[Linux] SSL 인증서 생성

1. Openssl 설치

// 현재 설치 되어있은 openssl 삭제
$ apt-get --purge autoremove openssl

//openssl 재설치
$ wget https://github.com/openssl/openssl/releases/download/openssl-3.4.0/openssl-3.4.0.tar.gz --no-check-certificate

$ gzip -d openssl-3.4.0.tar.gz

$ tar -xvf openssl-3.4.0.tar

$  cd openssl-3.4.0/

$ ./config shared

$ make

$ make install 

$ vim /etc/ld.so.conf.d/openssl-3.4.0
/usr/local/openssl/lib64

$ ldconfig -v

$ ln -s /usr/local/openssl/lib64/libssl.so.3 /usr/lib/libssl.so.3

$ ln -s /usr/local/openssl/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3

$ ln -s /usr/local/openssl/bin/openssl /bin/openssl

$ mv /bin/openssl /bin/openssl_3.4.0_bak

• Error

root@ip-10-100-0-182:/lib/x86_64-linux-gnu# openssl
openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.3.0' not found (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.4.0' not found (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.2.0' not found (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.3.0' not found (required by /lib/x86_64-linux-gnu/libssl.so.3)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.4.0' not found (required by /lib/x86_64-linux-gnu/libssl.so.3)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.2.0' not found (required by /lib/x86_64-linux-gnu/libssl.so.3)

위와 같은 에러 발생 시 기존에 경로에 있는 기존 파일을 .bak으로 이름 변경 후 현재 파일 링크

예시)

root@ip-10-100-0-182:/lib/x86_64-linux-gnu# ls -al | grep libcrypto
-rw-r--r--  1 root root 10016644 Aug 20 17:05 libcrypto.a
lrwxrwxrwx  1 root root       14 Aug 20 17:05 libcrypto.so -> libcrypto.so.3
-rw-r--r--  1 root root  5305304 Aug 20 17:05 libcrypto.so.3
root@ip-10-100-0-182:/lib/x86_64-linux-gnu# vm libcrypto.so.3 libcrypt.so.3.bak
Command 'vm' not found, but can be installed with:
apt install mgetty-voice
root@ip-10-100-0-182:/lib/x86_64-linux-gnu# mv libcrypto.so.3 libcrypt.so.3.bak
root@ip-10-100-0-182:/lib/x86_64-linux-gnu# ln -s /usr/local/openssl/lib64/libcrypto.so.3 /lib/x86_64-linux-gnu/libcrypto.so.3
root@ip-10-100-0-182:/lib/x86_64-linux-gnu# openssl
help:

Standard commands
asn1parse         ca                ciphers           cmp               
cms               crl               crl2pkcs7         dgst              
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
fipsinstall       gendsa            genpkey           genrsa            
help              info              kdf               list              
mac               nseq              ocsp              passwd            
pkcs12            pkcs7             pkcs8             pkey              
pkeyparam         pkeyutl           prime             rand              
rehash            req               rsa               rsautl            
s_client          s_server          s_time            sess_id           
smime             speed             spkac             srp               
storeutl          ts                verify            version           
x509

2. SSL 인증서 생성

$ cd /data/openssl/

$ mkdir ssl

$ chmod 777 ssl

$ cd ssl

$ root@ip-10-100-0-182:/data/openssl/ssl# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout hlgong.key -out hlgong.crt
.+..+.......+++++++++++++++++++++++++++++++++++++++*.........+....................+.......+...+...........+.+.........+........+.+..+...+....+++++++++++++++++++++++++++++++++++++++*....+....+........+....+...............+...........+...............+...+.+..................+...+.....+.......+.....+.+.........+............+.....+....+......+........+.+..+....+...+..+.+..+...+.........+....+..+.......+.................+.........+....+.....+.+.....+.......+........+...............+.+...+...............+......+...........+.+..+.+......+...........+....+........+.+..+....+...............+.....+....+..+...+.........+...+...+.+...+...+...+.........+.....+............+......+...+.......+...+..............+............+...............+.............+..+...............+...................+......+......+..+..........+......+.....+......+...+.+..+...+.+...............+...+...............+.....+.+..............+...+....+......+............+..+.+.........+..............+....+.....+...+...+.+...+..+......+...+....+........+.............+..+..........+...++++++
....+....+......+..+++++++++++++++++++++++++++++++++++++++*........+..+.+...+..+...+.........+.+..+.........+...+.+.....+.+..............+....+.....+++++++++++++++++++++++++++++++++++++++*..+....+......+...+..++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR (국가코드)
State or Province Name (full name) [Some-State]:soul
Locality Name (eg, city) []:seocho
Organization Name (eg, company) [Internet Widgits Pty Ltd]:be
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:hlgong.com (도메인 또는 IP 주소)
Email Address []:phl730@naver.com (이메일)

$ chmod 600 /data/openssl/ssl/*.*

$ root@ip-10-100-0-182:/data/openssl/ssl# ls -al
total 16
drwxrwxrwx 2 root root 4096 Jan  6 05:32 .
drwxr-xr-x 4 root root 4096 Jan  6 02:45 ..
-rw------- 1 root root 1363 Jan  6 05:32 hlgong.crt
-rw------- 1 root root 1704 Jan  6 05:31 hlgong.key