[AA+ Reference Document] for Apache-2.4.4 installation

Apache-2.4.4, SSL인증서 설치

#### Apache-2.4.4 installation ####

[컴파일 및 설치 대상]
apache-apr.1.4.6
apache-apr-util.1.5.1
apache-httpd-2.4.4 

[APR 이란?]
  APR - 여러 플랫폼에 적용가능하도록 하나의 api를 사용해서 compile 하도록 구성함.
  APR-UTIL - 여러 편리한 API를 제공
  
APR기능
� UUID Internet generation
�	Filename canonicalization
�	Random data generation
�	Global lock management
�	Threads and process management
�	Dynamic library loading routines
�	Memory mapped and shared memory


[apr 다운로드 및 설치]
Base Source DownLoad Director : /home/ubuntu/down/
Base Install Directory : /project/AA+/servers/httpd-2.4.4


$ wget http://apache.mirror.cdnetworks.com//apr/apr-1.4.6.tar.gz
--2013-05-04 23:24:27--  http://apache.mirror.cdnetworks.com//apr/apr-1.4.6.tar.gz
Resolving apache.mirror.cdnetworks.com (apache.mirror.cdnetworks.com)... 61.110.198.174
Connecting to apache.mirror.cdnetworks.com (apache.mirror.cdnetworks.com)|61.110.198.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 982243 (959K) [application/x-gzip]
Saving to: `apr-1.4.6.tar.gz.1'

100%[=======================================================================>] 982,243      344K/s   in 2.8s    

2013-05-04 23:24:31 (344 KB/s) - `apr-1.4.6.tar.gz.1' saved [982243/982243]

# 압축해제
$ root@ip-10-161-5-236:/home/ubuntu/down#  tar xvfz apr-1.4.6.tar.gz
 
$ ./configure --prefix=/project/AA+/servers/httpd-2.4.4 --datadir=/project/AA+/servers/httpd-2.4.4/workspaces --enable-shared

 
 [configure exception]
http://system.neulwon.com/xe/linux_os/2472

 1. apr 컴파일 오류 발생시 
config.status: executing libtool commands
rm: cannot remove `libtoolT': No such file or directory
config.status: executing default commands
config.status: include/apr.h is unchanged
config.status: include/arch/unix/apr_private.h is unchanged
 
(위와 같은 에러 출력시 아래처럼 파일을 복사해주고 진행을 계속 합니다.)
$ cp -arp libtool libtoolT

$ make

$ make install


[apr-util 다운로드 및 설치]
$ root@ip-10-161-5-236:/home/ubuntu/down# wget http://apache.mirror.cdnetworks.com//apr/apr-util-1.5.2.tar.gz
--2013-05-04 23:25:44--  http://apache.mirror.cdnetworks.com//apr/apr-util-1.5.2.tar.gz
Resolving apache.mirror.cdnetworks.com (apache.mirror.cdnetworks.com)... 61.110.198.174
Connecting to apache.mirror.cdnetworks.com (apache.mirror.cdnetworks.com)|61.110.198.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 867573 (847K) [application/x-gzip]
Saving to: `apr-util-1.5.2.tar.gz'

100%[=======================================================================>] 867,573      339K/s   in 2.5s    

2013-05-04 23:25:47 (339 KB/s) - `apr-util-1.5.2.tar.gz' saved [867573/867573]

# 압축해제
$ root@ip-10-161-5-236:/home/ubuntu/down# tar xvfz apr-util-1.5.2.tar.gz 


$ ./configure --prefix=/project/AA+/servers/httpd-2.4.4 --infodir=/project/AA+/servers/httpd-2.4.4/info --mandir=/project/AA+/servers/httpd-2.4.4/man --sysconfdir=/project/AA+/servers/httpd-2.4.4/conf --datadir=/project/AA+/servers/httpd-2.4.4/var --with-apr=/project/AA+/servers/httpd-2.4.4

$ make && make install

[openssl update]
## httpd compile 시 오류가 발생한다면...
checking for OpenSSL version >= 0.9.7... FAILED
configure: WARNING: OpenSSL version is too old

참고 : https://help.ubuntu.com/community/OpenSSL

$ apt-cache search libssl | grep SSL
$ apt-get upgrade openssl
libssl0.9.8 - SSL shared libraries


[openssl-10.0.1e source 개별 파일 다운 & compile]
참고 : http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html

100%[=======================================================================>] 4,459,777    770K/s   in 6.8s    

2013-05-05 17:25:54 (638 KB/s) - `openssl-1.0.1e.tar.gz' saved [4459777/4459777]

[compile]
$ ./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         shared                \
         zlib-dynamic &&


*** openssl compile 중 오류발생 ***
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include  -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM   -c -o c_zlib.o c_zlib.c
c_zlib.c:25:18: fatal error: zlib.h: No such file or directory
compilation terminated.
make[2]: *** [c_zlib.o] Error 1
make[2]: Leaving directory `/home/ubuntu/down/openssl-1.0.1e/crypto/comp'
make[1]: *** [subdirs] Error 1
make[1]: Leaving directory `/home/ubuntu/down/openssl-1.0.1e/crypto'
make: *** [build_crypto] Error 1


[해결방법: ssl lib점검 & zlib 설치]
$ apt-cache search ssl
$ apt-get install zlib1g-dev

[compile 재시도!]
$ ./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         shared                \
         zlib-dynamic &&
		 
$ make && make install


[httpd-2.4.4  다운로드 및 구성]
$ cd /home/ubuntu/down/
$ root@ip-10-161-5-236:/home/ubuntu/down# wget http://mirror.apache-kr.org//httpd/httpd-2.4.4.tar.gz

$ 압축해제
$ root@ip-10-161-5-236:/home/ubuntu/down# tar xvfz apr-util-1.5.2.tar.gz 

$ ./configure --prefix=/project/AA+/servers/httpd-2.4.4 --enable-mpms-shared=all --with-mpm=event --enable-static-support --enable-mods-shared=reallyall  --enable-proxy=shared --enable-proxy-ajp=shared --enable-proxy-balancer=shared --enable-proxy-connect=shared --enable-proxy-ftp=shared --enable-proxy-http=shared  --enable-vhost-alias --enable-rewrite --enable-ssl --with-ssl=/etc/ssl/ --with-apr=/project/AA+/servers/httpd-2.4.4 --with-apr-util=/project/AA+/servers/httpd-2.4.4 && make

---------------------------
<-- 성공(--enable-so 제거)

$ ./configure --prefix=/project/AA+/servers/httpd-2.4.4 --enable-mpms-shared=all --with-mpm=event --enable-static-support --enable-mods-shared=reallyall  --enable-proxy=shared --enable-proxy-ajp=shared --enable-proxy-balancer=shared --enable-proxy-connect=shared --enable-proxy-ftp=shared --enable-proxy-http=shared  --enable-vhost-alias --enable-rewrite --enable-ssl --with-ssl=/etc/ssl/ --enable-so --with-apr=/project/AA+/servers/httpd-2.4.4 --with-apr-util=/project/AA+/servers/httpd-2.4.4 && make && make install

---------------------------
<-- 실패

[SSL 인증서 생성 및 설치]
참조 : http://jmnote.com/wiki/%EA%B0%9C%EC%9D%B8%EC%84%9C%EB%AA%85_SSL_%EC%9D%B8%EC%A6%9D%EC%84%9C_%EC%83%9D%EC%84%B1

1. server.key 생성(개인키)

$ root@ip-10-161-5-236:mkdir -p /home/ubuntu/ssl
$ root@ip-10-161-5-236:cd /home/ubuntu/ssl
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
............................................+++
...+++
e is 65537 (0x10001)
Enter pass phrase for server.key: aaplus
Verifying - Enter pass phrase for server.key: aaplus

2. 암호 제거
$ root@ip-10-161-5-236:/home/ubuntu/ssl# cp server.key server.key.org
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key

3. server.csr 파일 생성 (인증요청서)
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl req -new -key server.key.org -out server.csr
Enter pass phrase for server.key.org:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Gangnamgu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AA+
Organizational Unit Name (eg, section) []:AA+
Common Name (e.g. server FQDN or YOUR name) []:aaplus.pe.kr
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

4. server.crt 생성(인증서)
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=KR/ST=Seoul/


5. ssl 인증서 httpd 에 복사
$ cp -R ./ssl/ /project/AA+/servers/httpd-2.4.4/conf/


[인증서 handshake]
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# openssl s_client -connect 127.0.0.1:443 | openssl x509
depth=0 C = KR, ST = Seoul, L = Gangnamgu, O = "AA+", OU = "AA+", CN = aaplus.pe.kr
verify error:num=18:self signed certificate
verify return:1
depth=0 C = KR, ST = Seoul, L = Gangnamgu, O = "AA+", OU = "AA+", CN = aaplus.pe.kr
verify return:1
-----BEGIN CERTIFICATE-----
MIIDRDCCAiwCCQDL41YNyCjsNTANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJL
UjEOMAwGA1UECAwFU2VvdWwxEjAQBgNVBAcMCUdhbmduYW1ndTEMMAoGA1UECgwD
QUErMQwwCgYDVQQLDANBQSsxFTATBgNVBAMMDGFhcGx1cy5wZS5rcjAeFw0xMzA1
MDYxNDQxMjlaFw0xNDA1MDYxNDQxMjlaMGQxCzAJBgNVBAYTAktSMQ4wDAYDVQQI
DAVTZW91bDESMBAGA1UEBwwJR2FuZ25hbWd1MQwwCgYDVQQKDANBQSsxDDAKBgNV
BAsMA0FBKzEVMBMGA1UEAwwMYWFwbHVzLnBlLmtyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA3Ue471A/W/qthTizqWxK+7F8Emi4JStCfZD16PnvQ/V2
8kdqrO9Smb9lg1f5OwLYK/1ik2Wu5JoCu3Y1TqM8CqcPScfiqx9AawnX6JYuyA51
qDaGsVzhg2CJd/1R7mEvrsX2iYh1wG+7ZNw3+9PYPgOUx4pvcH9y3y7Jc9Qu5Cy2
PnKQtQvCnU/DVaQnoZUTzFV+St2CVjYYkW6O/SW30rLI6EG2ofJlb7mEMB3d+jPi
WfoblQ1BJtaDzsz3SUd8KK4XvJP8Z02N8H80RGmu4J4dbexKZB+yagOYAvwtQ3e5
tIIjxPfPJYY/wkmHChzxLOplpl8W3yL2MFwzZ1U3OwIDAQABMA0GCSqGSIb3DQEB
BQUAA4IBAQCbnAF6z1ePyFHOnPFHw7SuJ7MZ445ccoJDC6f5nbKmXtmJqYehYifE
zI9cE5U7HYPCmOOlOZwmrAunH65c/MIw5XW7skOGjq/moqWkXYPKBXIiSN8UsPtz
MUKQqQEtfhOnJSy/080vMuAcS0scrthyylyCu9i5jAw33PxkMzbPgGtSSKcmAYDs
JB5XneWUmKHqYW9x9yjzW5lLUm2XnbIKtlC9XVXMC3Pp3hEvPVOdBqVvOrPSKNyU
djiI0xTIUhgnJMfFM/JeILgLB+Hrv0DZ11TP4bc9HfDB1LN1RMswLCV14qqofQaH
cDu6Qhefk2xJ3np+C/hfdjoNlns4MDCR
-----END CERTIFICATE-----

^C
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# 

[인증서 만료일 확인]
root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# openssl s_client -connect localhost:443 < /dev/null 2>&1 | openssl x509 -noout -enddate
notAfter=May  6 14:41:29 2014 GMT


6. Httpd.conf 수정
$ vi  /project/AA+/servers/httpd-2.4.4/conf/httpd.conf
----------------------------
Listen 80


LoadModule ssl_module modules/mod_ssl.so  #추가
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #추가

Include conf/extra/httpd-ssl.conf  #주석풀기
----------------------------

7. httpd-vhosts.conf 수정
참고 : http://httpd.apache.org/docs/2.4/vhosts/examples.html

$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/conf/extra# vi httpd-vhosts.conf
-------------------------------------------------------------------------
# NameVirtualHost *:80 : 제거 (2.4.4 에서는 의미가 없음)
<VirtualHost _default_:80>
    ServerAdmin webmaster@aaplus.pe.kr
    DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aaplus"
    ServerName *
    ErrorLog "logs/default-error_log"
    CustomLog "logs/default-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin www@aaplus.pe.kr
    DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aaplus"
    ServerName www.aaplus.pe.kr
    ErrorLog "logs/www-error_log"
    CustomLog "logs/www-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin aa1@aaplus.pe.kr
    DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aa1"
    ServerName aa1.aaplus.pe.kr
    ErrorLog "logs/aa1-error_log"
    CustomLog "logs/aa1-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin aa2@aaplus.pe.kr
    DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aa2"
    ServerName aa2.aaplus.pe.kr
    ErrorLog "logs/aa2-error_log"
    CustomLog "logs/aa2-access_log" common
</VirtualHost>
-------------------------------------------------------------------------

$ vi httpd-ssl.conf
-------------------------------------------------------------------------
## SSL Virtual Host Context
Listen 443

<VirtualHost _default_:443>
    ServerAdmin default@aaplus.pe.kr
    DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aaplus"
    ServerName www.aaplus.pe.kr
    ErrorLog "logs/default-ssl-error_log"
    #CustomLog "logs/default-ssl-access_log" common
    TransferLog "logs/default-ssl-access_log"
	#CustomLog logs/default-ssl-error "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	
    SSLEngine on
    SSLCertificateFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.crt
    SSLCertificateKeyFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin www@aaplus.pe.kr
    DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aaplus"
    ServerName www.aaplus.pe.kr
    ErrorLog "logs/www-ssl-error_log"
    #CustomLog "logs/www-ssl-access_log" common
    TransferLog "logs/www-ssl-access_log"
	#CustomLog logs/www-ssl-error "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	
    SSLEngine on
    SSLCertificateFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.crt
    SSLCertificateKeyFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin aa1@aaplus.pe.kr
    DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aa1"
    ServerName aa1.aaplus.pe.kr
    ErrorLog "logs/aa1-ssl-error_log"
    #CustomLog "logs/aa1-ssl-access_log" common
    TransferLog "logs/aa1-ssl-access_log"
	#CustomLog logs/aa1-ssl-error "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	
    SSLEngine on
    SSLCertificateFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.crt
    SSLCertificateKeyFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin aa2@aaplus.pe.kr
    DocumentRoot "/project/AA+/servers/httpd-2.4.4/docs/aa2"
    ServerName aa2.aaplus.pe.kr
    ErrorLog "logs/aa2-ssl-error_log"
    #CustomLog "logs/aa2-ssl-access_log" common
    TransferLog "logs/aa2-ssl-access_log"
	#CustomLog logs/default-ssl-error "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	
    SSLEngine on
    SSLCertificateFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.crt
    SSLCertificateKeyFile /project/AA+/servers/httpd-2.4.4/conf/ssl/server.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
-------------------------------------------------------------------------


[document root 생성]
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4# mkdir docs
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4# cd docs/
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/docs# mkdir aaplus
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/docs# mkdir aa1
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/docs# mkdir aa2

[apache 시작]
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# ./apachectl start
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# ps -elf| grep httpd

[httpd 기동 점검]
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# ps -elf| grep httpd
1 S root      9379     1  0  80   0 - 19737 poll_s 16:27 ?        00:00:00 /project/AA+/servers/httpd-2.4.4/bin/httpd -k start
5 S daemon    9380  9379  0  80   0 - 91978 pipe_w 16:27 ?        00:00:00 /project/AA+/servers/httpd-2.4.4/bin/httpd -k start
5 S daemon    9381  9379  0  80   0 - 91978 pipe_w 16:27 ?        00:00:00 /project/AA+/servers/httpd-2.4.4/bin/httpd -k start
5 S daemon    9382  9379  0  80   0 - 91978 pipe_w 16:27 ?        00:00:00 /project/AA+/servers/httpd-2.4.4/bin/httpd -k start
0 S root      9465 29843  0  80   0 -  2026 pipe_w 16:27 pts/1    00:00:00 grep --color=auto httpd


[httpd 서비스 점검]
1. listening port 확인
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# netstat -apn | grep LISTEN | grep tcp
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      24650/sshd      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      24175/httpd     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      24175/httpd     
tcp6       0      0 :::22                   :::*                    LISTEN      24650/sshd  

2. port 동작 확인
$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> q
Connection closed.

$ root@ip-10-161-5-236:/project/AA+/servers/httpd-2.4.4/bin# telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> q
Connection closed.

3. Apache ssl handshake
$ root@ip-10-161-5-236:/home/ubuntu/ssl# openssl s_client -host localhost -port 443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = KR, ST = Seoul, L = Gangnamgu, O = "AA+", OU = "AA+", CN = aaplus.pe.kr
verify error:num=18:self signed certificate
verify return:1
depth=0 C = KR, ST = Seoul, L = Gangnamgu, O = "AA+", OU = "AA+", CN = aaplus.pe.kr
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=KR/ST=Seoul/L=Gangnamgu/O=AA+/OU=AA+/CN=aaplus.pe.kr
   i:/C=KR/ST=Seoul/L=Gangnamgu/O=AA+/OU=AA+/CN=aaplus.pe.kr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRDCCAiwCCQDL41YNyCjsNTANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJL
UjEOMAwGA1UECAwFU2VvdWwxEjAQBgNVBAcMCUdhbmduYW1ndTEMMAoGA1UECgwD
QUErMQwwCgYDVQQLDANBQSsxFTATBgNVBAMMDGFhcGx1cy5wZS5rcjAeFw0xMzA1
MDYxNDQxMjlaFw0xNDA1MDYxNDQxMjlaMGQxCzAJBgNVBAYTAktSMQ4wDAYDVQQI
DAVTZW91bDESMBAGA1UEBwwJR2FuZ25hbWd1MQwwCgYDVQQKDANBQSsxDDAKBgNV
BAsMA0FBKzEVMBMGA1UEAwwMYWFwbHVzLnBlLmtyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA3Ue471A/W/qthTizqWxK+7F8Emi4JStCfZD16PnvQ/V2
8kdqrO9Smb9lg1f5OwLYK/1ik2Wu5JoCu3Y1TqM8CqcPScfiqx9AawnX6JYuyA51
qDaGsVzhg2CJd/1R7mEvrsX2iYh1wG+7ZNw3+9PYPgOUx4pvcH9y3y7Jc9Qu5Cy2
PnKQtQvCnU/DVaQnoZUTzFV+St2CVjYYkW6O/SW30rLI6EG2ofJlb7mEMB3d+jPi
WfoblQ1BJtaDzsz3SUd8KK4XvJP8Z02N8H80RGmu4J4dbexKZB+yagOYAvwtQ3e5
tIIjxPfPJYY/wkmHChzxLOplpl8W3yL2MFwzZ1U3OwIDAQABMA0GCSqGSIb3DQEB
BQUAA4IBAQCbnAF6z1ePyFHOnPFHw7SuJ7MZ445ccoJDC6f5nbKmXtmJqYehYifE
zI9cE5U7HYPCmOOlOZwmrAunH65c/MIw5XW7skOGjq/moqWkXYPKBXIiSN8UsPtz
MUKQqQEtfhOnJSy/080vMuAcS0scrthyylyCu9i5jAw33PxkMzbPgGtSSKcmAYDs
JB5XneWUmKHqYW9x9yjzW5lLUm2XnbIKtlC9XVXMC3Pp3hEvPVOdBqVvOrPSKNyU
djiI0xTIUhgnJMfFM/JeILgLB+Hrv0DZ11TP4bc9HfDB1LN1RMswLCV14qqofQaH
cDu6Qhefk2xJ3np+C/hfdjoNlns4MDCR
-----END CERTIFICATE-----
subject=/C=KR/ST=Seoul/L=Gangnamgu/O=AA+/OU=AA+/CN=aaplus.pe.kr
issuer=/C=KR/ST=Seoul/L=Gangnamgu/O=AA+/OU=AA+/CN=aaplus.pe.kr
---
No client certificate CA names sent
---
SSL handshake has read 1531 bytes and written 448 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 8C3888593AC2E6FFE9F9ED0B288681D57F251210CA610751E0AB9298E0DA1331
    Session-ID-ctx: 
    Master-Key: 1D8ECDBD58CDD91065B4BB6320E73BB6E1A870484E2F345C80983A2B7B89857155DB9340DD58D32604275FF092DD7B63
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 2b ee c2 be ba a5 ea 6c-5e ac cf bb d3 9d 20 af   +......l^..... .
    0010 - f2 5b 53 4e 2c 11 b0 65-f8 5a 7d e4 1a 5c f8 b0   .[SN,..e.Z}..\..
    0020 - 76 e7 12 23 18 82 eb 95-fc fe 2d 59 10 86 74 aa   v..#......-Y..t.
    0030 - f1 5b fe a5 6d 48 8a 0a-bd 5c 6b 76 bb a6 dd 48   .[..mH...\kv...H
    0040 - a5 41 d2 79 8b b4 19 d4-26 8f 57 c1 9c 31 31 15   .A.y....&.W..11.
    0050 - 2c c0 49 27 6c 83 e5 af-2a c8 ec f2 35 ca 4a 67   ,.I'l...*...5.Jg
    0060 - b1 4d 0c 78 10 e8 a8 d9-63 54 aa c9 79 7b c6 0c   .M.x....cT..y{..
    0070 - 82 ca c4 36 12 25 b0 52-a1 06 ba ed cc e0 e7 78   ...6.%.R.......x
    0080 - fa 8c d8 92 d6 0e d0 3b-73 59 49 e6 f0 37 4f bc   .......;sYI..7O.
    0090 - 75 c5 69 ed 17 cc c8 d7-28 79 0c 7f cf 80 ea 08   u.i.....(y......
    00a0 - f9 d2 d4 ad b6 a6 ba bf-d1 2c 3d b5 06 98 9b a0   .........,=.....
    00b0 - c7 ef 40 69 da 9e 10 8a-3d b3 bb 5d 5c 39 0f b9   ..@i....=..]\9..

    Start Time: 1367853128
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---


4. virtual host별 Access log 출력 확인



[/etc/hosts DNS 추가]
$ vi /etc/hosts
--------------------------
#### AA+ DNS ####
127.0.0.1 localhost
127.0.0.1 www.aaplus.pe.kr
127.0.0.1 aa1.aaplus.pe.kr
127.0.0.1 aa2.aaplus.pe.kr
--------------------------



############  [Reference]  ################
0. apache
http://httpd.apache.org/docs/2.4/install.html

1. configure, make, make install, make clean ...
http://kldp.org/node/21959

2. apache, jboss 설치
http://www.openlogic.com/blog/bid/247607/JBoss-AS7-Clustering-Using-mod_cluster-and-http-2-4-Part-1

3. apache + openssl  설치
http://jmnote.com/wiki/%EA%B0%9C%EC%9D%B8%EC%84%9C%EB%AA%85_SSL_%EC%9D%B8%EC%A6%9D%EC%84%9C_%EC%83%9D%EC%84%B1
http://linuxism.tistory.com/470
http://stackoverflow.com/questions/8188158/building-and-configuring-apr-util-and-httpd-to-use-apr-iconv-on-linux