1.浏览器添加.p12客户端证书和CA证书
生成.p12证书:openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
2.nginx配置:(#内容为开启https)
nginx.conf中http块:include /usr/local/nginx/conf.d/*.conf;
conf.d文件夹下*.conf:
server {
listen 89;
#listen 89 ssl;
server_name localhost;
#ssl_certificate ../conf.d/client.crt;#https认证证书
#ssl_certificate_key ../conf.d/client.key;
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_verify_client on;#开启为双向认证,关闭则为单向
location / {
root /build;#静态资源路径
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.ht