nginx ssl

SSL

私钥/etc/pki/CA/

  (umask 077;openssl genrsa -out private/cakey.pem 2048)

自签证书

  openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365

  touch index.txt

  echo 01 > serial

 

创建nginx私钥

/etc/nginx/ssl

(umask 077;openssl genrsa -out nginx.key 2048)

创建csr

  openssl req -new -key nginx.key -out nginx.csr

 

签署

openssl ca -in /etc/nginx/ssl/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 365

 

cp /etc/pki/CA/certs/nginx.crt /etc/nginx/ssl/

 

 

nginx配置

 listen 443 ssl;

 

ssl on;

ssl_certificate /etc/nginx/ssl/nginx.crt;

ssl_certificate_key /etc/nginx/ssl/nginx.key;

ssl_protocols sslv3 tlsv1.0 tlsv1.1 tlsv1.2;

ssl_session_cache shared:SSL:10m;

posted @ 2019-12-04 22:41  风起时只有我在  阅读(817)  评论(0编辑  收藏  举报