- 创建openssl所需的配置文件localhost.conf
[ req ]
default_bits = 2048 # RSA的2048是公认较比较安全的key长度
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = NY
localityName = Locality Name (eg, city)
localityName_default = New York
organizationName = Organization Name (eg, company)
organizationName_default = Example, LLC
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Company
emailAddress = Email Address
emailAddress_default = test@example.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = 192.168.56.26 # 注意这里一般改为自己本地的ip或者域名
- 生成证书
localhost.crt
,localhost.key
openssl 运行命令
./openssl.exe req -config localhost.conf -new -sha256 -newkey rsa:2048 -nodes -keyout localhost.key -x509 -days 365 -out localhost.crt
- 拷贝证书到
nginx-1.18.0\conf\ssl
目录(新建ssl)下 - 配置nginx
nginx.conf增加server配置项
server {
listen 443 ssl; # 不变
ssl_certificate ssl/localhost.crt;
ssl_certificate_key ssl/localhost.key;
# ssl_certificate ssl/192.168.56.26.crt; # 指向证书地址,ps:相对路径是相对与nginx.conf目录
# ssl_certificate_key ssl/192.168.56.26.key; # 指向证书地址,ps:相对路径是相对与nginx.conf目录
location /p {
alias E:/p;
index index.html index.htm;
}
}
- ./nginx.exe -t 验证config是否ok,./nginx.exe -s reload 重启
- 访问https://192.168.56.26/p/demo.html