安装openssl
- 从 https://www.openssl.org/source/openssl-1.0.1g.tar.gz 下载安装文件
- tar -zxf openssl-1.0.1g.tar.gz
- cd openssl-1.0.1g
- ./config
- make
- make test
- make install
- mv /usr/bin/openssl /root/
- ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
- openssl version
创建证书
- openssl genrsa -des3 -out api.bz.key 1024
- openssl req -new -key api.bz.key -out api.bz.csr
- openssl rsa -in api.bz.key -out api.bz_nopass.key
- openssl x509 -req -days 365 -in api.bz.csr -signkey api.bz.key -out api.bz.crt
配置ningx
server {
server_name YOUR_DOMAINNAME_HERE;
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/api.bz.crt;
ssl_certificate_key /usr/local/nginx/conf/api.bz_nopass.key;
# 若ssl_certificate_key使用api.bz.key,则每次启动Nginx服务器都要求输入key的密码。
}
重启ningx。