创建CA证书
使用openssl生成证书,并应用到nginx的https协议上
1. 安装nginx、openssl
# yum -y install nginx openssl
2. 使用openssl生成私钥与证书
# mkdir -p /root/CA
# cd /root/CA
[root@localhost CA]# openssl genrsa > cert.key
Generating RSA private key, 2048 bit long modulus (2 primes)
..................+++++
...........+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl req -new -x509 -key cert.key > cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:test
Organizational Unit Name (eg, section) []:test
Common Name (e.g. server FQDN or YOUR name) []:catest
Email Address []:test.com.cn
3. 编辑nginx配置文件
# vim /etc/nginx/nginx.conf
修改ssl_certificate 、ssl_certificate_key这两个参数的路径
以下部分取消注释:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/root/CA/cert.pem";
ssl_certificate_key "/root/CA/cert.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
- 重启nginx服务
# systemctl restart nginx
#systemctl stop firewalld
6. 访问网址:https://IP
或https://IP:433
访问成功,页面提示“您的连接不是私密连接”
7. 点击“高级”->"继续前往"
8. 点击左上角“!不安全”->证书
就可以看到自己设置的证书信息啦!
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· 25岁的心里话
· ollama系列01:轻松3步本地部署deepseek,普通电脑可用
· 按钮权限的设计及实现