음

D:\tmax\webtob\ssl>

[WEBTOBDIR]/ssl 하위에 newcert.pem 파일이 생성된 것을 확인할 수 있습니다.


b. WebtoB 환경파일 설정

ssl 테스트를 위한 환경파일을 설정합니다. (환경파일 위치 : [WEBTOBDIR]/http.m)

*DOMAIN

webtob1


*NODE

testhost    WEBTOBDIR="D:/tmax/webtob",

                SHMKEY = 54000,

                DOCROOT="D:/tmax/webtob/docs",

                PORT = "8080",

                HTH = 1,

                NODENAME = "$(NODENAME)",

                ERRORDOCUMENT = "503",

                #JSVPORT = 9900,

                LOGGING = "log1",

                ERRORLOG = "log2",

                SYSLOG = "log3"


*VHOST

vhost1          DOCROOT="D:/tmax/webtob/docs",

                HOSTNAME = "***.***.**.***",   à 서버/PC의 IP or hostname을 설정

                PORT = "443",

                SSLFLAG = Y,

                SSLNAME = "ssl1"

 

*SSL

ssl1            CertificateFile    = "D:/tmax/webtob/ssl/newcert.pem",

                CertificateKeyFile = "D:/tmax/webtob/ssl/newcert.pem"


*SVRGROUP

htmlg           SVRTYPE = HTML

cgig            SVRTYPE = CGI

ssig            SVRTYPE = SSI

 

*SERVER

html            SVGNAME = htmlg, MinProc = 2, MaxProc = 10, ASQCount = 100

cgi             SVGNAME = cgig, MinProc = 2, MaxProc = 10, ASQCount = 100

ssi             SVGNAME = ssig, MinProc = 2, MaxProc = 10, ASQCount = 100

 

*URI

uri1            Uri = "/",   Svrtype = HTML, VhostName = vhost1

 

*ALIAS

alias1          URI = "/cgi-bin/", RealPath = "D:/tmax/webtob/cgi-bin/"

 

*LOGGING

log1            Format = "DEFAULT", FileName = "D:/tmax/webtob/log/access.log_%M%%D%%Y%",

                        Option = "sync"

log2            Format = "ERROR", FileName = "D:/tmax/webtob/log/error.log_%M%%D%%Y%",

                        Option = "sync"

log3            Format = "SYSLOG", FileName = "D:/tmax/webtob/log/system_%M%%D%%Y%.log",

                        Option = "sync"

 

*LOGLEVEL

.hth            LEVEL="DEBUG"

 

*ERRORDOCUMENT

503                     status = 503,

                        url = "/503.html"

 

*EXT

htm             MimeType = "text/html", SvrType = HTML

주의 : 윈도우의 경우 디렉토리 구분자를 \ 대신 / 를 사용해야 합니다. 리눅스/유닉스 계열의 경우 1024 이하의 포트를 설정하게 되면 기동시 root 권한이 필요합니다.

 

환경파일 설정이 완료되면 WebtoB를 기동하고 설정한 포트가 정상 LISTEN중 인지를 확인합니다.

D:\tmax\webtob\config> wsboot

Booting WebtoB on node (testhost)

Welcome to WebtoB demo system. It will expire on 2013/01/23

Today is 2012/12/10

Starting WSM at 12/10/12 14:49:34

Starting HTL at 12/10/12 14:49:34

Starting HTH at 12/10/12 14:49:34

         Current WebtoB Configuration:

                Number of client handlers (HTH) = 1

                Supported maximum user per node = 1999

                Supported maximum user per handler = 1999

Some of your private key files are encrypted for security reasons.

In order to read them you have to enter the pass phrases.

 

Server 192.168.10.100:443 (RSA)

Enter pass phrase: test 인증서 생성시 암호 입력

Starting SVR(D:/tmax/webtob/bin/htmls.exe) at 12/10/12 14:49:36

Starting SVR(D:/tmax/webtob/bin/htmls.exe) at 12/10/12 14:49:36

Starting SVR(D:/tmax/webtob/bin/cgis.exe) at 12/10/12 14:49:36

Starting SVR(D:/tmax/webtob/bin/cgis.exe) at 12/10/12 14:49:36

Starting SVR(D:/tmax/webtob/bin/ssis.exe) at 12/10/12 14:49:36

Starting SVR(D:/tmax/webtob/bin/ssis.exe) at 12/10/12 14:49:36

 

License expires on 2013/01/23 (44 days remaining)

D:\tmax\webtob\config> netstat -an|find "443"

  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING

접속 테스트

a. wbssl을 이용한 접속 테스트

[WEBTOBDIR]/ssl 디렉토리 하위의 wbssl 을 이용하여 접속 테스트를 수행할 수 있습니다.

D:\tmax\webtob\ssl> wbssl s_client -connect ***.***.**.***:443

Loading 'screen' into random state - done

CONNECTED(000000D4)

depth=0 C = KR, L = seoul, O = Tmax, OU = Tmax

verify error:num=18:self signed certificate

verify return:1

depth=0 C = KR, L = seoul, O = Tmax, OU = Tmax

verify return:1

---

Certificate chain

 0 s:/C=KR/L=seoul/O=Tmax/OU=Tmax

   i:/C=KR/L=seoul/O=Tmax/OU=Tmax

---

Server certificate

-----BEGIN CERTIFICATE-----

MIICkjCCAfugAwIBAgIJAKXi2ytqRfHxMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV

BAYTAktSMQ4wDAYDVQQHEwVzZW91bDENMAsGA1UEChMEVG1heDENMAsGA1UECxME

VG1heDAeFw0xMjEyMTAwNTIwNTZaFw0xMzEyMTAwNTIwNTZaMDsxCzAJBgNVBAYT

AktSMQ4wDAYDVQQHEwVzZW91bDENMAsGA1UEChMEVG1heDENMAsGA1UECxMEVG1h

eDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApGVx0598cjzr13HLXSWG4JtC

M7SDcL1c7eNUBpiRGjrw2nEOthEmGRezYyEHHI2J25xp758YDsLf2WJAjp3dWzTL

1zk3jnE7C6sEEGNVx6+OxgwK5DOXME2w9t4N7b6q+bOOKovJvay2JViG424eLmeh

CHqHeKPO38pvAOsKka8CAwEAAaOBnTCBmjAdBgNVHQ4EFgQU+gSEoxwHO1ojvyOW

QzXvrBIU558wawYDVR0jBGQwYoAU+gSEoxwHO1ojvyOWQzXvrBIU55+hP6Q9MDsx

CzAJBgNVBAYTAktSMQ4wDAYDVQQHEwVzZW91bDENMAsGA1UEChMEVG1heDENMAsG

A1UECxMEVG1heIIJAKXi2ytqRfHxMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF

BQADgYEAforM3vG2/SE/agtbs9M6H30YwV0Eb8ju7fjKEpzepq6ymQWA3OwFMBP1

svPvWx8oVGUHaxhpUjEoI5sf+sJEtzrCtuqTc6o+AadIlodSh9yZKrG8ZZHlbzRk

+FI+TO3uImQz82qoYR0Pq+mLzKTp1lYwHf8w3qFoquUoErihTAY=

-----END CERTIFICATE-----

subject=/C=KR/L=seoul/O=Tmax/OU=Tmax

issuer=/C=KR/L=seoul/O=Tmax/OU=Tmax

---

No client certificate CA names sent

---

SSL handshake has read 962 bytes and written 392 bytes

---

New, TLSv1/SSLv3, Cipher is RC4-MD5

Server public key is 1024 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : RC4-MD5

    Session-ID: EA16DAA898AB63852ECEBDAE203ACE46F5192E650048D287E9F32F05C8EAB207

    Session-ID-ctx:

    Master-Key: E323D6247C76EEE5437D96989981B7E7466D9C07204D62CCD0BBDCC0EF84358F8A50E70A7EA2135B12C6420B8170653

    Key-Arg   : None

    PSK identity: None

    PSK identity hint: None

    TLS session ticket:

    0000 - 8c 4f cf b7 ea 20 8a 80-10 09 e9 87 dc 26 9c 91   .O... .......&..

    0010 - 29 32 60 4a 7b 78 e0 fc-9b eb 54 80 c8 49 d8 64   )2`J{x....T..I.d

    0020 - 6a ee 2e c1 eb 26 c2 73-a8 b0 8d 56 f3 91 ce e5   j....&.s...V....

    0030 - 3a 15 43 17 36 51 6d 64-ba 12 da 99 8b 74 ec 14   :.C.6Qmd.....t..

    0040 - 07 d0 34 62 a3 8d 2b 4f-95 52 b3 65 95 ef 9a 85   ..4b..+O.R.e....

    0050 - bb 42 ac ac 5d 7e 00 57-23 09 80 b5 70 3a 3d 0c   .B..]~.W#...p:=.

    0060 - d9 33 b4 ab fe d9 0f 8d-be 9c 8e 31 4e 06 52 0b   .3.........1N.R.

    0070 - 66 7b d1 c9 d3 ef 76 f9-94 5b c6 38 c6 d9 79 b1   f{....v..[.8..y.

    0080 - 94 04 fc 3e 03 7f 67 1f-62 85 8f be 32 16 96 d1   ...>..g.b...2...

    0090 - 34 ff 08 a5 74 03 0f 0f-27 87 fe 2b f9 28 01 70   4...t...'..+.(.p

 

    Start Time: 1355121004

    Timeout   : 300 (sec)

    Verify return code: 18 (self signed certificate)

---

GET / HTTP/1.1

Host: ***.***.**.***

 

HTTP/1.1 200 OK

Date: Mon, 10 Dec 2012 06:30:17 GMT

ETag: "0-2b5-50b5bea4"

Last-Modified: Wed, 28 Nov 2012 07:35:00 GMT

Accept-Ranges: bytes

Content-Length: 693

Content-Type: text/html

 

<HTML>

<HEAD>

        <TITLE>Test Page for WebtoB Installation on Web Site</TITLE>

</HEAD>

 

<!-- Background white, links blue (unvisited), navy (visited), red (active) -->

<BODY

  BGCOLOR="#FFFFFF"

  TEXT="#000000"

  LINK="#0000FF"

  VLINK="#000080"

  ALINK="#FF0000"

 

<BR><BR>

<H1 ALIGN="CENTER">

        WebtoB Web Server is successfully <BR> Installed on this Web Site!

</H1>

 

<P ALIGN="CENTER">

        If you can see this page, then the people who own this domain have <BR> just

        installed the <A HREF="http://www.tmaxsoft.com">WebtoB Web server</A>

        software successfully.

</P>

 

<DIV ALIGN="CENTER">

        <A HREF="http://www.tmaxsoft.com"><IMG SRC="top2-1.gif" BORDER=0></A>

</DIV>

 

</BODY>

</HTML>

파란색 부분과 같이 입력하여 SSL 접속 테스트를 수행할 수 있습니다.

 

일반적인 포트의 경우 telnet ip port 로 확인하는데 SSL포트인 경우 위와 같은 방법을 통해서 SSL Handshake를 하고 접속 테스트를 수행할 수 있습니다.

고맙습니다.

728x90
반응형