1.新建证书存放路径(/usr/local/nginx目录下)
mkdir ssl
2.生成一个RSA私钥(/usr/local/nginx/ssl目录下)
openssl genrsa -des3 -out server.key 2048
3.创建csr证书
openssl req -new -key server.key -out server.csr
输入私钥密码------->国家(zh)------>省份(浙江)----->城市(杭州)------>公司名称------->组织-------->公司域名-------->邮箱-------->私钥密码
4.生成crt证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl rsa -in server.key -out server_unsecure.key
5.nginx配置
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/server_unsecure.key;
ssl_protocols SSLv2 SSLv3 TLSV1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; #ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;