위즈네트 아카데미

TUTORIAL

튜토리얼

Home  > 튜토리얼

Wireless WizFi250을 SSL Server 로 설정 및 테스트 하기

WIZnet Academy 2014.10.21 14:41 조회 수 : 42

WizFi250 은 한정적이기는 하지만 SSL Server 로 동작하며, 자체 Certificate 를 가질 수 있습니다.

이번 포스팅에서는 WizFi250에 기본적으로 포함된 Certificate (위즈네트 자체 제작) 정보를 확인해보고 WizFi250을 SSL Server 로 하여 통신 테스트를 진행하는 방법에 대해서 설명합니다.

먼저 AT+MCERT 명령을 이용해서 WizFi250에서 인증서와 키를 추출합니다.

[sourcecode language="plain"]
AT+MCERT=r,c
-----BEGIN CERTIFICATE-----
MIIDpTCCAo0CAQEwDQYJKoZIhvcNAQEFBQAwgZcxCzAJBgNVBAYTAktSMRMwEQYD
VQQIDApHZW9uZ2dpLURvMRQwEgYDVQQHDAtTZW9uZ25hbS1TaTENMAsGA1UECgwE
V25ldDETMBEGA1UECwwKV2ktRmkgVGVhbTEVMBMGA1UEAwwMd2l6bmV0LmNvLmty
MSIwIAYJKoZIhvcNAQkBFhN3aXpuZXRAd2l6bmV0LmNvLmtyMB4XDTEzMDUyMDA3
MTUwNFoXDTE1MDUyMDA3MTUwNFowgZgxCzAJBgNVBAYTAktSMRMwEQYDVQQIDApH
ZW9uZ2dpLURvMRQwEgYDVQQHDAtTZW9uZ25hbS1TaTEPMA0GA1UECgwGV0labmV0
MRIwEAYDVQQLDAlXaS1GaSBUZW0xFTATBgNVBAMMDHdpem5ldC5jby5rcjEiMCAG
CSqGSIb3DQEJARYTd2l6bmV0QHdpem5ldC5jby5rcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAK66ssTgrEQnAUU7dcrWpx8u59eDrg11DGGZHopSFCd9
IZICf3gCiv0HEMILtVyCvSUZv2e1nTZ6OvKUX+8cHqbK9l0kmOtXXdaX+ZHpvAzG
DpCbxbXL/RupELNKnCgyV95BggZSWFMlrLHscykffdJKUUQmAGj7NdZh/nXqAIAs
lmp2xdtaco3PdI0zVq7BnIiKoQoEab0QHHLnwfdsEVufq61c5dQAnwAX2z4mfGLl
oy2QIptf9QgD/8wxy/GWLNOxnlxQQp5BqE+T+Xd2O/qB5NXUv39CS6rdh5avFHKs
Cl9fhHYHDU4Hz7dAoujZaVEanziSRrcnfVXyGXr5HyECAwEAATANBgkqhkiG9w0B
AQUFAAOCAQEAbY0mJH9SCJi8oeaNitLyUSDoaRWDnfA1K0iuQqiVtin4r+pxydbb
QY4UTl6CtI7tLrTWCPUpgn/eLMpNPpD2LMrUjUd5wtQsXcoROwSN7ImBqt6XX/W+
................................................................
................................................................
................................................................
XzVVcwYGyL5CV2HGISJM5YOiNGl5DsGFig==
-----END CERTIFICATE-----

[OK]

AT+MCERT=r,k
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEArrqyxOCsRCcBRTt1ytanHy7n14OuDXUMYZkeilIUJ30hkgJ/
eAKK/QcQwgu1XIK9JRm/Z7WdNno68pRf7xwepsr2XSSY61dd1pf5kem8DMYOkJvF
tcv9G6kQs0qcKDJX3kGCBlJYUyWssexzKR990kpRRCYAaPs11mH+deoAgCyWanbF
21pyjc90jTNWrsGciIqhCgRpvRAccufB92wRW5+rrVzl1ACfABfbPiZ8YuWjLZAi
m1/1CAP/zDHL8ZYs07GeXFBCnkGoT5P5d3Y7+oHk1dS/f0JLqt2Hlq8UcqwKX1+E
dgcNTgfPt0Ci6NlpURqfOJJGtyd9VfIZevkfIQIDAQABAoIBABn2b93FLJOr4Apz
fVs4bfi6NYTWciRZwg82e00+SPRdKYHSkTI53oEebaUHrFkkrAo5OzGj0MppexzU
YzTaTsul2NmaOIavoqfiSRkfS+vx+fQO0V/kAaX8hxi8+1sVr+y8ex+JWMpyDKkb
Yzk3DrESjeS8aM8wlJ1YTkEjFhP1TRFtK4GJc25MOJvl2cg7oswANseKgtMvjR+S
r/ZvWEzeOiDGJxsXrWZgR5TbM++6zWfHC6kR/0CqA1PO9uTAuAR0oei/EiJRtJOa
vRjSPWCnelcUgL+YH7iaF6akD/L/WHM1UmmGrSnxaKy9s76cfq3q8v7TWh/E47fj
AQrOxeECgYEA5Jr1ZJ3KYFrtdJyngnPQpJYW0/xsrmR3rjoQf0bTEhGejBLAN1Ih
TxaUq84Fvaj8FnOGUv+Wu8yBH6Vp6FWnDBTpS61MM02hA500NUarI0bf2Qu7E9xU
PqLoUM2IWsQ3T5o3IocE08iQSmOoUjoRwmu/sdA0jnr2CdjeAWyP1j0CgYEAw6r1
LwKmmfXm6xAvkFm25VgcWBMUVLkDQo2Zz0CtpA+8EB6t7iVeKzYtzO4wLpYxVz14
ZXOSvqgn3TY7Ht8V9mOzfiEH3/Vo4zrHOHN6pcvZR2XQEQDc7bp2pzrU2LoYGjyD
xbQX3lXr9rt6cDiUTWXqwWf9KZAUjAWadS0RnrUCgYA/zzUR2a1kidzgAN4M3rDt
T+udTkczwl1Zp2F1dVpzH7HmnVFD38vmXIIxFnepweJjjel/f1Iep22fXLecH1Ra
XffkpMGxTEjWTmoFOO2KEj1nQwv79jMZrLU14LjfxQc/U+dx3sgtKT2FVh3kncrZ
PuQqCNiysIW+p+cH9LqNbQKBgDNEEJdvl10Ra549EGk+yEfQzSRaY2JLU0pVtW3y
4Uvx/3EtyJ5z1fd2a4udAKzEF0tnRKs4G8OuZTt1YQoWozd6KeYrG1gXgZK/rMDi
................................................................
................................................................
................................................................
FkSR7svgvCaEl7pX063qAZawAQUllVHRL4fbXOzqq2LdENU84FHV
-----END RSA PRIVATE KEY-----

[OK]
[/sourcecode]

위에서 추출된 인증서와 키를 텍스트 파일로 저장합니다. (BEGIN 라인부터 END라인까지)
• WizFi250-Cert.crt
• WizFi250-Key.key

추출된 인증서 정보를 openssl을 이용하여 확인하면 아래와 같습니다.

[sourcecode langunage="plain"]
D:openssl-test>openssl x509 -text -noout -in WizFi250-Cert.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=KR, ST=Geonggi-Do, L=Seongnam-Si, O=Wnet, OU=Wi-Fi Team, CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
Validity
Not Before: May 20 07:15:04 2013 GMT
Not After : May 20 07:15:04 2015 GMT
Subject: C=KR, ST=Geonggi-Do, L=Seongnam-Si, O=WIZnet, OU=Wi-Fi Tem, CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:ba:b2:c4:e0:ac:44:27:01:45:3b:75:ca:d6:
a7:1f:2e:e7:d7:83:ae:0d:75:0c:61:99:1e:8a:52:
14:27:7d:21:92:02:7f:78:02:8a:fd:07:10:c2:0b:
b5:5c:82:bd:25:19:bf:67:b5:9d:36:7a:3a:f2:94:
5f:ef:1c:1e:a6:ca:f6:5d:24:98:eb:57:5d:d6:97:
f9:91:e9:bc:0c:c6:0e:90:9b:c5:b5:cb:fd:1b:a9:
10:b3:4a:9c:28:32:57:de:41:82:06:52:58:53:25:
ac:b1:ec:73:29:1f:7d:d2:4a:51:44:26:00:68:fb:
35:d6:61:fe:75:ea:00:80:2c:96:6a:76:c5:db:5a:
72:8d:cf:74:8d:33:56:ae:c1:9c:88:8a:a1:0a:04:
69:bd:10:1c:72:e7:c1:f7:6c:11:5b:9f:ab:ad:5c:
e5:d4:00:9f:00:17:db:3e:26:7c:62:e5:a3:2d:90:
22:9b:5f:f5:08:03:ff:cc:31:cb:f1:96:2c:d3:b1:
9e:5c:50:42:9e:41:a8:4f:93:f9:77:76:3b:fa:81:
............................................:
............................................:
............................................:
1f:21
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
6d:8d:26:24:7f:52:08:98:bc:a1:e6:8d:8a:d2:f2:51:20:e8:
69:15:83:9d:f0:35:2b:48:ae:42:a8:95:b6:29:f8:af:ea:71:
c9:d6:db:41:8e:14:4e:5e:82:b4:8e:ed:2e:b4:d6:08:f5:29:
82:7f:de:2c:ca:4d:3e:90:f6:2c:ca:d4:8d:47:79:c2:d4:2c:
5d:ca:11:3b:04:8d:ec:89:81:aa:de:97:5f:f5:be:76:b2:60:
8d:7b:ce:48:e7:27:48:32:7e:05:ef:73:aa:06:66:9f:b9:4c:
91:b3:c4:09:b8:f8:63:15:b6:b0:58:9c:85:cc:80:51:a9:f1:
08:ca:8c:b1:45:70:72:63:67:5d:9d:08:29:66:f0:86:8f:ed:
7e:1a:2a:ec:de:db:48:07:bc:0c:6e:e5:6b:ec:4c:63:16:92:
79:fd:63:df:50:d4:7e:15:24:1b:3a:89:75:92:5f:6b:0f:13:
eb:98:fd:d7:15:d5:fb:65:df:aa:e7:c8:66:29:ce:2f:97:d8:
ff:58:90:91:3e:5b:f6:c1:80:b5:88:09:be:c3:44:71:59:9f:
.....................................................:
.....................................................:
.....................................................:
0e:c1:85:8a
[/sourcecode]

위에서 확인한 것 처럼 WizFi250의 인증서에는 기본적인 발급 정보가 있고, 인증서의 유효기간은 2015년까지인 것으로 확인되었습니다.

이제 Open SSL의 SSL Client 를 이용하여 실제적인 SSL 데이터 통신을 해보겠습니다.
Open SSL 의 SSL Client로 WizFi250의 SSL Server 에 접속하면 아래 로그처럼 일련의 Handshaking 과정을 거친 후에 데이터 송/수신이 가능하게 됩니다.
WizFi250-SSL-Test1

 

 

WizFi250-SSL-Test2

[sourcecode language="plain"]
D:openssl-test>openssl s_client -connect 192.168.3.12:5000
Loading 'screen' into random state - done
CONNECTED(00000768)
depth=0 C = KR, ST = Geonggi-Do, L = Seongnam-Si, O = WIZnet, OU = Wi-Fi Tem, CN = wiznet.co.kr, emailAddress = wiznet@wiznet.co.kr
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = KR, ST = Geonggi-Do, L = Seongnam-Si, O = WIZnet, OU = Wi-Fi Tem, CN = wiznet.co.kr, emailAddress = wiznet@wiznet.co.kr
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = KR, ST = Geonggi-Do, L = Seongnam-Si, O = WIZnet, OU = Wi-Fi Tem, CN = wiznet.co.kr, emailAddress = wiznet@wiznet.co.kr
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=KR/ST=Geonggi-Do/L=Seongnam-Si/O=WIZnet/OU=Wi-Fi Tem/CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
i:/C=KR/ST=Geonggi-Do/L=Seongnam-Si/O=Wnet/OU=Wi-Fi Team/CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDpTCCAo0CAQEwDQYJKoZIhvcNAQEFBQAwgZcxCzAJBgNVBAYTAktSMRMwEQYD
VQQIDApHZW9uZ2dpLURvMRQwEgYDVQQHDAtTZW9uZ25hbS1TaTENMAsGA1UECgwE
V25ldDETMBEGA1UECwwKV2ktRmkgVGVhbTEVMBMGA1UEAwwMd2l6bmV0LmNvLmty
MSIwIAYJKoZIhvcNAQkBFhN3aXpuZXRAd2l6bmV0LmNvLmtyMB4XDTEzMDUyMDA3
MTUwNFoXDTE1MDUyMDA3MTUwNFowgZgxCzAJBgNVBAYTAktSMRMwEQYDVQQIDApH
ZW9uZ2dpLURvMRQwEgYDVQQHDAtTZW9uZ25hbS1TaTEPMA0GA1UECgwGV0labmV0
MRIwEAYDVQQLDAlXaS1GaSBUZW0xFTATBgNVBAMMDHdpem5ldC5jby5rcjEiMCAG
CSqGSIb3DQEJARYTd2l6bmV0QHdpem5ldC5jby5rcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAK66ssTgrEQnAUU7dcrWpx8u59eDrg11DGGZHopSFCd9
IZICf3gCiv0HEMILtVyCvSUZv2e1nTZ6OvKUX+8cHqbK9l0kmOtXXdaX+ZHpvAzG
DpCbxbXL/RupELNKnCgyV95BggZSWFMlrLHscykffdJKUUQmAGj7NdZh/nXqAIAs
lmp2xdtaco3PdI0zVq7BnIiKoQoEab0QHHLnwfdsEVufq61c5dQAnwAX2z4mfGLl
oy2QIptf9QgD/8wxy/GWLNOxnlxQQp5BqE+T+Xd2O/qB5NXUv39CS6rdh5avFHKs
Cl9fhHYHDU4Hz7dAoujZaVEanziSRrcnfVXyGXr5HyECAwEAATANBgkqhkiG9w0B
AQUFAAOCAQEAbY0mJH9SCJi8oeaNitLyUSDoaRWDnfA1K0iuQqiVtin4r+pxydbb
QY4UTl6CtI7tLrTWCPUpgn/eLMpNPpD2LMrUjUd5wtQsXcoROwSN7ImBqt6XX/W+
................................................................
................................................................
................................................................
XzVVcwYGyL5CV2HGISJM5YOiNGl5DsGFig==
-----END CERTIFICATE-----
subject=/C=KR/ST=Geonggi-Do/L=Seongnam-Si/O=WIZnet/OU=Wi-Fi Tem/CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
issuer=/C=KR/ST=Geonggi-Do/L=Seongnam-Si/O=Wnet/OU=Wi-Fi Team/CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
---
No client certificate CA names sent
---
SSL handshake has read 1099 bytes and written 536 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 811ADB75B41B31D00E47F125E74633F86320D610D07332CE1E3E53209893F30A
Session-ID-ctx:
Master-Key: F189891352B239D68FB8A2C22D16EF255BD46675B6A1AFC511C7F3CC2A5743E3297A5AC1842891E491EE1BD3D876C30E
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1412156542
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
Hello SSL Server
[/sourcecode]

☞출처 : Steve Kim 의 IoT WiFi This+