OpenSSL生成证书
生成命令
生成根证书的私钥
openssl genrsa -des3 -out server.key 2048
创建服务器证书的申请文件server.csr
openssl req -new -key server.key -out server.csr
去除文件口令,复制server.key并重命名server.key.org
openssl rsa -in server.key.org -out server.key
创建服务器证书(有效期十年)
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
nginx配置示例
server {
listen 443 ssl;
server_name localhost;
ssl_certificate D:\\nginx-1.23.2\\ssl\\server.crt;
ssl_certificate_key D:\\nginx-1.23.2\\ssl\\server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root D:\\workspace\project;
}
}