1、创建SSL证书
11生产私钥,openssl genrsa -des3 -out xn2lqbcomkey 2048。此命令将生成2048位的RSA私钥,使用DES3算法,私钥文件名可任意命名,在Nginx配置中指定文件路径即可,会提示设定私钥密码,请设置密码,并牢记。
[root@Monitorssl]#opensslgenrsa-des3-outxn2lqbcom2048 GeneratingRSAprivatekey,2048bitlongmodulus ……………………………+++ ………………………………………………+++ eis65537(0x010001) Enterpassphraseforxn2lqbcom: Verifying-Enterpassphraseforxn2lqbcom:
12以上生产的key是有密码的,如果把密码去除,执行如下命令openssl rsa -in xn2lqbcom -out xn2lqbcom_nopwdkey
[root@Monitorssl]#ls xn2lqbcom [root@Monitorssl]#opensslrsa-inxn2lqbcom-outxn2lqbcom_nopwdkey Enterpassphraseforxn2lqbcom: writingRSAkey
13由已生产的私钥生成证书请求文件CSR。openssl rsa -in xn2lqbcom -out xn2lqbcom_nopwdkey
[root@Monitorssl]#opensslrsa-inxn2lqbcom-outxn2lqbcom_nopwdkey Enterpassphraseforxn2lqbcom: writingRSAkey [root@Monitorssl]#opensslreq-new-keyxn2lqbcom-outxn2lqbcomcsr Enterpassphraseforxn2lqbcom: Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN Therearequiteafewfieldsbutyoucanleavesomeblank Forsomefieldstherewillbeadefaultvalue, Ifyouenter’’,thefieldwillbeleftblank —– CountryName(2lettercode)[AU]:CN StateorProvinceName(fullname)[Some-State]:shanghai LocalityName(eg,city)[]:shanghai OrganizationName(eg,company)[InternetWidgitsPtyLtd]:xn2lqbcom OrganizationalUnitName(eg,section)[]:IT CommonName(egserverFQDNorYOURname)[]:xn2lqbcom EmailAddress[]:2223344@qqcom Pleaseenterthefollowing’extra’attributes tobesentwithyourcertificaterequest Achallengepassword[]: Anoptionalcompanyname[]: [root@Monitorssl]#ls xn2lqbcomxn2lqbcomcsrxn2lqbcom_nopwdkey
14证书请求文件CSR文件必须有CA的签名才能形成证书,可以将此CSR发给StartSSL(可免费)、verisign(一大笔钱)等地方由他来验证。也可以自己做CA,自己给自己颁发证书。创建一个自己签署的CA证书。openssl req -new -x509 -days 3650 -key xn2lqbcom -out xn2lqbcomcrt
[root@Monitorssl]#opensslreq-new-x509-days3650-keyxn2lqbcom-outxn2lqbcomcrt xn2lqbcomxn2lqbcomcsrxn2lqbcom_nopwdkey [root@Monitorssl]#opensslreq-new-x509-days3650-keyxn2lqbcom_nopwdkey-outxn2lqbcomcrt Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN Therearequiteafewfieldsbutyoucanleavesomeblank Forsomefieldstherewillbeadefaultvalue, Ifyouenter’’,thefieldwillbeleftblank —– CountryName(2lettercode)[AU]:CN StateorProvinceName(fullname)[Some-State]:Shanghai LocalityName(eg,city)[]:shanghai OrganizationName(eg,company)[InternetWidgitsPtyLtd]:lqbcom OrganizationalUnitName(eg,section)[]:IT CommonName(egserverFQDNorYOURname)[]:xn2lqbcom EmailAddress[]: [root@Monitorssl]#ls xn2lqbcomxn2lqbcomcrtxn2lqbcomcsrxn2lqbcom_nopwdkey
2、配置nginx虚拟主机文件
[root@Monitorssl]#vim/serverconf server{ listen80; server_namexn2lqbcom; root/html/xn2; #rewrite^/()$>
nginx怎么配置ssl可以即允许>
欢迎分享,转载请注明来源:内存溢出
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)