개발및운영 SSL 접속테스트 Console 을통한 SSL 접속테스트 2014. 06. 27
SSL 접속테스트 본문서에서 WebtoB 가설치된디렉토리는 [WEBTOBDIR] 로표기하겠습니다.. 윈도우계열과리눅스 / 유닉스계열모두명령은동일하므로윈도우를기준으로설명하도록하겠습니다. 1. WebtoB 설정 1.1 Test 용인증서생성 SSL 접속테스트를위해 WebtoB 에서 Test 용인증서를생성합니다. CA 명령어를사용하여 Test 용인증서를생성합니다. D:\tmax\webtob\ssl> CA -newcert D:\tmax\webtob\ssl> wbssl req -config D:\tmax\webtob\ssl\wbssl.cnf -new -x509 -keyout newcert.pem -out newcert.pem -days 365 Loading 'screen' into random state - done Generating a 1024 bit RSA private key...++++++.++++++ writing new private key to 'newcert.pem' Enter PEM pass phrase: test 인증서암호입력 Verifying - Enter PEM pass phrase: test 인증서암호확인 -- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -- Country Name (2 letter code) [KR]:KR State or Province Name (full name) []: Locality Name (eg, city) []:seoul Organization Name (eg, company) [Tmax Ltd]:Tmax Organizational Unit Name (eg, section) []:Tmax Common Name (eg, YOUR name) []: Email Address []: Certificate is in newcert.pem D:\tmax\webtob\ssl> dir D 드라이브의볼륨 : DATA 볼륨일련번호 : 92F3-7EC7 D:\tmax\webtob\ssl 디렉터리 2012-11-28 오후 04:29 <DIR>. 2012-11-28 오후 04:29 <DIR>.. 2012-12-10 오후 02:20 1,024.rnd 2012-12-10 오후 02:20 1,993 newcert.pem 2 개파일 3,017 바이트 2 개디렉터리 84,423,643,136 바이트남음 D:\tmax\webtob\ssl> [WEBTOBDIR]/ssl 하위에 newcert.pem 파일이생성된것을확인할수있습니다. 2
1.2 WebtoB 환경파일설정 ssl 테스트를위한환경파일을설정합니다. 환경파일위치 : [WEBTOBDIR]/http.m *DOMAIN webtob1 *NODE testhost *VHOST vhost1 WEBTOBDIR="D:/tmax/webtob", SHMKEY = 54000, DOCROOT="D:/tmax/webtob/docs", PORT = "8080", HTH = 1, NODENAME = "$(NODENAME)", ERRORDOCUMENT = "503", #JSVPORT = 9900, LOGGING = "log1", ERRORLOG = "log2", SYSLOG = "log3" DOCROOT="D:/tmax/webtob/docs", HOSTNAME = "***.***.**.***", PORT = "443", SSLFLAG = Y, SSLNAME = "ssl1" 서버 /PC 의 IP or hostname 을설정 *SSL ssl1 CertificateFile = "D:/tmax/webtob/ssl/newcert.pem", CertificateKeyFile = "D:/tmax/webtob/ssl/newcert.pem" *SVRGROUP htmlg cgig ssig SVRTYPE = HTML SVRTYPE = CGI SVRTYPE = SSI *SERVER html SVGNAME = htmlg, MinProc = 2, MaxProc = 10, ASQCount = 100 cgi SVGNAME = cgig, MinProc = 2, MaxProc = 10, ASQCount = 100 ssi SVGNAME = ssig, MinProc = 2, MaxProc = 10, ASQCount = 100 *URI uri1 Uri = "/", Svrtype = HTML, VhostName = vhost1 *ALIAS alias1 URI = "/cgi-bin/", RealPath = "D:/tmax/webtob/cgi-bin/" *LOGGING log1 Format = "DEFAULT", FileName = "D:/tmax/webtob/log/access.log_%M%%D%%Y%", Option = "sync" log2 Format = "ERROR", FileName = "D:/tmax/webtob/log/error.log_%M%%D%%Y%", Option = "sync" log3 Format = "SYSLOG", FileName = "D:/tmax/webtob/log/system_%M%%D%%Y%.log", Option = "sync" *LOGLEVEL.hth LEVEL="DEBUG" 3
*ERRORDOCUMENT 503 status = 503, url = "/503.html" *EXT htm MimeType = "text/html", SvrType = HTML 빨간색으로표시된부분을추가하고파란색부분을수정합니다. 주의 : 윈도우의경우디렉토리구분자를 \ 대신 / 를사용해야합니다. 리눅스 / 유닉스계열의경우 1024 이하의포트를설정하게되면기동시 root 권한이필요합니다. 환경파일설정이완료되면 WebtoB 를기동하고설정한포트가정상 LISTEN 중인지를확인합니다. D:\tmax\webtob\config> wsboot Booting WebtoB on node (testhost) Welcome to WebtoB demo system. It will expire on 2013/01/23 Today is 2012/12/10 Starting WSM at 12/10/12 14:49:34 Starting HTL at 12/10/12 14:49:34 Starting HTH at 12/10/12 14:49:34 Current WebtoB Configuration: Number of client handlers (HTH) = 1 Supported maximum user per node = 1999 Supported maximum user per handler = 1999 Some of your private key files are encrypted for security reasons. In order to read them you have to enter the pass phrases. Server 192.168.10.100:443 (RSA) Enter pass phrase: test 인증서생성시암호입력 Starting SVR(D:/tmax/webtob/bin/htmls.exe) at 12/10/12 14:49:36 Starting SVR(D:/tmax/webtob/bin/htmls.exe) at 12/10/12 14:49:36 Starting SVR(D:/tmax/webtob/bin/cgis.exe) at 12/10/12 14:49:36 Starting SVR(D:/tmax/webtob/bin/cgis.exe) at 12/10/12 14:49:36 Starting SVR(D:/tmax/webtob/bin/ssis.exe) at 12/10/12 14:49:36 Starting SVR(D:/tmax/webtob/bin/ssis.exe) at 12/10/12 14:49:36 License expires on 2013/01/23 (44 days remaining) D:\tmax\webtob\config> netstat -an find "443" TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 2. 접속테스트 2.1 wbssl 을이용한접속테스트 [WEBTOBDIR]/ssl 디렉토리하위의 wbssl 을이용하여접속테스트를수행할수있습니다. D:\tmax\webtob\ssl> wbssl s_client -connect ***.***.**.***:443 Loading 'screen' into random state - done CONNECTED(000000D4) depth=0 C = KR, L = seoul, O = Tmax, OU = Tmax verify error:num=18:self signed certificate verify return:1 4
depth=0 C = KR, L = seoul, O = Tmax, OU = Tmax verify return:1 Certificate chain 0 s:/c=kr/l=seoul/o=tmax/ou=tmax i:/c=kr/l=seoul/o=tmax/ou=tmax Server certificate --BEGIN CERTIFICATE-- MIICkjCCAfugAwIBAgIJAKXi2ytqRfHxMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV BAYTAktSMQ4wDAYDVQQHEwVzZW91bDENMAsGA1UEChMEVG1heDENMAsGA1UECxME VG1heDAeFw0xMjEyMTAwNTIwNTZaFw0xMzEyMTAwNTIwNTZaMDsxCzAJBgNVBAYT AktSMQ4wDAYDVQQHEwVzZW91bDENMAsGA1UEChMEVG1heDENMAsGA1UECxMEVG1h edcbnzanbgkqhkig9w0baqefaaobjqawgykcgyeapgvx0598cjzr13hlxswg4jtc M7SDcL1c7eNUBpiRGjrw2nEOthEmGRezYyEHHI2J25xp758YDsLf2WJAjp3dWzTL 1zk3jnE7C6sEEGNVx6+OxgwK5DOXME2w9t4N7b6q+bOOKovJvay2JViG424eLmeh CHqHeKPO38pvAOsKka8CAwEAAaOBnTCBmjAdBgNVHQ4EFgQU+gSEoxwHO1ojvyOW QzXvrBIU558wawYDVR0jBGQwYoAU+gSEoxwHO1ojvyOWQzXvrBIU55+hP6Q9MDsx CzAJBgNVBAYTAktSMQ4wDAYDVQQHEwVzZW91bDENMAsGA1UEChMEVG1heDENMAsG A1UECxMEVG1heIIJAKXi2ytqRfHxMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF BQADgYEAforM3vG2/SE/agtbs9M6H30YwV0Eb8ju7fjKEpzepq6ymQWA3OwFMBP1 svpvwx8ovguhaxhpujeoi5sf+sjetzrctuqtc6o+aadilodsh9yzkrg8zzhlbzrk +FI+TO3uImQz82qoYR0Pq+mLzKTp1lYwHf8w3qFoquUoErihTAY= --END CERTIFICATE-- subject=/c=kr/l=seoul/o=tmax/ou=tmax issuer=/c=kr/l=seoul/o=tmax/ou=tmax No client certificate CA names sent SSL handshake has read 962 bytes and written 392 bytes New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: EA16DAA898AB63852ECEBDAE203ACE46F5192E650048D287E9F32F05C8EAB207 Session-ID-ctx: Master-Key: 2E323D6247C76EEE5437D96989981B7E7466D9C07204D62CCD0BBDCC0EF84358F8A50E70A7EA2135B12C6 420B8170653 Key-Arg : None PSK identity: None PSK identity hint: None TLS session ticket: 0000-8c 4f cf b7 ea 20 8a 80-10 09 e9 87 dc 26 9c 91.O......&.. 0010-29 32 60 4a 7b 78 e0 fc-9b eb 54 80 c8 49 d8 64 )2`J{x...T..I.d 0020-6a ee 2e c1 eb 26 c2 73-a8 b0 8d 56 f3 91 ce e5 j...&.s...v... 0030-3a 15 43 17 36 51 6d 64-ba 12 da 99 8b 74 ec 14 :.C.6Qmd...t.. 0040-07 d0 34 62 a3 8d 2b 4f-95 52 b3 65 95 ef 9a 85..4b..+O.R.e... 0050 - bb 42 ac ac 5d 7e 00 57-23 09 80 b5 70 3a 3d 0c.B..]~.W#...p:=. 0060 - d9 33 b4 ab fe d9 0f 8d-be 9c 8e 31 4e 06 52 0b.3...1N.R. 0070-66 7b d1 c9 d3 ef 76 f9-94 5b c6 38 c6 d9 79 b1 f{...v..[.8..y. 0080-94 04 fc 3e 03 7f 67 1f-62 85 8f be 32 16 96 d1...>..g.b...2... 0090-34 ff 08 a5 74 03 0f 0f-27 87 fe 2b f9 28 01 70 4...t...'..+.(.p Start Time: 1355121004 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) 5
GET / HTTP/1.1 Host: ***.***.**.*** HTTP/1.1 200 OK Date: Mon, 10 Dec 2012 06:30:17 GMT ETag: "0-2b5-50b5bea4" Last-Modified: Wed, 28 Nov 2012 07:35:00 GMT Accept-Ranges: bytes Content-Length: 693 Content-Type: text/html <HTML> <HEAD> <TITLE>Test Page for WebtoB Installation on Web Site</TITLE> </HEAD> <!-- Background white, links blue (unvisited), navy (visited), red (active) --> <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080" ALINK="#FF0000" > <BR><BR> <H1 ALIGN="CENTER"> WebtoB Web Server is successfully <BR> Installed on this Web Site! </H1> <P ALIGN="CENTER"> If you can see this page, then the people who own this domain have <BR> just installed the <A HREF="http://www.tmaxsoft.com">WebtoB Web server</a> software successfully. </P> <DIV ALIGN="CENTER"> <A HREF="http://www.tmaxsoft.com"><IMG SRC="top2-1.gif" BORDER=0></A> </DIV> </BODY> </HTML> 파란색부분과같이입력하여 SSL 접속테스트를수행할수있습니다. 일반적인포트의경우 telnet ip port 로확인하는데 SSL 포트인경우위와같은방법을통해서 SSL Handshake 를하 고접속테스트를수행할수있습니다. 6
Copyright 2014 TmaxSoft Co., Ltd. All Rights Reserved. Trademarks Tmax, WebtoB, WebT, JEUS, ProFrame, SysMaster and OpenFrame are registered trademarks of TmaxSoft Co., Ltd. Other products, titles or services may be registered trademarks of their respective companies. Contact Information TmaxSoft can be contacted at the following addresses to arrange for a consulting team to visit your company and discuss your options. Korea TmaxSoft Co., Ltd 5, Hwangsaeul-ro 329beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do. South Korea Tel: +82-31-8018-1000 Fax: +82-31-8018-1115 Email: info@tmax.co.kr Web (Korean): http://www.tmaxsoft.com Technical Support: http://technet.tmaxsoft.com USA TmaxSoft, Inc. 560 Sylvan Avenue Englewood Cliffs, NJ 07632. U.S.A Tel: +1-201-567-8266 Fax: +1-201-567-7339 Email: info@tmaxsoft.com Web (English): http://www.tmaxsoft.com Russia Tmax Russia L.L.C. Grand Setun Plaza, No A204 Gorbunova st.2, Moscow, 121596 Tel: +7(495)970-01-35 Email: info.rus@tmaxsoft.com Web (Russian): http://ru.tmaxsoft.com Singapore Tmax Singapore Pte. Ltd. 430 Lorong 6, Toa Payoh #10-02, OrangeTee Building. Singapore 319402 Tel: +65-6259-7223 Email: info.sg@tmaxsoft.com United Kingdom TmaxSoft UK Ltd. Surrey House, Suite 221, 34 Eden Street, Kingston-Upon- Thames, KT1 1ER United Kingdom Tel: + 44-(0)20-8481-3776 Email: info.uk@tmaxsoft.com Web (English): http:/www.tmaxsoft.com Japan TmaxSoft Japan Co., Ltd. 5F Sanko Bldg, 3-12-16 Mita, Minato-Ku, Tokyo, 108-0073 Japan Tel: +81-3-5765-2550 Fax: +81-3-5765-2567 Email: info.jp@tmaxsoft.com Web (Japanese): http://www.tmaxsoft.co.jp China TmaxSoft China Co., Ltd. Beijing Silver Tower, RM 1508, 2 North Rd Dong San Huan, Chaoyang District, Beijing, China, 100027. China Tel: +86-10-6410-6145~8 Fax: +86-10-6410-6144 Email: info.cn@tmaxsoft.com Web (Chinese): http://www.tmaxsoft.com.cn Brazil TmaxSoft Brazil Avenida Copacabana, 177-3 andar 18 do Forte Empresarial, Alphaville - Barueri, Sao Paulo, SP-Brasil CEP 06472-001 Email: contato.brasil@tmaxsoft.com TN-WBTP-D0627001 7