◆进入nginx的conf目录下,把密钥对放到conf目录下
[root@wjh-01 ~]# cd /usr/local/nginx/conf/
◆看有没有openssl命令,没有要装那个包
[root@wjh-01 ~]# rpm -qf `which openssl`
openssl-1.0.1e-60.el7_3.1.x86_64
◆用openssl命令生成一个rsa格式名字是tmp.key长度是2048的私钥
[root@wjh-01 ~]# openssl genrsa -des3 -out tmp.key 2048
Generating RSA private key, 2048 bit long modulus
........+++
.................................+++
e is 65537 (0x10001)
Enter pass phrase for tmp.key: #输入私钥的密码
Verifying - Enter pass phrase for tmp.key: #再次输入一次
◆把刚才生成有密码的私钥转换成没有密码的私钥
[root@wjh-01 ~]# openssl rsa -in tmp.key -out wjh.key
Enter pass phrase for tmp.key: #输入要转换私钥的密码
writing RSA key
◆tmp.key 和 wjh.key都是私钥,把tmp.key删除
[root@wjh-01 ~]# rm -rf tmp.key
◆生成证书请求文件,需要拿这个文件和私钥一起生产公钥文件
[root@wjh-01 ~]# openssl req -new -key wjh.key -out wjh.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:11
State or Province Name (full name) []:wang
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:wang
Organizational Unit Name (eg, section) []:wang
Common Name (eg, your name or your server's hostname) []:wjh
Email Address []:wjh@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:111111
An optional company name []:11^H^H^H
◆产生公钥
[root@wjh-01 ~]# openssl x509 -req -days 365 -in wjh.csr -signkey wjh.key -out wjh.crt
Signature ok
subject=/C=11/ST=wang/L=beijing/O=wang/OU=wang/CN=wjh/emailAddress=wjh@qq.com
Getting Private key
◆产生的三个文件