3. ÀÎÁõ¼­ ¿äû°ú ¼³Ä¡

ÁÖÀÇ: ÀÌ ÀýÂ÷µéÀº .infn.it¿¡¸¸ ÇØ´çµÇ´Â °ÍÀÌ´Ù.

  1. srv.cnf ¸¦ /usr/local/ssl/lib/ ¿¡ º¹»çÇÑ´Ù(ÁÖ: À̰ÍÀº ÁöÀºÀÌÀÇ Áö¿ªÀû ¼³Á¤À¸·Î OpenSSLÀÇ Ãʱ⠼³Á¤ ÆÄÀÏÀÎ /usr/local/ssl/openssl.cnf À» ÀÌ¿ëÇϴ°ÍÀÌ ÀϹÝÀû °æ¿ì´Ù.).

  2. ÀÎÁõ¼­ ¿äûÀ» »ý¼ºÇÑ´Ù.

    > cd /usr/local/ssl/certs
    > /usr/local/ssl/bin/openssl req -new -nodes -out req.pem \
     -keyout key.pem -config /usr/local/ssl/lib/srv.cnf
    
    Using configuration from /usr/local/ssl/lib/srv.cnf
    Generating a 1024 bit RSA private key
    .......................+++++
    .........................+++++
    writing new private key to 'key.pem'
    -----
    You are about to be asked to enter information that will be      
    incorporated into your certificate request.
    What you are about to enter is what is called 
    a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    %ÀÌÁ¦ ´ç½ÅÀÇ ÀÎÁõ¼­ ¿äû(certificate request)¿¡ ±â·ÏµÉ Á¤º¸¸¦ ¹°¾îº¼ ¶§ÀÌ´Ù.
    %ÀÔ·ÂµÉ °ÍÀº ±¸º°µÇ´Â À̸§(Distinguished Name) À̳ª DNÀ¸·Î ºÎ¸¥´Ù.
    %´ç½ÅÀÌ ÀÔ·ÂÇÒ Ç׸ñÀº ¸î°³ µÇÁö ¾ÊÀ¸¸ç, ±âº»°ªÀ» ÃëÇÒ¶§´Â ºóÄ­À¸·Î ´ë½ÅÇÒ¼ö ÀÖ´Ù. 
    %¸¸ÀÏ ´ç½ÅÀÌ '.'¸¦ ÀÔ·ÂÇÑ´Ù¸é, ±× Ç׸ñÀº °ø¹éÀ¸·Î ³²À»°ÍÀÌ´Ù.
    
    Country Name (2 letter code) [IT]:                                  %2-¹®ÀÚ ±¹°¡ÄÚµå
    INFN (accettare il default!) [INFN]:                                %µµ¸ÞÀÎ¸í °°Àºµ¥¿ä?
    Locality Name (p.e. Firenze) []:Firenze                             %Áö¿ª¸í
    Organization Name (p.e. Sezione di Firenze) []:Sezione di Firenze   %±â°ü¸í
    Server type [Server IMAP]:          %¼­¹öŸÀÔ
    Server name (p.e. postino.fi.infn.it) []:postino.fi.infn.it         %¼­¹öÀ̸§
    Email Address []:cecchini@fi.infn.it        
    
    > chmod 600 key.pem
                            

    key.pem Àº ¼­¹ö ºñ¹ÐŰ(private key)¸¦ Æò¹®À¸·Î ´ã°í ÀÖ´Ù!

  3. req.pem À» ÀÎÁõ¼­¸¦ º¸³»ÁÙ CA·Î º¸³½´Ù(Âü°í: ÀÚÇÊ ¼­¸í ÀÎÁõ¼­ »ý¼º: ¼­Á¤·æ´ÔÀÇ ¹ø¿ªÁß ÀϺÎ).

  4. (¿¡µðÅ͸¦ ÀÌ¿ëÇÏ¿©) /usr/local/ssl/certs/stunnel.pem ¸¦ ÀÛ¼ºÇϴµ¥, ÀÌ´Â ¼­¹ö ºñ¹ÐŰ¿Í ¼­¹ö ÀÎÁõ¼­¸¦ ´ã°í ÀÖ´Ù. ÇϳªÀÇ ºó ÁÙÀ» µÎ ºÎºÐ »çÀÌ¿¡ »ðÀÔÇϰí, ¶ÇÇϳªÀÇ ºóÁÙÀ» ÆÄÀÏ °¡Àå ¹Ø¿¡´Ù »ðÀÔÇ϶ó.

    ¿ªÀÚÁÖ: ½ÇÁ¦ÀûÀ¸·Î ÇÑÁÙÀÌ º°µµ·Î ÷°¡µÇÁö ¾Ê¾Æµµ Àß µ¿ÀÛÇÏ¿´´Ù. µû¶ó¼­ ÁöÀºÀÌÀÇ Àǵµ´Â °¢ ºÎºÐÀÌ ³¡³ª°í ´ÙÀ½ÁÙ·Î ³Ñ¾î°¡¶ó´Â ¶æÀ¸·Î ¹Þ¾ÆµéÀÌ¸é µÇ°Ú´Ù. ´ÙÀ½Àº stunnel.pemÀÇ ³»¿ëÀÇ ¿¹ÀÌ´Ù.

     -----BEGIN RSA PRIVATE KEY-----                                    
     MIICXQIBAAKBgQDHkqs4YDbakYxRkYXIpY7xLXDQwULR5LW7xWVzuWmmZJOtzwlP   % ¼­¹ö ºñ¹ÐŰ ºÎºÐ  
     7mN87g+aaiQzwXUVndaCw3Zm6cOG4mytf20jPZq0tvWnjEB3763sorpfpOe/4Vsn   %
     VBFjyQY6YdqYXNmjmzff5gTAecEXOcJ8CrPsaK+nkhw7bHUHX2X+97oMNQIDAQAB   
     AoGBAMd3YkZAc9LUsig8iDhYsJuAzUb4Qi7Cppj73EBjyqKR18BaM3Z+T1VoIpQ1   
     DeXkr39heCrN7aNCdTh1SiXGPG6+fkGj9HVw7LmjwXclp4UZwWp3fVbSAWfe3VRe
     LM/6p65qogEYuBRMhbSmsn9rBgz3tYVU0lDMZvWxQmUWWg7BAkEA6EbMJeCVdAYu
     nQsjwf4vhsHJTChKv/He6kT93Yr/rvq5ihIAPQK/hwcmWf05P9F6bdrA6JTOm3xu
     TvJsT/rIvQJBANv0yczI5pUQszw4s+LTzH+kZSb6asWp316BAMDedX+7ID4HaeKk
     e4JnBK//xHKVP7xmHuioKYtRlsnuHpWVtNkCQQDPru2+OE6pTRXEqT8xp3sLPJ4m
     ECi18yfjxAhRXIU9CUV4ZJv98UUbEJOEBtx3aW/UZbHyw4rwj5N511xtLsjpAkA9
     p1XRYxbO/clfvf0ePYP621fHHzZChaUo1jwh07lXvloBSQ6zCqvcF4hG1Qh5ncAp
     zO4pBMnwVURRAb/s6fOxAkADv2Tilu1asafmqVzpnRsdfBZx2Xt4oPtquR9IN0Q1
     ewRxOC13KZwoAWtkS7l0mY19WD27onF6iAaF7beuK/Va
     -----END RSA PRIVATE KEY-----
     -----BEGIN CERTIFICATE-----
     MIIECTCCA3KgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBujELMAkGA1UEBhMCVVMx   % ÀÎÁõ¼­ ºÎºÐ
     EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxHzAdBgNVBAoT   %
     FkJsdXJkeWJsb29wIEluZHVzdHJpZXMxFjAUBgNVBAsTDUlTIERlcGFydG1lbnQx
     ITAfBgNVBAMTGEJvbWJhc3RpYyBULiBCbHVyZHlibG9vcDEoMCYGCSqGSIb3DQEJ
     ARYZYm9tYmFzdGljQGJsdXJkeWJsb29wLmNvbTAeFw0wMDA2MDYwMDUxMTRaFw0x
     MDA2MDQwMDUxMTRaMIG6MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
     bjEQMA4GA1UEBxMHU2VhdHRsZTEfMB0GA1UEChMWQmx1cmR5Ymxvb3AgSW5kdXN0
     cmllczEWMBQGA1UECxMNSVMgRGVwYXJ0bWVudDEhMB8GA1UEAxMYQm9tYmFzdGlj
     IFQuIEJsdXJkeWJsb29wMSgwJgYJKoZIhvcNAQkBFhlib21iYXN0aWNAYmx1cmR5
     Ymxvb3AuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHkqs4YDbakYxR
     kYXIpY7xLXDQwULR5LW7xWVzuWmmZJOtzwlP7mN87g+aaiQzwXUVndaCw3Zm6cOG
     4mytf20jPZq0tvWnjEB3763sorpfpOe/4VsnVBFjyQY6YdqYXNmjmzff5gTAecEX
     OcJ8CrPsaK+nkhw7bHUHX2X+97oMNQIDAQABo4IBGzCCARcwHQYDVR0OBBYEFD+g
     lcPrnpsSvIdkm/eol4sYYg09MIHnBgNVHSMEgd8wgdyAFD+glcPrnpsSvIdkm/eo
     l4sYYg09oYHApIG9MIG6MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
     bjEQMA4GA1UEBxMHU2VhdHRsZTEfMB0GA1UEChMWQmx1cmR5Ymxvb3AgSW5kdXN0
     cmllczEWMBQGA1UECxMNSVMgRGVwYXJ0bWVudDEhMB8GA1UEAxMYQm9tYmFzdGlj
     IFQuIEJsdXJkeWJsb29wMSgwJgYJKoZIhvcNAQkBFhlib21iYXN0aWNAYmx1cmR5
     Ymxvb3AuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAwEEk
     JXpVXVaFTuG2VJGIzPOxQ+X3V1Cl86y4gM1bDbqlilOUdByUEG4YfSb8ILIn+eXk
     WzMAw63Ww5t0/jkO5JRs6i1SUt0Oy80DryNRJYLBVBi499WEduro8GCVD8HuSkDC
     yL1Rdq8qlNhWPsggcbhuhvpbEz4pAfzPkrWMBn4=
     -----END CERTIFICATE-----
                            

  5. req.pem °ú key.pem À» »èÁ¦Çϰí, stunnel.pem À» º¸È£Ç϶ó (chmod 600). Áö±Ý ÀÌ ÆÄÀÏÀº ¼­¹ö ºñ¹Ð۸¦ Æò¹®À¸·Î ´ã°í ÀÖ´Ù.