一、证书准备
下载CA证书,在此我下载下来的文件是IntermediateCA.cer和ssl_certificate.cer
二、Key证书转换
openssl pkcs12 -in domain_name_privatekey.p12 -out domain_name.key -nocerts -nodes
三、生成CRT证书
cat ssl_certificate.cer IntermediateCA.cer >>
domain_name.crt
四、nginx配置
server {
listen 80;
server_name www.domain.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name www.domain.com;
ssl on;
ssl_certificate /path/domain_name.crt;
ssl_certificate_key /path/domain_name.key;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /data/web/www;
index index.html;
}
}
五、如果有后台API,需要视情况升级修改。