windows下本地搭建https服务器

最新推荐文章于 2024-08-12 06:30:00 发布

PeakXin

最新推荐文章于 2024-08-12 06:30:00 发布

阅读量1.9k

点赞数

分类专栏： Web服务器 & 运维文章标签： SSL证书 HTTPS服务器

本文链接：https://blog.csdn.net/xinyflove/article/details/121648227

版权

Web服务器 & 运维专栏收录该内容

16 篇文章 0 订阅

订阅专栏

本文详细介绍了如何使用openssl命令行工具生成RSA私钥和证书请求，以及如何签署服务器证书。接着，展示了如何配置Nginx以使用生成的SSL证书，确保HTTPS安全连接。这一过程包括设置ssl证书路径、配置加密套件和协议，以及调整其他Nginx服务器块的参数。

摘要由CSDN通过智能技术生成

使用工具

使用git的命令行工具或者cmder
注意使用cmd命令行是不行的, cmd命令行并不能识别openssl命令

openssl genrsa 命令介绍

openssl genrsa 命令是会用来生成 RSA 私有秘钥，不会生成公钥，因为公钥提取自私钥。生成时是可以指定私钥长度和密码保护。
如果需要查看公钥或生成公钥，可以使用 openssl rsa 命令。

创建私钥

生成秘钥是生成证书的前提

生成长度为 1024 的秘钥

$ openssl genrsa -out certificate.key 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
...+++++
...............................................+++++
e is 65537 (0x010001)

创建证书请求

需要输入一些列信息，最重要的是Common Name表示要使用https访问的域名

$ openssl req -new -out certificate.csr -key certificate.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:ShanDong
Locality Name (eg, city) []:QingDao
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:chisheng.xin
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:

签署服务器证书

$ openssl x509 -req -in certificate.csr -out certificate.pem -signkey certificate.key -days 3650
Signature ok
subject=C = CN, ST = ShanDong, L = QingDao, O = Internet Widgits Pty Ltd, CN = chisheng.xin
Getting Private key

配置Nginx

我这里使用的是PHPstudy配置文件

server {
        listen        443 ssl;
		ssl_certificate D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/certificate.pem;
		ssl_certificate_key D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/certificate.key;
		ssl_session_timeout 5m;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;
        server_name  chisheng.xin;
        root   "D:/phpstudy_pro/WWW/chisheng.xin";
        location / {
            index index.php index.html error/index.html;
            error_page 400 /error/400.html;
            error_page 403 /error/403.html;
            error_page 404 /error/404.html;
            error_page 500 /error/500.html;
            error_page 501 /error/501.html;
            error_page 502 /error/502.html;
            error_page 503 /error/503.html;
            error_page 504 /error/504.html;
            error_page 505 /error/505.html;
            error_page 506 /error/506.html;
            error_page 507 /error/507.html;
            error_page 509 /error/509.html;
            error_page 510 /error/510.html;
            include D:/phpstudy_pro/WWW/chisheng.xin/nginx.htaccess;
            autoindex  off;
        }
        location ~ \.php(.*)$ {
            fastcgi_pass   127.0.0.1:9004;
            fastcgi_index  index.php;
            fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  PATH_INFO  $fastcgi_path_info;
            fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
            include        fastcgi_params;
        }
}