nginx ssl
SSL
私钥/etc/pki/CA/
(umask 077;openssl genrsa -out private/cakey.pem 2048)
自签证书
openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
touch index.txt
echo 01 > serial
创建nginx私钥
/etc/nginx/ssl
(umask 077;openssl genrsa -out nginx.key 2048)
创建csr
openssl req -new -key nginx.key -out nginx.csr
签署
openssl ca -in /etc/nginx/ssl/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 365
cp /etc/pki/CA/certs/nginx.crt /etc/nginx/ssl/
nginx配置
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols sslv3 tlsv1.0 tlsv1.1 tlsv1.2;
ssl_session_cache shared:SSL:10m;