...... 一个只会用java的男人
1、生成证书和key
openssl pkcs12 -in /usr/local/nginx/ssl/xxx.pfx -clcerts -nokeys -out /usr/local/nginx/ssl/xxx.crt
openssl pkcs12 -in /usr/local/nginx/ssl/xxx.pfx -nocerts -nodes -out /usr/local/nginx/ssl/xxx.rsa
2、验证证书
openssl s_server -www -accept 443 -cert /usr/local/nginx/ssl/xxx.crt -key /usr/local/nginx/ssl/xxx.rsa
如果返回证书的失效日期,就代表是有效证书。
3、配置nginx
ssl_certificate /usr/local/nginx/XXX.crt;
ssl_certificate_key /usr/local/nginx/XXX.rsa;
ssl_session_timeout 10m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
4、重启nginx
5、谷歌浏览器可以很方便看到你的证书生效、失效日期哦