WebToB SSL 설정

아래와 같이 CA명령으로 인증서를 생성합니다.

[/home/taeju/webtob4130/bin]# CA -newcert

Generating a 1024 bit RSA private key

......++++++

.............................................++++++

writing new private key to 'newcert.pem'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [KR]:KR

State or Province Name (full name) []:taeju

Locality Name (eg, city) []:seoul

Organization Name (eg, company) [Tmax Ltd]:tmaxsoft

Organizational Unit Name (eg, section) []:qa

Common Name (eg, YOUR name) []:taeju

Email Address []:aa@aa.com

Certificate (and private key) is in newcert.pem

위에서 묻는 것과 같이 password 및 기타 정보를 입력합니다.


http_ssl.m을 만들고 아래와 같이 파일을 작성합니다.
이때 ssl 절에 있는 파일 경로를 위에서 생성한 인증서 경로로 작성해야 합니다.

*DOMAIN

webtob1

*NODE

qpsp4   WEBTOBDIR="/home/taeju/webtob4130",

                SHMKEY = 54100,

                DOCROOT="/home/taeju/webtob4130/docs",

                PORT = "8081",

                HTH = 2,

                #Group = "nobody",

                #User = "nobody",

                NODENAME = "$(NODENAME)",

                ERRORDOCUMENT = "503",

                JSVPORT = 9900,

                LOGGING = "log1",

                ERRORLOG = "log2",

                SSLNAME = "sslName",

             SSLFLAG = Y

                #SYSLOG = "log3"

*SSL

sslName     CertificateFile = "/home/taeju/webtob4130/ssl/newcert.pem",

                CertificateKeyFile = "/home/taeju/webtob4130/ssl/newcert.pem"

*SVRGROUP

htmlg           NODENAME = "qpsp4", SVRTYPE = HTML

cgig            NODENAME = "qpsp4", SVRTYPE = CGI

ssig            NODENAME = "qpsp4", SVRTYPE = SSI

jsvg            NODENAME = "qpsp4", SVRTYPE = JSV

*SERVER

html            SVGNAME = htmlg, MinProc = 2, MaxProc = 10, ASQCount = 100

cgi             SVGNAME = cgig, MinProc = 2, MaxProc = 10, ASQCount = 100

ssi             SVGNAME = ssig, MinProc = 2, MaxProc = 10, ASQCount = 100

MyGroup        SVGNAME  = jsvg,  MinProc = 45,  MaxProc = 60

*URI

uri1            Uri = "/cgi-bin/",   Svrtype = CGI

uri2        Uri      = "/examples", Svrtype = JSV

uri3        Uri      = "/sessionTest", Svrtype = JSV

uri4        Uri      = "/exploded", Svrtype = JSV

uri5        Uri      = "/manualSample", Svrtype = JSV

*ALIAS

alias1          URI = "/cgi-bin/", RealPath = "/home/taeju/webtob4130/cgi-bin/"

*LOGGING

log1            Format = "DEFAULT", FileName = "/home/taeju/webtob4130/log/access.log_%M%%D%%Y%",

                        Option = "sync"

log2            Format = "ERROR", FileName = "/home/taeju/webtob4130/log/error.log_%M%%D%%Y%",

                        Option = "sync"

#log3           Format = "SYSLOG", FileName = "/home/taeju/webtob4130/log/system.log_%M%%D%%Y%",

#                       Option = "sync"

*ERRORDOCUMENT

503                     status = 503,

                        url = "/503.html"

*EXT

htm                     MimeType = "text/html", SvrType = HTML

jsp                     MimeType = "application/jsp", SvrType = JSV

wscfl 명령으로 컴파일을 합니다.

[/home/taeju/webtob4130/config]# wscfl -i http_ssl.m -o sslconfig

CFL0029: SysLog is not defined in NODE. WebtoB will use the default syslog file (log/system_%Y%%M%%D%.log). Please set SysLog if this is not what you want.

CFL0367: Configuration uses SSL/TLS. When booting WebtoB, the user may need to type password if certificates and/or private keys are encrypted. The user may use PassPhraseDialog to avoid manually typing password. 

Current configuration:

        Number of client handler(HTH) = 2

        Supported maximum user per node = 16164

        Supported maximum user per handler = 8082

Successfully created the configuration file (/home/taeju/webtob4130/config/sslconfig) for node qpsp4.

The host name of the running machine is qpsp4.

wsboot 명령으로 webtob를 부팅합니다.

[/home/taeju/webtob4130/config]# wsboot -f sslconfig

Booting WebtoB on node (qpsp4)

Welcome to WebtoB demo system. It will expire on 2011/07/11

Today is 2011/05/24

Starting WSM at Tue May 24 17:41:25 2011

Starting HTL at Tue May 24 17:41:25 2011

Starting HTH at Tue May 24 17:41:25 2011

         Current WebtoB Configuration:

                Number of client handlers (HTH) = 2

                Supported maximum user per node = 16164

                Supported maximum user per handler = 8082

Some of your private key files are encrypted for security reasons.

In order to read them you have to enter the pass phrases.

Server qpsp4:8081 (RSA)

Enter pass phrase:

Bad passphrase - try again (5 more retries permitted).

Enter pass phrase:

Bad passphrase - try again (4 more retries permitted).

Enter pass phrase:

Starting HTH at Tue May 24 17:41:31 2011

Starting SVR(htmls) at Tue May 24 17:41:31 2011

Starting SVR(htmls) at Tue May 24 17:41:31 2011

Starting SVR(cgis) at Tue May 24 17:41:31 2011

Starting SVR(cgis) at Tue May 24 17:41:31 2011

Starting SVR(ssis) at Tue May 24 17:41:31 2011

Starting SVR(ssis) at Tue May 24 17:41:31 2011

License expires on 2011/07/11 (48 days remaining)

웹브라우저에서 아래와 같이 호출합니다.
https://192.168.32.204:8081/examples/session