https配置 +对称加密和非对称加密+ca证书

最新推荐文章于 2024-04-06 12:01:44 发布

liuhehe321

最新推荐文章于 2024-04-06 12:01:44 发布

阅读量270

点赞数

分类专栏： nginx

本文链接：https://blog.csdn.net/nmjhehe/article/details/100186966

版权

nginx 专栏收录该内容

5 篇文章 0 订阅

订阅专栏

对称加密

非对称加密

HTTPS加密原理

生成证书key秘钥

root@ubuntu-128:/etc/nginx/ssl_key2# openssl genrsa -idea -out jack.key 1024
usage: genrsa [args] [numbits]
 -des            encrypt the generated key with DES in cbc mode
 -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)
 -seed
                 encrypt PEM output with cbc seed
 -aes128, -aes192, -aes256
                 encrypt PEM output with cbc aes
 -camellia128, -camellia192, -camellia256
                 encrypt PEM output with cbc camellia
 -out file       output the key to 'file
 -passout arg    output file pass phrase source
 -f4             use F4 (0x10001) for the E value
 -3              use 3 for the E value
 -engine e       use engine e, possibly a hardware device.
 -rand file:file:...
                 load the file (or the files in the directory) into
                 the random number generator
root@ubuntu-128:/etc/nginx/ssl_key2# openssl genrsa  -out jack.key 1024
Generating RSA private key, 1024 bit long modulus
..............................................................++++++
......................++++++
e is 65537 (0x10001)

生成证书签名请求文件

root@ubuntu-128:/etc/nginx/ssl_key2# openssl req -new -key jack.key -out jack.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:zhejiang
Locality Name (eg, city) []:hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ailibaba
Organizational Unit Name (eg, section) []:alibaba
Common Name (e.g. server FQDN or YOUR name) []:alibaba
Email Address []:666@163.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:666666
An optional company name []:alibaba
root@ubuntu-128:/etc/nginx/ssl_key2# ll
总用量 16
drwxr-xr-x 2 root root 4096 9月   1 20:42 ./
drwxr-xr-x 6 root root 4096 9月   1 20:39 ../
-rw-r--r-- 1 root root  761 9月   1 20:42 jack.csr
-rw-r--r-- 1 root root  887 9月   1 20:41 jack.key

生成证书签名文件

root@ubuntu-128:/etc/nginx/ssl_key2# openssl x509 -req -days 3650 -in jack.csr -signkey jack.key -out jack.crt
Signature ok
subject=/C=CN/ST=zhejiang/L=hangzhou/O=ailibaba/OU=alibaba/CN=alibaba/emailAddress=666@163.com
Getting Private key
root@ubuntu-128:/etc/nginx/ssl_key2# ls
jack.crt  jack.csr  jack.key

nginx配置文件

server {
    listen       443;
    server_name  192.168.13.128;

    ssl  on;
    ssl_certificate /etc/nginx/ssl_key2/jack.crt;
    ssl_certificate_key /etc/nginx/ssl_key2/jack.key;

    location / {
        root /opt/app/code;
        try_files /cache $uri @java_page;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504 404  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

重启nginx并测试

root@ubuntu-128:/etc/nginx/conf.d# nginx -s reload

查看证书详细信息

liuhehe321

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫

专栏目录