RSA 방식의 인증서의 키파일의 비밀번호를 제거하는 방법입니다.
참고로, 인증서의 키가 등록되어 있는 경우 해당 인증서가 설정된 아파치 서버 재기동 시
비밀번호를 입력 받게 되어 있습니다.
비밀번호가 존재하는 키 파일인 경우
•
아래 콘솔과 같이 웹서버 재기동 시 RSA 비밀 키 파일의 비밀번호 (pass phrases)을 입력을 해야합니다.
[root@dev-crinity-web-02 conf]# /usr/sbin/apachectl stop
[root@dev-crinity-web-02 conf]# /usr/sbin/apachectl start
Apache/2.4.46 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Private key dev.domain.com:443:0 (/home/apache/htdocs/certificate/domain/star_domain_key.pem)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
[root@dev-crinity-web-02 conf]# !ps
ps -ef | grep httpd
root 27737 1 0 14:54 ? 00:00:00 /usr/sbin/httpd -k start
root 27738 27737 0 14:54 ? 00:00:00 /sbin/rotatelogs /var/log/httpd/error_log-%Y.%m.%d 86400
root 27739 27737 0 14:54 ? 00:00:00 /sbin/rotatelogs /var/log/httpd/access.log-%Y.%m.%d 86400
nobody 27740 27737 0 14:54 ? 00:00:00 /usr/sbin/httpd -k start
nobody 27741 27737 0 14:54 ? 00:00:00 /usr/sbin/httpd -k start
nobody 27742 27737 0 14:54 ? 00:00:00 /usr/sbin/httpd -k start
nobody 27743 27737 0 14:54 ? 00:00:00 [httpd] <defunct>
nobody 27744 27737 0 14:54 ? 00:00:00 /usr/sbin/httpd -k start
nobody 27745 27737 0 14:54 ? 00:00:00 /usr/sbin/httpd -k start
root 28418 24807 0 14:54 pts/4 00:00:00 grep --color=auto httpd
Bash
복사
인증서 키 파일의 비밀번호(pass phrases) 제거
•
반드시 기존 키 파일을 백업 후 작업합니다.
[root@dev-crinity-web-02 _test]# ll
total 4
-rw------- 1 root root 1771 May 23 12:54 star_domain_key.pem
[root@dev-crinity-web-02 _test]# openssl rsa -in star_domain_key.pem -out no_key_star_domain_key.pem
Enter paㄹss phrase for star_domain_key.pem: <-- 기존 키파일의 비밀번호를 입력합니다.
writing RSA key
[root@dev-crinity-web-02 _test]# ls -trl
total 8
-rw------- 1 root root 1771 May 23 12:54 star_domain_key.pem
-rw-r--r-- 1 root root 1675 May 23 12:54 no_key_star_domain_key.pem
Bash
복사
인증서 키 파일 비교
•
pass phrases가 제거 된 것을 확인합니다. (DEK-Info 존재 여부로 구분)
[root@dev-crinity-web-02 _test]# cat star_domain_key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4A14577AB8561C71
dwfX34DApAtGATUZoMrncOIwqqopuckBgRwN7pDZ5HWOBU+lldtQmaUNIYb9hljX
huhwqkQY/zYHT0i0CQAVfmijdPTsOhj6APtfcJK3h/ba7NneGx/dF/IzsjACsQQf
1RT9GQDi8TooCZ8AlBxRC3amY4D6S3UmwsVamFnHEq1/ESZDRLxl1H3PlJarKAhn
OaDoY/SbmpklN44nS+NJVJvON1T0JBtpajJy868JmEgZlV1P4BgH73i2DVXqVW7w
YN4x8m+JGHimpvcE3G0P9NIcxLRbVV2pPGr9NLFEPQ/lhxVtk1L3RSkHbnEsMtwx
5EJ5iUJ9s+ho/ph6ZM44VOYskZcWhxpKHHnAFrU8nUkg0obcvxyJ0EzLLtAfFkaZ
ltQ2S+ZLr/8qV1iLq5jHRK6DzRBRArIY0TS+putLs9zGhqreT8JUaj1x/T+AJAd7
WytoUCRifaApoRhZ3nGgdlYlEFOeyBJyR4oskmyXzJi9mGTHmSO/QITvqblDqWcz
TXBFueuGRYVGxRiaZaNsmZIeMiHNgcoQF1O7MH/TnMaNwoaxo6krXB+n5jWTAv55
WEUDso87LwVmd++bb3lsZjCpZEvA+wDJHJsM/N8IC2SThvg9RB1pnIw5w/p5Z4ff
JfB696/XsUr0TUEmF5QUTBqVWMlbUy550WLpr3dfrn70LgjN+lsCZG8TR3MO1gqU
iZpWH9207Uf9t/NUSGY0JT07ZXDzazneYP/8LGuQr+hezmqQuGJak882CKkVafH5
EzmwTjxnchrIOfUXJdo4e2o7WCLbqNTtnD9FkFRcbl34IHtFD6eRDn/SSBowpGWy
v0ajEL7NcCO9BSsF6fje/lWHs6xjzMpUNuA0greGaQ6M0rJoI3C1u5LYshyvQ6Gt
GnazQcFnLTYymqacWjhqf6krkPQGq1WSnCXvgAi0cgGFGai9cCXrfsCdnxmqDH3t
qi97pUF2yWFm+IJMiKG6vhkuIZ2ldeVYPA+MQF/i6e611812MbQ0p1r9c2NGH0am
iVWmmbMsYBWi8MeLgG5dktcPXKUIlaMhI/6yFAYrRX0v36lJaIU/4U0wFgueno0m
Ti/T/2GGdPSM6zY/bssb39u7uZin6L5/bECd28nTygLqiXkyiJqABju3k3uNPX1z
p7MQfOxrzpOpFDk2AGQFOIs5uOwP4ZbwiwBfTxfVEaLfspWrl1T8YrQifYVNx5Y5
xNorSeZ7bQjQo7yDo9sYwIzAhXomDDNQEZdcpe6WGlidB4EAZ1XXg8+7Psr2MxfS
eToeu98Cwqk6BC0j/Xj5ONv37AVaGLWV7tUDPY7sRGBsNC1dgrUfbSnUN3q3FlAm
2R3v3FjXUx33DIBvJ2LRiVwUWgSqaFnmesm2qKSzCsIxg2P7qHC4T/io8gzkaZVC
gCwJ+bm+tTx+zI4nyaAElQaSmftGRQmvxpQlRccbTC3holBF/pMAULHwBDHwJnAA
eDwFAqn72awldkOjWfq/hhYCE/xRCK0ahZNQXfSWbfOCgPu4lzrQWWoG3npdH9Uw
ORTzYAifyUQF+NUxnxBqM9596A0Hak6LnCNTzkWk9xuD89GWFrnr9w==
-----END RSA PRIVATE KEY-----
[root@dev-crinity-web-02 _test]#
[root@dev-crinity-web-02 _test]# cat no_key_star_domain_key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAg1eg2x5E0duGqnbyOB1xgDEqmH0g1aYik1dCz4xu2FFf32KD
BmRJZSPhSqvz2rJZ70YA7+5Pz94BDBNlXKPaiOHcHfHjvDVvjtLrEWUsEBps7cuc
8tqF0xSTPt5uniBYBHsCbOHuKIaxkfDupKgDAE0/m27xxK5qQf+SofitxtFf/BjH
/yHdtAFS4VdQ5xOHD/323vULQQbNFhUCrkZ9c7h01+5zBEV8VGhlgCbTxTqm1AMV
6hyIhH+/mze7M/GcEGeHrBBizuf7wiWwsPOYQBGRzESHai8wz0PQlyDxY1uAIf58
8Cns8vvsF87MH6LTPTkQ+NHYhrhtkpGZxnXHoQIDAQABAoIBAFDjIZxwmr+Ha/sF
gAzRDTp+jRYWUadiRn7pSasaeJVeICYpvDmuf4j7PN9I4Mg5+KskOKWK5bpFpe1y
8ITKIGcWegIzGyao3ghemwg+f5F3RMh6EjF6JNqnHDumrwdRMgOoYgj+ZzasJSWU
9NOQ6TBBYr/t5pVTOPtmUz7PMO501HLwrmZ3XOStY3XYPGmN4MqWr59jXx9tFweb
0b+PeBRiZ69Mx704LO1nbtTBRB2fn77K51zlYhoHmVYRg1mtoHCBmKCyWAXUWHPr
U19UT+C3hxn9rFJItfPM33BogJk9qratksg59MCKemfewrj9jzbMD93OoKpgt1hp
vV4iQbUCgYEA2aLUcTNTMNj+xJjP/M/TTrOu/KjWWR78dl3dtkwdXwIJTcOOQzxD
kcW3HtgSTcwfMOKwfs7FZfSVbximOmHiIWFGIulBe2d3p7Qh+dLv/hiQ+813Zcw5
HIaGPms0bc3am26Gthws5RSO+na3SdCrqAbgTWYEzirVSg5RLCe93BsCgYEAmn6o
G8Nd2rUAnTGTfGTfJf7OkSMHOxFqJ+fWoEuzFR8EFou/8wfFkgCjSEqzlNqYCvTt
cpsCTPeby5FmELrqd+/VKl4hPBQpkraRffsy9/NoGqG6pyOAXm1/dhCmgKr/ViU5
MJUGiEZZpKhfTIYBk3JnkFGGRXXw3cB2gggjLvMCgYEAhx7aSQH1p4FCA+tgTnT1
m4phnUpx8lkTo6W5joIJRkBsaFR+ke3rgajAfaznCFgwEVjc/Y4A7sEAuj4SjnLR
Q6oyMmChoC1oE735zjKRgC/ebAdwFsrJtpUq6bwDjBzfmdrwVkZ99ShjcMueFn0w
5hyGzGcHmrzrOZRT/1cZQHsCgYAruD/2a1j59VLRKSBliV4ksHDgXZtEOe9ij5cL
EaECDx7nCnEtYzujz45lfM5JB3sTTrCLSBZklYV/HAxYG60Sd8pJDQ42pDYHkKan
khigVj9VmgLqHX/MOQxi6t9TdhB/3lTKzMFmexIPKJ6fVyTHBw8LpiZrLa8V8csX
jRn3xQKBgEd4EC55S4BhiWZipFldl/GndogL8HQI27kkO4F5/Be2UEf4TxKjkhLA
5lOF7LbtRzldF93e7bKU4L9QfjphQPjggi82oazmGd8lXXe4Lhe/aXQYSN9L9ujS
CTe/hV4oV20bIdnMPWFPDVVy09+SLi7WYJcmPZePweu0slY9fTCo
-----END RSA PRIVATE KEY-----
[root@dev-crinity-web-02 _test]# pwd
/home/apache/htdocs/_remove_key_test/certificate/doamin/_test
[root@dev-crinity-web-02 _test]#
[root@dev-crinity-web-02 _test]# ll
total 8
-rw-r--r-- 1 root root 1675 May 23 12:54 no_key_star_domain_key.pem
-rw------- 1 root root 1771 May 23 12:54 star_domain_key.pem
Bash
복사