Linux服务器上nginx生成ssl证书
1、创建证书存放路径
[root@nginx ~]# mkdir /home/nginx/ssl
[root@nginx ~]# cd /home/nginx/ssl
2、 生成根证书的私钥
[root@nginx ~]# openssl genrsa 1024 > /home/nginx/ssl/server.key genrsa:产生rsa密钥命令 1024: 密钥的长度位数,默认为512
3、 生成证书签署请求,(创建服务器证书的申请文件server.csr)
[root@nginx nginx]# openssl req -new -key /home/nginx/ssl/server.key > /home/nginx/ssl/server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN #国家名称 State or Province Name (full name) []:BJ #州或省名称 Locality Name (eg, city) [Default City]:BJ #城市 Organization Name (eg, company) [Default Company Ltd]:xiaoguaishou #组织名称(例如,公司) Organizational Unit Name (eg, section) []:OP #组织单位名称(例如,部门) Common Name (eg, your name or your server's hostname) []:127.0.0.1 #通用名称(例如,您的名称或服务器主机名) Email Address []:xiaoguaishou@qq.com #电子邮件地址 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:test@123 #密码 An optional company name []:xiaoguaishou #可选公司名称
4、 创建服务器证书(有效期十年)
[root@nginx nginx]# openssl req -x509 -days 3650 -key /home/nginx/ssl/server.key -in /home/nginx/ssl/server.csr > /home/nginx/ssl/server.crt
5、查看生成的证书
[root@nginx ssl]# ls server.crt server.csr server.key #共生成3个文件
6、nginx配置证书
[root@nginx ]# vim /home/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /home/nginx/ssl/server.crt; #证书路径
ssl_certificate_key /home/nginx/ssl/server.key; #证书路径
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
7、重启nginx
[root@nginx nginx]# systemctl restart nginx.service
8、访问,测试
浏览器:https://192.168.61.142
1594
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
