你的浏览器禁用了JavaScript, 请开启后刷新浏览器获得更好的体验!
输入关键字进行搜索
搜索:
没有找到相关结果
nccloud
yum -y install gcc pcre-devel zlib-devel openssl openssl-devel
nginx下载地址:https://nginx.org/download/
选择版本下载,nginx-1.9.9.tar.gz
## 解压
tar -zxvf nginx-1.9.9.tar.gz
##进入nginx目录
cd nginx-1.9.9
## 配置,指定目录增加ssl模块
./configure --prefix=/data/nginx --with-http_stub_status_module --with-http_ssl_module
编译,安装
make && make install
创建ssl文件夹
mkdir ssl && cd ssl
Ø 生成一个RSA密钥
[root@localhost ssl]# openssl genrsa -des3 -out nginx.key 1024 #实际使用中看服务器性能,如果足够好也可以使用4096位秘钥
Generating RSA private key, 1024 bit long modulus
.......++++++
...++++++
e is 65537 (0x10001)
Enter pass phrase for nginx.key: #输入密码,自定义,不少于4个字符
Verifying - Enter pass phrase for nginx.key: #确认密码
Ø 生成一个证书请求
[root@localhost ssl]# openssl req -new -key nginx.key -out nginx.csr
Enter pass phrase for nginx.key: #输入刚刚创建的秘密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #国家名称
State or Province Name (full name) []:ShangHai #省
Locality Name (eg, city) [Default City]:ShangHai #市
Organization Name (eg, company) [Default Company Ltd]:ACBC #公司
Organizational Unit Name (eg, section) []:Tech #部门
Common Name (eg, your name or your server's hostname) []:*.mydomain.com #注意,此处应当填写你要部署的域名,如果是单个则直接添加即可,如果不确定,使用*,表示可以对所有mydomain.com的子域名做认证
Email Address []:admin@mydomain.com #以域名结尾即可
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: #是否设置密码,可以不写直接回车
An optional company name []: #其他公司名称 可不写
Ø 创建不需要输入密码的RSA证书,否则每次reload、restart都需要输入密码
[root@localhost ssl]# openssl rsa -in nginx.key -out nginx_nopass.key
Enter pass phrase for nginx.key: #之前RSA秘钥创建时的密码
writing RSA key
Ø 签发证数
[root@localhost ssl]# openssl x509 -req -days 3650 -in nginx.csr -signkey nginx.key -out nginx.crt
Signature ok
subject=/C=CN/ST=ShangHai/L=ShangHai/O=ACBC/OU=Tech/CN=*.mydomain.com/emailAddress=admin@mydomain.com
Getting Private key
Enter pass phrase for nginx.key: #RSA创建时的密码
修改配置文件(注意域名和443端口)
配置upstream
配置证数文件的地址
配置location
检查配置文件是否正确
重启Nginx
要回复问题请先登录或注册
1 个回复
nccloud
yum -y install gcc pcre-devel zlib-devel openssl openssl-devel
nginx下载地址:https://nginx.org/download/
选择版本下载,nginx-1.9.9.tar.gz
## 解压
tar -zxvf nginx-1.9.9.tar.gz
##进入nginx目录
cd nginx-1.9.9
## 配置,指定目录增加ssl模块
./configure --prefix=/data/nginx --with-http_stub_status_module
--with-http_ssl_module
编译,安装
make && make install
创建ssl文件夹
mkdir ssl && cd ssl
Ø 生成一个RSA密钥
.......++++++...++++++Ø 生成一个证书请求
You are about to be asked to enter information that will be incorporatedinto your certificate request.There are quite a few fields but you can leave some blank-----to be sent with your certificate requestØ 创建不需要输入密码的RSA证书,否则每次reload、restart都需要输入密码
Ø 签发证数
Signature oksubject=/C=CN/ST=ShangHai/L=ShangHai/O=ACBC/OU=Tech/CN=*.mydomain.com/emailAddress=admin@mydomain.comGetting Private key修改配置文件(注意域名和443端口)
配置upstream
配置证数文件的地址
配置location
检查配置文件是否正确
重启Nginx
要回复问题请先登录或注册