SSL 보안 서버 인증

결제 안내 보러 가기신용카드 결제, 무통장 입금 안내
고객 센터
1544-4755 내선 번호 : 4
인증서 발급 안내
평일 09:00 ~ 18:00

업무 시간 내에만 처리 가능하며 토/일요일, 공휴일에는 발급 업무가 제한됩니다.

보안 서버 환불 정책
SSL 보안 서버 인증서 구매 후 인증서의 오류로 인해 서버 내에 적용이 불가능 할 경우 1개월 이내 전액 환불해 드립니다.
(단, 개인키 분실, 도메인 변경 및 고객의 변심으로 인한 환불 요청은 제외)

SSL 보안 서버 인증

가장 합리적인 가격의 Sectigo SSL 인증을 통해 귀사의 웹서버에 접속하는 회원들의 개인 정보를 안전하게 보호해 주시기 바랍니다.

Java Based Web Servers : CSR 생성 및 SSL 인증서 적용

본 가이드는 인증서 파일 설정시 참고 예제이며, 고객사 서버에 SSL 설치/적용 성공을 보증하지 않습니다
설정 과정에서 발생하는 다양한 문제에 대한 해결은 보증 대상이 아닙니다 (인증서 자체 오류시 무제한 재발급)
웹서버 자체 설정/작동 관련 사항은 웹서버 매뉴얼 또는 공급사 기술지원을 이용하시기 바랍니다
Java Based Web Servers

Generating a Certificate Signing Request (CSR) using Java Based Web Servers

Use the keytool command to create the key file:
keytool -genkey -keyalg RSA -keystore domain.key -validity 360

If you want to use an alias for the site certificate include -alias yyy (where yyy is the alias name)

(NOTE validity may vary)

The following questions will be asked if not known:
Enter keystore password: (NOTE remember this for later use)
What is your first and last name? - This is the Common Name (Domain Name)
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?

You will then be asked if the information is correct:
Is CN=www.yourdomain.com, OU=Your Oganizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

When you answer 'y' or 'yes' the password is then requested:
Enter key password for <mykey>
NOTE: Make a note of this password
<mykey> is the default alias for the certificate

Use the keytool command to create the CSR file:
keytool -certreq -keyalg RSA -file domain.csr -keystore domain.key

You will be prompted to enter the password.
Enter keystore password:

If the password is correct then the CSR is created.
If the password is incorrect then a password error is displayed.
You will need the text from this CSR when requesting a certificate.


Installing your Certificate on a Tomcat & Apache Server

Step One

You will receive 3 files in a zip file from Comodo.

These must be imported in the correct order:
Root
domain/site certificate

Or you can download root and intermediate CA files from here.

In the following example please replace the example keystore name 'domain.key' with your keystore name.

Use the keytool command to import the certificates as follows:
keytool -import -trustcacerts -alias root -file (insert root certificate file name) -keystore domain.key

Use the same process for the site certificate using the keytool command, if you are using an alias then please include the alias command in the string. Example:
keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key



Step Two

Tomcat will first need a SSL Connector configured before it can accept secure connections.

Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password 'changeit'. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems. -- It is possible to change the filename, password, and even location that Tomcat looks for the keystore. If you need to do this, pay special attention to #8 of Option 1 or #5 of Option 2 below.



Option 1 -- Add an SSL Connector using admintool:

1. Start Tomcat
2. Enter 'http://localhost:8080/admin' in a local browser to start admintool
3. Type a username and password with administrator rights
4. On the left select 'Service' (Java Web Services Developer Pack)
5. Select 'Create New Connector' from the drop-down list on the right
6. Choose 'HTTPS' in the 'Type' field
7. In the 'Port' field, enter '443'. This defines the TCP/IP port number on which Tomcat will listen for secure connections
8. Enter the Keystore Name and Keystore Password if (a.) your keystore is named something other than .keystore, (b.) if .keystore is located in a directory other than the home directory of the machine on which Tomcat is running, or if (c.) the password is something other than the default value of 'changeit'. If you have used the default values, you can leave these fields blank.
9. Select 'Save' to save the new Connector Select
10. 'Commit Changes' to save the new Connector information to the server.xml file so that it is available the next time Tomcat is started


Option 2 -- Configure the SSL Connector in server.xml:

1. Copy your keystore file (your_domain.key) to the home directory (see the Note above)
2. Open the file Home_Directory/conf/server.xml in a text editor
3. Uncomment the 'SSL Connector' Configuration
4. Make sure that the 'Connector Port' is 443
5. If your keystore filename is something other than the default file name (.keystore) and/or your keystore password is something other than default ('changeit') then you will need to specify the correct keystore filename and/or password in your connector configuration -- ex. keypass="newpassword". When you are done your connector should look something like this:

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/user_name/your_domain.key" keypass="your_keystore_password"/>

6. Save the changes to server.xml
7. Restart Tomcat
출처: COMODO http://ssl.comodo.com/